Last year, my position was that we still had time to design PQ authentication mechanisms.

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Mon, 06 Apr 2026 17:46:42 GMT

flux@mastodon.unwi.re — Mon, 06 Apr 2026 17:46:42 GMT

@filippo @cryptohagen are you following this?

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Thu, 26 Mar 2026 16:32:58 GMT

4raylee@mathstodon.xyz — Thu, 26 Mar 2026 16:32:58 GMT

Scott Aaronson writes:

"I’m going to close this post with a warning. When Frisch and Peierls wrote their now-famous memo in March 1940, estimating the mass of Uranium-235 that would be needed for a fission bomb, they didn’t publish it in a journal, but communicated the result through military channels only. As recently as February 1939, Frisch and Meitner had published in Nature their theoretical explanation of recent experiments, showing that the uranium nucleus could fission when bombarded by neutrons. But by 1940, Frisch and Peierls realized that the time for open publication of these matters had passed.

"Similarly, at some point, the people doing detailed estimates of how many physical qubits and gates it’ll take to break actually deployed cryptosystems using Shor’s algorithm are going to stop publishing those estimates, if for no other reason than the risk of giving too much information to adversaries. Indeed, for all we know, that point may have been passed already. This is the clearest warning that I can offer in public right now about the urgency of migrating to post-quantum cryptosystems, a process that I’m grateful is already underway."

More on whether useful quantum computing is “imminent”

These days, the most common question I get goes something like this: A decade ago, you told people that scalable quantum computing wasn't imminent. Now, though, you claim it plausibly is imminent. Why have you reversed yourself?? I appreciated the friend of mine who paraphrased this as follows: "A decade ago you said you were…

Shtetl-Optimized (scottaaronson.blog)

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Thu, 26 Mar 2026 16:21:12 GMT

ciantic@twit.social — Thu, 26 Mar 2026 16:21:12 GMT

@filippo You got me interested to know what it would look like in authorized_keys, and can it be this short! Looks neat.

ssh-mldsa44-ed25519 434f4d505349472d4d4c44534134342d456432353531392d534841353132

Composite ML-DSA Signatures for SSH

IETF Datatracker (datatracker.ietf.org)

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Thu, 26 Mar 2026 16:20:54 GMT

relishthecracker@infosec.exchange — Thu, 26 Mar 2026 16:20:54 GMT

@freddy @filippo as far as I can tell that timeline is because that is the timeline that has been set by NSA / NIST. Google is probably just trying to protect its access to sell devices / services to the government.

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Thu, 26 Mar 2026 16:07:47 GMT

ikke@ipv6.social — Thu, 26 Mar 2026 16:07:47 GMT

@filippo Interesting, I just cam across https://infosec.exchange/@mttaggart/116163107290977793 the other day, basically saying that it won't be feasible any time soon.

Reply to Last year, my position was that we still had time to design PQ authentication mechanisms. on Thu, 26 Mar 2026 15:46:36 GMT

freddy@social.security.plumbing — Thu, 26 Mar 2026 15:46:36 GMT

@filippo I like their aggressive timeline, but I'm not sure there's any specific argument or reason that explains why it should be expedited. Am I missing something?