Latest Developments in Quantum Cryptography

⚛️ Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey 📑 Post-quantum cryptography (PQC) is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head families, summarizing security assumptions, cryptanalysis, and standardization status. We then compare performance and communication costs using representative, implementation-grounded measurements, and review hardware acceleration (AVX2, FPGA/ASIC) and implementation security with a focus on side-channel resistance. Building upward, we examine protocol integration (TLS, DNSSEC), PKI and certificate hygiene, and deployment in constrained and high-assurance environments (IoT, cloud, finance, blockchain). We also discuss complementarity with quantum technologies (QKD, QRNGs) and the limits of near-term quantum computing. Throughout, we emphasize crypto-agility, hybrid migration, and evidence-based guidance for operators. We conclude with open problems spanning parameter agility, leakage-resilient implementations, and domain-specific rollout playbooks. This survey aims to be a practical reference for researchers and practitioners planning quantum-safe systems, bridging standards, engineering, and operations. ℹ️ Chhetri et al - Texas State University, USA - 2025

Last week #NIST released three post-#quantum #encryption standards. Why is this significant? Put simply, from a practical standpoint: risk management and compliance. First, on risk management: experts now say that quantum computing is less than a decade away. Quantum computers are expected to have the power to search large keyspaces very quickly, which means they will be able to decrypt current encryption. Moreover, it is entirely plausible that encrypted information recorded today is being stored for decryption when quantum computing becomes available. If you speculatively apply quantum-resistant encryption to your data now, you will reduce the risk of an adversary being able to successfully exploit your data when they have access to quantum computing. Second, on compliance: NIST is the governing body for standards in the USA, and many other nations take their encryption standards from NIST, as they do not have resources at the same scale as NIST. You can be certain that NIST-approved post-quantum algorithms will start being mentioned in various compliance checklists, as is the case currently with algorithms such as AES-256 and SHA-256. Note well that these algorithms have #FIPS numbers associated with them - meaning "Federal Information Processing Standard". Briefly, the approved algorithms are: 🔒 ML-KEM, for encrypted key exchange, as FIPS 203 🔒 ML-DSA, for digital signatures, as FIPS 204 🔒 SLH-DSA, for stateless hash-based digital signatures, as FIPS 205 There is a fourth algorithm, FN-DSA, also used for digital signatures, that is expected to be released in the next year.

Headline: China Cracks RSA Encryption Using Quantum Annealing—Global Data Security Now Under Pressure ⸻ Introduction: A Chinese research team has achieved a milestone with profound cybersecurity implications: successfully cracking a small RSA-encrypted integer using a quantum computer. Though modest in scale, this experiment signals that quantum systems are starting to undermine the very cryptographic foundations that secure today’s banking, commerce, and communication systems. The race to build quantum-resistant encryption is no longer theoretical—it’s urgent. ⸻ Key Details 🔓 Cracking RSA with Quantum Annealing • Researchers: Wang Chao and team from Shanghai University. • Hardware Used: A D-Wave Advantage quantum annealer, built by D-Wave Systems. • Achievement: The team factored a 22-bit RSA semiprime integer, a task previously unsolved on this class of hardware. 🔐 What Makes RSA Strong—and Vulnerable • RSA Encryption: Based on the difficulty of factoring large semiprime numbers (products of two primes). • Classical Challenge: Conventional computers require subexponential time to factor 2048-bit keys—considered secure for now. • Largest Cracked Classically: RSA250 (829-bit key) using supercomputers over weeks. • Quantum Approach: The Chinese team translated factorization into a QUBO (Quadratic Unconstrained Binary Optimization) problem, solvable by quantum annealing. 🧠 Why This is a Warning Shot • Early Stage, But Symbolic: While a 22-bit number is trivial by today’s standards, the methodology proves scalability potential. • First Step Toward Quantum Decryption: Demonstrates quantum annealers can be adapted for cryptographic tasks—not just optimization. • Signals Future Risk: Today’s encryption might withstand current tech, but scalable quantum systems could break RSA entirely in years, not decades. ⸻ Why It Matters • Global Cybersecurity Threatened: Banking, defense, healthcare, and internet infrastructure all rely on RSA and similar public-key systems. This experiment shows those systems may soon be obsolete. • Quantum Arms Race Accelerates: The demonstration by Chinese researchers will likely intensify global investment in both quantum computing and post-quantum cryptography. • Urgent Need for Migration: Governments and corporations must begin transitioning to quantum-resistant encryption standards, or risk catastrophic breaches in the near future. • Tactical and Strategic Implications: Countries that master quantum decryption first may gain unparalleled capabilities in espionage, warfare, and economic control. ⸻ Keith King https://lnkd.in/gHPvUttw Arzan Alghanmi

Today was the most significant day for quantum cryptanalysis in years. Two papers published on the same day – same conclusion. Paper 1: Google Quantum AI showed that breaking the ECC protecting Bitcoin and Ethereum requires fewer than 500,000 superconducting qubits and approximately 9 minutes. A 10x reduction in spacetime volume over prior estimates. Verified by a zero-knowledge proof. My analysis: https://lnkd.in/ep2mHJte Paper 2: A team from Oratomic, Caltech, and UC Berkeley showed that the same algorithm runs on as few as 10,000 neutral atom qubits. Fifty times fewer qubits. But days instead of minutes. My analysis: https://lnkd.in/esrKWs56 The TL;DR: breaking cryptocurrency cryptography now has two credible paths. A fast one (superconducting, 500K qubits, minutes - threatens active transactions) and a small one (neutral atoms, 10K–26K qubits, days - threatens dormant wallets and exposed keys). The two papers are not independent. Oratomic's resource estimates build directly on Google's newly published circuit optimizations. Does this bring Q-Day closer? Honestly, not in an absolute sense. Nobody built a 500,000-qubit superconducting machine or a 26,000-atom neutral atom computer overnight. The hard engineering problems remain hard. But that's not the real story. The real story is that the million-qubit comfort margin is dead. A year ago, the standard mental model was "breaking crypto requires millions of qubits, we have decades." Today, we have four independent papers - Gidney (2025), Pinnacle (2026), Google (2026), and now Oratomic (2026) - showing credible paths ranging from 10,000 to 1,000,000 physical qubits across multiple hardware modalities. The diversity of viable architectures is itself the threat. And ECC falls before RSA on every architecture. Google needs half the qubits for ECC-256 that Gidney needs for RSA-2048. Oratomic needs 10,000 qubits for ECC versus 102,000 for RSA. Two papers. Two architectures. One conclusion: the migration to post-quantum cryptography is not a future planning exercise. It is an operational imperative. #PostQuantumCryptography #QuantumComputing #Bitcoin #Ethereum #Cybersecurity #PQC #PostQuantum #QuantumSecurity

Right on the heels of RSAC from last week, this paper that dropped yesterday should be on everyone's radar. It accelerates the quantum threat timeline in a significant way. Breaking RSA or ECC encryption with a quantum computer requires running something called Shor's algorithm at scale. The biggest question has always been around how many physical qubits you need to run Shor’s. For years that number was in the millions, which made the threat feel distant. The 2021 Gidney-Ekera paper, the prior gold standard, put it at ~20 million qubits. Yesterday, a team from Caltech and Oratomic, including John Preskill, one of the architects of quantum error correction, published a paper bringing that number down to 10,000–14,000 physical qubits on a neutral-atom architecture. For context: some neutral-atom labs have already demonstrated arrays of 6,100 qubits. Which means that the gap between theory and practice just went from roughly 3,000x to about 2x. 2𝐗!! What happened? This is all due to better error-correcting codes that pack more logical qubits into the same physical hardware, combined with reconfigurable atomic architectures. The result is a 2,000x reduction in qubit requirements over the prior gold standard. Runtime for this is still ~10 days and not minutes. So this isn’t like “oh, RSA is broken today in real-time”. But there are 3 bullets that make this urgent: - The "harvest now, decrypt later" threat is now active and real. Adversaries are collecting encrypted traffic now, to decrypt once hardware catches up - and that horizon just moved much much closer. - ECC-256, the crypto that actually protects most live TLS, SSH, and PKI traffic today, is more quantum-vulnerable than RSA-2048 in this analysis. (Because, smaller keys mean simpler quantum circuits.) - Quantum computing and quantum networking hardware is improving fast. The 10-day runtime at 26,000 qubits will get shorter, and investment in this space is accelerating. All this to say, the timeline for deploying NIST-standardized post-quantum cryptography, PQC (ML-KEM, ML-DSA, SLH-DSA, just moved to now.

🔐 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗶𝘀 𝗴𝗲𝘁𝘁𝗶𝗻𝗴 𝗰𝗹𝗼𝘀𝗲𝗿 𝘁𝗵𝗮𝗻 𝘄𝗲 𝘁𝗵𝗼𝘂𝗴𝗵𝘁. 𝗠𝘂𝗰𝗵 𝗰𝗹𝗼𝘀𝗲𝗿. What if breaking today’s cryptography doesn’t require millions of qubits… but just ~10,000? New research suggests that Shor’s algorithm could become practical far sooner than expected — dramatically lowering the barrier to cryptographically relevant quantum computing. ⚙️ What changed? 🧠 Advanced quantum error-correcting codes slash overhead ⚡ Smarter logical operations and circuit design 📉 Massive reduction in qubit requirements ⏱️ Estimated timelines to break real-world crypto: • ECC-256 → ~10 days • RSA-2048 → ~97 days And here’s the twist 👇 Neutral-atom systems are emerging as a serious contender for scalable, fault-tolerant quantum machines.

💣 Two almost simultaneous relevant papers on #quantum #cryptoanalysis. 👉 "Shor’s algorithm is possible with as few as 10,000 reconfigurable atomic qubits" (https://lnkd.in/eyGiqXQt): This document, supported by trusted names like John Preskill, discusses advances in error-correcting codes and other efficiencies that could be leveraged in neutral atoms quantum computers. They discuss attacks on RSA using as few as 10,000 atomic qubits, although at a great cost in time. Their most time-efficient architectures can enable run times of 10 days for ECC–256 with ≈26,000 qubits, and 97 days for RSA–2048 with ≈102,000 qubits. See the graph below. 👉 "Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations" (https://lnkd.in/e_HsxUcx, https://lnkd.in/eakjd4HU): This paper has been published by Google Research and counts also with trusted authors from Google, Ethereum Foundation, University of California, Berkeley and Stanford University, like Craig Gidney, Justin Drake, or Dan Boneh. The paper is a comprehensive review of #quantum #security in #blockchain that deserves a careful reading. They demonstrate that Shor’s algorithm for breaking 256-bit ECC can execute with either ≤ 1200 logical qubits and ≤ 90M Toffoli gates or ≤ 1450 logical qubits and ≤ 70M Toffoli gates.  On superconducting architectures with 10^−3 physical error rates, it could be executed in minutes using <0.5M physical qubits. They analyze how this can enable different attack scenarios to cryptocurrencies. 👉 This not a sudden breakthrough, but steady, credible progress in quantum cryptoanalysis. 💡What stands out is not just feasibility, but implications. 🚩 Although substantial expertise, experimental development effort, and architectural design are required, quantum systems capable of breaking today’s cryptography are not speculative. This underscores the importance of ongoing efforts to transition widely-deployed cryptographic systems toward post-quantum standards. 🚩 The emergence of CRQCs represents a serious threat to cryptocurrencies. ✏️ The Bitcoin community needs to face urgent and difficult decisions regarding legacy assets, such as the 1.7 million bitcoin locked in P2PK scripts and an even greater amount of assets vulnerable due to address reuse. ✏️ Ethereum is more exposed than Bitcoin due to the prevalence of at-rest vulnerabilities, but its recent active steps towards PQC migration promise a more expedient transition to quantum-safe protocols. This is critical since the tokenization of real-world assets is expected to open up markets projected to exceed 16 trillion USD by 2030, breaking the “too-big-to-fail” economic stability thresholds. ✏️ There is time to migrate public blockchains to PQC, though the margin for error is increasingly narrow.

Today, Google Quantum AI published a research paper that might boost the post-quantum migration. Their team has tailored Shor’s algorithm to solve the 256-bit Elliptic Curve Discrete Logarithm Problem. ECDLP is the hard mathematical problem that secures ECDSA: the signature scheme underpinning most blockchains, TLS certificates, and countless authentication systems, using fewer than 1,200 logical qubits and 90 million Toffoli gates. Translated to hardware: fewer than 500,000 physical qubits, executing in a few minutes. A few minutes. Less than a Bitcoin block time. Less than two Ethereum epochs. The long-standing argument that public keys can simply remain hidden is now moot. What exactly changed Shor's algorithm has been known since 1994 as a generic quantum approach to factoring integers and computing discrete logarithms. But "known" and "practical" are very different things. The real progress is in the engineering: how many qubits and gates you actually need once you compile the algorithm into a fault-tolerant quantum circuit. The recent algorithmic trendline is clear: every 12-18 months, the resource estimates drop significantly. And these are pure algorithmic gains: they compound on top of hardware improvements, which remain a major challenge. However, as of today, we're still far from having such a quantum computer. This didn't change. Zero Knowledge Proof Here's where it gets interesting. Google chose not to publish their optimized circuits. Instead, they released a zero-knowledge proof that their circuits achieve the claimed resource counts. We have no doubt they know how to do it, but no clue how. The reasons are likely multiple: competitive advantage, national security implications... Regardless, it establishes a powerful (and elegant) precedent. What’s ironic: Google's ZK proof is not itself post-quantum secure. What’s next? The good news is that we already have the tools: Post Quantum Cryptography, now we need to migrate. A few days ago, Google announced it is targeting 2029 for full post-quantum readiness. NIST plans to deprecate RSA signatures by 2030 and disallow all legacy algorithms by 2035. Cryptography exists to create mathematical trust in the security of systems. That trust is now being eroded, not by a working attack, but by the increasingly credible prospect of one. In security, the moment you start doubting the foundation is the moment you should be rebuilding it. What this means for blockchains For blockchain ecosystems specifically, the threat is central. ECDSA on secp256k1 (Bitcoin) and P-256 curves is the cornerstone of security. Unlike traditional systems where you can rotate certificates behind a corporate firewall, blockchain migration requires coordination across decentralized, permissionless networks. This process will likely take time. I'll be diving deeper into the concrete challenges and strategies for PQC migration on blockchains and secure systems at my keynote this Thursday at EthCC conference.

🚨 Two major new research papers just dropped that dramatically accelerate the quantum threat to crypto. Google Quantum AI optimized Shor’s algorithm down to roughly 1K logical qubits, potentially allowing private keys to be cracked in minutes on advanced superconducting hardware. A follow-up from Oratomic then brought neutral-atom implementations down to just 26K physical qubits with a runtime of around 10 days. This makes Q-Day feel much closer, within just a few years of being reachable. This year at Satoshi Roundtable the mood around quantum computing wasn’t very enthusiastic. We openly discussed how a powerful enough quantum computer could break ECDSA signatures (secp256k1) used across Bitcoin, Ethereum, and most protocols, exposing massive on-chain value including dormant and early-mined coins. The big question was: how do we prepare, and prepare well? Crazy times to be living through. Honestly, teams working in encryption and blockchain should seriously consider stopping everything else and prioritizing this now. It’s time to start integrating quantum-resistant encryption algorithms into modern protocols. No matter if a cryptographically relevant quantum computer arrives in one year or in five, adversaries are likely already collecting encrypted traffic and on-chain data today waiting to decrypt everything the day quantum power crosses that threshold. The shift is real: migrating to post-quantum cryptography is no longer optional. It’s urgent infrastructure work for wallets, bridges, staking, exchanges, and every system holding long-term value. https://lnkd.in/dGUR24xH

🔐 A cryptography wake-up call! Last week brought a reality check for quantum computing timelines. Two research groups announced advances that could enable machines capable of breaking RSA and elliptic curve cryptography much sooner than expected. Google Quantum AI announced updated resource estimates for breaking 256-bit elliptic curve cryptography, the backbone of Bitcoin, Ethereum, and much of modern blockchain security. Their new circuits require fewer than 500,000 physical qubits on superconducting architectures, offering roughly a 20x improvement over previous estimates. Impressively, the team estimates a superconducting computer could derive a private key in under 9 minutes, fast enough to intercept a Bitcoin transaction before it's recorded on-chain. Separately, researchers from Oratomic and Caltech showed that Shor's algorithm could run at cryptographically relevant scales with as few as 10,000 reconfigurable neutral-atom qubits, two orders of magnitude below earlier estimates for such platforms. At ~26,000 qubits, they project 256-bit elliptic curve cryptography could be broken in about 10 days. Neither paper claims a cryptographically relevant quantum computer exists today, and both acknowledge that significant engineering challenges persist. Nonetheless, both advances signify genuine algorithmic and architectural progress beyond small, incremental updates. What I find most notable is the convergence of better error-correcting codes, more efficient logical operations, and optimized circuit design, each improving simultaneously. As a result, resource requirements for cryptographic relevance continue to shrink. This phenomenon should serve as a call to action for the post-quantum cryptography transition. I am curious to hear from others in the community: What is your read on the current quantum cryptographic timeline and where do you see the biggest bottlenecks in a full PQC transition? Google Oratomic #Physics #Cryptography #Quantum #QuantumComputing #Science