this post was submitted on 06 Apr 2026
15 points (94.1% liked)

NotAwfulTech

567 readers
4 users here now

a community for posting cool tech news you don’t want to sneer at

non-awfulness of tech is not required or else we wouldn’t have any posts

founded 2 years ago
MODERATORS
self@awful.systems
15
A Cryptography Engineer’s Perspective on Quantum Computing Timelines (words.filippo.io)
submitted 3 days ago by corbin@awful.systems to c/notawfultech@awful.systems
9 comments fedilink hide all child comments
 

I'm not gonna dig up the links since I'm sure y'all're already tired of talking about quantum computing. I am going to insist that, while I professionally disagree with Filippo about plenty of things, I do not see any mistakes in their analysis here. Please start thinking about post-quantum cryptographic tooling today.

you are viewing a single comment's thread
view the rest of the comments
[–] aio@awful.systems 10 points 3 days ago (7 children)

I feel like the same "<1%" argument is used to justify a whole lot of things these days. Can you guarantee that there's a <1% chance that someone will come out next year with a paper showing that LWE can be broken efficiently with a quantum algorithm? What about a classical algorithm? I feel like a better argument is needed than just "well you can't be sure it won't happen" because we aren't sure about pretty much anything.

[–] corbin@awful.systems 3 points 2 days ago (1 children)

First, I personally don't yet believe in the cryptographic security of LWE on lattices. I agree that it sure looks hard, but we don't have a solid proof. But also, I don't believe that we've found any provably one-way functions in the classical regime either. So I agree with you from different premises.

Unlucky 10,000: Shor's algorithm speeds up any discrete logarithm. It actually speeds up the abelian HSP. This does give us a theoretical reason to expect that LWE on lattices won't fall to Shor's approach, as the underlying groups are non-abelian. It does make me sad for elliptic curves, though; they're so elegant and the keys are so small.

[–] aio@awful.systems 2 points 2 days ago* (last edited 2 days ago) (2 children)

Not sure what you think my "different premises" are? Also I obviously already know that Shor's algorithm solves the discrete log problem. I don't know why you phrased your comment assuming I'm an idiot.

[–] corbin@awful.systems 3 points 21 hours ago (1 children)

Would an idiot know the difference between abelian and non-abelian group theory? I wasn't trying to underestimate you; I agreed with your position and provided a tangent that opens up your position without compromising it. Next time I'll explicitly say "yes, and" if that will help.

[–] aio@awful.systems 1 points 9 hours ago

Ok next time you should really not do the "lucky 10000" bit, it comes off as very condescending especially if the person you're talking to already knows the thing you're telling them.

[–] YourNetworkIsHaunted@awful.systems 6 points 1 day ago

I will say that, speaking as an idiot, I appreciated the information and the accessibility of many of these very technical conversations here is one of the elements of this community I appreciate. I would be very surprised if it had been meant as any kind of dig instead of explicitly clarifying a usually-unstated bit of context.

load more comments (5 replies)