Last year, my position was that we still had time to design PQ authentication mechanisms.
-
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
Quantum frontiers may be closer than they appear
An overview of how Google is accelerating its timeline for post-quantum cryptography migration.
Google (blog.google)
-
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
Quantum frontiers may be closer than they appear
An overview of how Google is accelerating its timeline for post-quantum cryptography migration.
Google (blog.google)
@filippo I like their aggressive timeline, but I'm not sure there's any specific argument or reason that explains why it should be expedited. Am I missing something?
-
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
Quantum frontiers may be closer than they appear
An overview of how Google is accelerating its timeline for post-quantum cryptography migration.
Google (blog.google)
@filippo Interesting, I just cam across https://infosec.exchange/@mttaggart/116163107290977793 the other day, basically saying that it won't be feasible any time soon.
-
@filippo I like their aggressive timeline, but I'm not sure there's any specific argument or reason that explains why it should be expedited. Am I missing something?
-
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
Quantum frontiers may be closer than they appear
An overview of how Google is accelerating its timeline for post-quantum cryptography migration.
Google (blog.google)
@filippo You got me interested to know what it would look like in authorized_keys, and can it be this short! Looks neat.
ssh-mldsa44-ed25519 434f4d505349472d4d4c44534134342d456432353531392d534841353132
Composite ML-DSA Signatures for SSH
Composite ML-DSA Signatures for SSH
IETF Datatracker (datatracker.ietf.org)
-
@filippo I like their aggressive timeline, but I'm not sure there's any specific argument or reason that explains why it should be expedited. Am I missing something?
Scott Aaronson writes:
"I’m going to close this post with a warning. When Frisch and Peierls wrote their now-famous memo in March 1940, estimating the mass of Uranium-235 that would be needed for a fission bomb, they didn’t publish it in a journal, but communicated the result through military channels only. As recently as February 1939, Frisch and Meitner had published in Nature their theoretical explanation of recent experiments, showing that the uranium nucleus could fission when bombarded by neutrons. But by 1940, Frisch and Peierls realized that the time for open publication of these matters had passed.
"Similarly, at some point, the people doing detailed estimates of how many physical qubits and gates it’ll take to break actually deployed cryptosystems using Shor’s algorithm are going to stop publishing those estimates, if for no other reason than the risk of giving too much information to adversaries. Indeed, for all we know, that point may have been passed already. This is the clearest warning that I can offer in public right now about the urgency of migrating to post-quantum cryptosystems, a process that I’m grateful is already underway."
More on whether useful quantum computing is “imminent”
These days, the most common question I get goes something like this: A decade ago, you told people that scalable quantum computing wasn't imminent. Now, though, you claim it plausibly is imminent. Why have you reversed yourself?? I appreciated the friend of mine who paraphrased this as follows: "A decade ago you said you were…
Shtetl-Optimized (scottaaronson.blog)
-
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
Quantum frontiers may be closer than they appear
An overview of how Google is accelerating its timeline for post-quantum cryptography migration.
Google (blog.google)
@filippo @cryptohagen are you following this?
-
R relay@relay.mycrowd.ca shared this topic
