Academia's Impact on Post-Quantum Cryptography

Only 10,000 reconfigurable atomic qubits (https://lnkd.in/eXwBgNW3); if the results in the new paper from Madelyn Cain, Dolev Bluvstein & John Preskill hold, we need to stop treating post-quantum migration as a long-term roadmap item and start treating it as an emergency requirement across the entire stack. Modern cryptography is built on a specific engineering assumption: some problems are computationally intractable. That assumption underpins TLS, PKI, secure routing, financial systems, essentially everything that moves data. Quantum computing does not chip away at that assumption but it invalidates it for the systems we actually use. RSA and elliptic curves do not become “weaker”, they become solvable in a way that removes their security guarantees. The usual response is “we’ll move to PQC” eventually. That is necessary, but not sufficient. PQC replaces one set of hardness assumptions with another. Lattice-based, code-based, multivariate schemes are believed to resist both classical and quantum attacks, but they are still assumptions. We do not have the same level of long-term confidence we thought we had with factoring and discrete logs, and we already know how that story can go. If the failure mode you are protecting against is global cryptographic breakage, then “probably hard” is not the bar to aim for everywhere. Critical infrastructure, root keys, long-lived secrets, inter-datacenter links, anything with a long confidentiality horizon are not places to rely purely on unproven hardness assumptions, even if they are currently the best we have. We do have an alternative model: Quantum Key Distribution anchors security in physics, not computation. An eavesdropper is not “computationally limited”, they are physically detectable. That is a different security boundary. This is not a call to replace PQC with QKD. That would be unrealistic at scale today. It is a call to combine them properly. PQC should be deployed broadly because it scales and integrates with existing systems. QKD should be used on top where failure is not acceptable, to secure key exchange and establish trust in a way that does not depend on future algorithmic breakthroughs. A hybrid QKD+PQC architecture is not overkill. It is the only approach that addresses both known and unknown risks. The other point that gets ignored is timing. You do not migrate global cryptographic infrastructure quickly. These are multi-year, often decade transitions. By the time there is a clear case that current cryptographic systems are broken at scale, the opportunity to respond will have passed. The referenced paper suggests this risk horizon is rapidly approaching. So the relevant question is not “when will quantum computers break crypto.” It is whether you are comfortable designing systems today that assume they will not. Because if that assumption fails, everything built on top of it fails with it, and no one is prepared for that outcome.

Quantum-safe encryption may be facing a reckoning. Recent research suggests that the very lattice-based systems we've come to rely on might not be as invulnerable as once thought. In the race to secure digital communications against quantum threats, lattice-based cryptography has long been considered the most promising candidate. But new work on hybrid primal attacks, particularly the Randomized Slicer technique, shows that these methods can dramatically outperform traditional approaches under certain conditions. The implications are serious: favored schemes like ML-KEM, once thought to be robust, may be more fragile than anticipated when low-entropy key distributions are involved. This isn't just a theoretical concern. Researchers have now demonstrated practical implementations that validate the exponential speedups predicted in earlier models. If these attack vectors continue to mature, the timeline for viable quantum attacks could accelerate, forcing a rethink of migration strategies and cryptographic standards. It’s a reminder that post-quantum security is not a destination but an evolving frontier, and that vigilance in cryptanalysis must continue well beyond standardization. #PostQuantumCryptography #Cybersecurity #QuantumComputing #Cryptanalysis #MLKEM #LatticeCryptography #DigitalSecurity

One of the most humbling things I've ever done professionally was go to a crypto conference around the time when SHA-3 was being reviewed. Slides full of intense math with active debates around the approaches. Now fast forward here we are...One of the most unfortunate things about this AI madness is that we are collectively not talking about some of the other major issues facing us. For a very real example, the post-quantum crypto conversation is actively shifting from academic to practice. Encrypted data from two years ago is sitting in an adversary's storage cluster somewhere. They can't read it yet. They're waiting. "Harvest now, decrypt later" is already happening per the NSA and CISA. Nation-state actors are collecting TLS sessions, VPN traffic, and encrypted transfers today, betting that cryptographically relevant quantum computers exist before 2035. NSS compliance requires migration to NIST-approved PQC algorithms by January 2027. Most organizations haven't inventoried their cryptographic dependencies, let alone sequenced a migration. We're already almost in Q2 of 2026. PQC migration is harder than most security projects because you can't patch your way through it. Discovery is the first problem, every system using RSA or ECDH for key exchange needs to be found, catalogued, and prioritized by data sensitivity and longevity. Since we've done such a crap job of basic asset management in nearly every other cyber-discipline, I imagine this is going to be a long pole in the tent. Hybrid cryptography (running classical and post-quantum algorithms in parallel) will buy time on external-facing systems while teams work through internal dependencies. But migration validation isn't a trivial issue, swapping cryptographic primitives can quietly break things that were working fine. I suspect the organizations that will struggle most are the ones starting their discovery late. If an organization already struggles with basic discovery in other areas, it's likely this will be compounded. #ciso #ai #pqc #postquantum 

Groundbreaking Advancement: NIST Selects FAU’s HQC Algorithm to Shape Future Encryption Introduction In a landmark move, the National Institute of Standards and Technology (NIST) has tapped Florida Atlantic University’s (FAU) Hamming Quasi-Cyclic (HQC) algorithm to help define the next generation of encryption standards. As quantum computing threatens to upend decades of data security, this selection marks a pivotal moment in the global race to safeguard sensitive information against quantum attacks. Key Details 1. Why This Matters Now • Quantum computers are rapidly advancing and could break today’s encryption systems, leaving financial data, communications, and national security vulnerable. • Current encryption methods, which have protected sensitive information for decades, are no match for the computational power quantum machines promise. 2. The Role of HQC • Developed at Florida Atlantic University, the Hamming Quasi-Cyclic (HQC) algorithm is designed specifically for Post-Quantum Cryptography (PQC). • HQC provides a secure key exchange mechanism, allowing two parties to generate a shared secret key—crucial for encrypting and decrypting communications. • Its design makes it resilient against the kinds of attacks quantum computers will likely deploy, setting it apart from legacy systems. 3. NIST’s Decision and Global Impact • NIST’s official recognition of HQC represents a major milestone in the development of quantum-resistant standards. • This selection places FAU at the forefront of international efforts to create encryption tools that can withstand future quantum threats. • It also signals to governments, industries, and cybersecurity experts that the time to modernize encryption infrastructure is now. 4. Looking Ahead • As HQC is integrated into global standards, it will influence the design of secure software, hardware, and communication systems. • This advancement not only strengthens digital security but also positions the U.S. as a leader in shaping the post-quantum cryptographic landscape. Conclusion: Why It Matters FAU’s HQC algorithm being selected by NIST is more than a research win—it’s a crucial step toward protecting the world’s digital infrastructure from the coming wave of quantum disruption. As we stand on the edge of a quantum future, HQC offers a blueprint for building encryption systems that can secure everything from personal privacy to global security for generations to come. Keith King https://lnkd.in/gHPvUttw

🚨 Two major new research papers just dropped that dramatically accelerate the quantum threat to crypto. Google Quantum AI optimized Shor’s algorithm down to roughly 1K logical qubits, potentially allowing private keys to be cracked in minutes on advanced superconducting hardware. A follow-up from Oratomic then brought neutral-atom implementations down to just 26K physical qubits with a runtime of around 10 days. This makes Q-Day feel much closer, within just a few years of being reachable. This year at Satoshi Roundtable the mood around quantum computing wasn’t very enthusiastic. We openly discussed how a powerful enough quantum computer could break ECDSA signatures (secp256k1) used across Bitcoin, Ethereum, and most protocols, exposing massive on-chain value including dormant and early-mined coins. The big question was: how do we prepare, and prepare well? Crazy times to be living through. Honestly, teams working in encryption and blockchain should seriously consider stopping everything else and prioritizing this now. It’s time to start integrating quantum-resistant encryption algorithms into modern protocols. No matter if a cryptographically relevant quantum computer arrives in one year or in five, adversaries are likely already collecting encrypted traffic and on-chain data today waiting to decrypt everything the day quantum power crosses that threshold. The shift is real: migrating to post-quantum cryptography is no longer optional. It’s urgent infrastructure work for wallets, bridges, staking, exchanges, and every system holding long-term value. https://lnkd.in/dGUR24xH

🧨 New record challenging lattice-based #PQC 🧨 A research team led by Professor Jintai Ding (Xi'an Jiaotong-Liverpool University) set a new code-breaking world record for the Lattice Shortest Vector Problem (SVP) in the International Open Darmstadt SVP Challenge. Professor Ding's team has successfully solved the SVP for 200 dimensions, the highest dimension currently supported for submission on the SVP Challenge website. 😱 Don't panic! PQC is not broken yet: Current cryptographic standards would become vulnerable if SVP problems of around 400 dimensions could be solved. However, it shows that there is an algorithmic evolution in tackling SVP problems beyond the advancements in computing power. "Each additional 10 dimensions increases the computational difficulty by roughly an order of magnitude," says Professor Ding. "A decade ago, the record stood at about 130 dimensions and reaching 200 dimensions seemed almost impossible. Yet today, we've solved it with relatively modest academic computing resources." 👉 This record provides a reference to inform cybersecurity agencies and PQC standarization bodies. It also reinforces the importance of cryptoagility, since there seems to be room for research in SVP cryptanalysis. This reminds the importance of the recent announcement from National Institute of Standards and Technology (NIST) to standardize HQC as a non-lattice-based KEM. https://lnkd.in/diBftdHw #postquantum #cryptography