shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

244
active users

#pqc

2 posts2 participants0 posts today

Huh, just noticed that CNSA 2.0 mandates ML-KEM-1024, but all browsers and service providers currently implement (hybrid) X25519MLKEM*768*. So if you're an NSS system or a compliant service provider or vendor... you need to support multiple #pqc key groups, but we we currently don't even have code points for ML-KEM-1024 hybrids. So yay?

(Edit: there's SecP384r1MLKEM1024, but of course nobody has implemented that yet, I think. And we still need to solve the keygroup-selection problem.)

How do we prove our cryptography is secure? 🧐

Join a talk by our Chief Researcher, Karthikeyan Bhargavan, on the rise of formally verified crypto! Learn how libraries like HACL* & libcrux are securing Firefox, Signal & OpenSSH with formally verified guarantees, even against quantum computers. 🛡️

We'll cover recent breakthroughs, challenges, and a vision for verifying giants like OpenSSL.

#cryptography #formalverification #cybersecurity #PQC #infosec

cfp.openssl-conference.org/ope

Continued thread

the FAQ on this page is pretty good (and concise), and in particular this response to an assertion that quantum computers will never be practical for factoring large integers:

“If we're right about quantum computers being practical, then we will have protected vast quantities of user data. If we're wrong about it, then all we'll have done is moved to cryptographic algorithms with stronger mathematical underpinnings.” #PQC

Quantum Key Distribution is the cryptocurrency of post-quantum cryptography.

Conceptually interesting, sure, but not practically useful, doesn't actually solve the problem its advertised for, yet snake-oil salesmen peddle it left and right while business fools fall for the high buzz word density of the pitch.

Researchers have established a new foundation for future quantum cryptographic protocols—not just new algorithms like the current crop of #PQC standards, but entirely new approaches to some of the primitives that modern cryptography relies on (like one-way state generators). The fundamental mathematical and quantum computing research here is still underway, but the number of open problems here is now down to one—and if quantum advantage is proven here, quantum cryptography will rely on a stronger theoretical footing than almost any classical cryptography (moving from NP-hard problems to #P-hard problems like the matrix permanent problem).

The next decade is going to be an amazing time for breakthroughs in fundamental research and new capabilities that upend assumptions that have underpinned computing for 50+ years.

quantamagazine.org/quantum-sci

Quanta Magazine · Quantum Scientists Have Built a New Math of Cryptography | Quanta MagazineIn theory, quantum physics can bypass the hard mathematical problems at the root of modern encryption. A new proof shows how.

⚛️ The Lean roadmap for Ethereum introduces Post-Quantum security

👉 At the consensus layer, hash-based aggregate signatures upgrade BLS signatures

👉 At the data layer, hash-based DAS commitments upgrade KZG commitments

👉 A ZK-friendly, possibly RISC-V-based, execution layer where a hash-based real-time zkVMs upgrades EVM re-execution

blog.ethereum.org/en/2025/07/3

Follow Progress: leanroadmap.org

Ethereum Foundation Bloglean Ethereum | Ethereum Foundation Blog

This paper has learnings outside of cryptocurrencies in how to prepare for the post-quantum transition.

Protocols using seeds as private keys, can generate post-quantum private keys from that seed, and then prove in zero knowledge of the "seed" used in key derivation.

EdDSA signatures (Cosmos) provide this out of the box, making them post-quantum ready whereas ECDA (Bitcoin) private keys expose the scalar in derivation and therefore don't have the same properties

eprint.iacr.org/2025/1368
#PQC

IACR Cryptology ePrint Archive · Post-Quantum Readiness in EdDSA ChainsThe impending threat posed by large-scale quantum computers necessitates a reevaluation of signature schemes deployed in blockchain protocols. In particular, blockchains relying on ECDSA, such as Bitcoin and Ethereum, exhibit inherent vulnerabilities due to on-chain public key exposure and the lack of post-quantum security guarantees. Although several post-quantum transition proposals have been introduced, including hybrid constructions and zero-knowledge-based key migration protocols, these approaches often fail to protect inactive "sleeping" accounts, are cumbersome, or require address changes, violating core immutability and full backward compatibility assumptions. In this work, we observe that blockchains employing EdDSA with RFC 8032-compliant key derivation (e.g., Sui, Solana, Near, Stellar, Aptos, Cosmos) possess an underexplored structural advantage. Specifically, EdDSA’s hash-based deterministic secret key generation enables post-quantum zero-knowledge proofs of elliptic curve private key ownership, which can help switching to a quantum-safe algorithm proactively without requiring transfer of assets to new addresses. We demonstrate how Post-Quantum NIZKs can be constructed to prove knowledge of the "seed" used in EdDSA key derivation, enabling post-quantum-secure transaction authorization without altering addresses or disclosing elliptic curve data. By post-quantum readiness, we mean that with a single user action all future signatures can be made post-quantum secure, even if past transactions used classical elliptic curve cryptography. This allows even users who have previously exposed their public key to seamlessly enter the post-quantum era without transferring assets or changing their account address. As part of this analysis, we also show that BIP32-based ECDSA wallets are not post-quantum ready without breaking changes, as they rely on direct scalar exposure in derivation, making backward-compatible upgrades infeasible. In contrast, SLIP-0010 hash-chain based EdDSA private key derivation provides a foundation for seamless, backwards-compatible migration to quantum-safe wallets, supporting secure upgrades even for dormant or legacy accounts. This mechanism affords a quantum-resilient path and is the first of its kind that preserves full backward compatibility, supports account abstraction, and critically secures dormant accounts, whether from users or custodians, that would otherwise be compromised under quantum adversaries.
Replied to Scott Francis

@darkuncle thanks! An interesting read indeed.

But! His moon landing analogy doesn't hold here: we're not asking some random on the street if quantum computing (moon landing!) is possible. @hweimer is in his analogy the engineer that can actually assess if this ship can land on the quantum moon or not.

His statement about Gutmann's assessment is also problematic:

A model of steady progress in the number of qubits and in the reliability of qubits implies that the graph of quantum factorizations will look like RSA-tiny, RSA-tiny, RSA-tiny, RSA-tiny, etc., and then suddenly RSA-1024, and soon after that RSA-2048.

It implies that if we have enough qubits, the rest is just technicality. No word about other components such as quantum gates etc.

The most convincing part is the beginning: migrating to #pqc is not hard and does not hurt, so let's do it!

Replied to Scott Francis

@darkuncle I have a couple of examples to make my point:

  1. German Federal Network: physically isolated from the global internet. I can't imagine an adversary being able to observe data on the fly.
  2. TLS: every session has its own keys (to ensure forward secrecy) so you have to break each session key to make sense of data: how powerful your CRQC must be?
  3. Multi-path routing: how many network nodes do you need to control to collect all necessary data fragments to put it together and decrypt it later?

I mean #PQC algorithms are available in nearly every crypto library, so it's easy to catch up with little to no practical disadvantages. But still I think the hurdles are too high for any adversary to collect data now in hope of decrypting it later in world where Microsoft, Fortinet, etc. software is much easier to hack.

Does it make sense?

"harvest now, decrypt later" (#HNDL) is the only argument that people put forth to justify post #quantum crypto (#pqc). But it's unclear who is harvesting what and how did they manage to get their hands on the data? It's not like that every type of communication runs over the Internet though nodes that are controlled by adversaries. Even if you could partially observe data, I don't understand how you want to put fragmented data together if they happen to run through different routes that an adversary cannot control? I could go on forever, but it wouldn't as sexy as the FUD concept of HNDL...

Context:
Joint Analytic Report (JAR) from the Cyber Threat Alliance: Approaching Quantum Dawn

cyberthreatalliance.org/a-new-

Cyber Threat Alliance · A New Joint Analytic Report (JAR) from the Cyber Threat Alliance: Approaching Quantum Dawn - Cyber Threat AllianceBy Emerson Johnston, Cyber Threat Report Analyst The Cyber Threat Alliance (CTA) is pleased to announce the release of its new Joint Analytic Report (JAR): Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s Too Late. This report reflects the collaborative analysis of experts from thirteen CTA member organizations and offers a timely, grounded … Continued

Die unterschätzte Bedrohung: Quantencomputer und Kryptographie

Was ich in meinem Artikel bereits betont habe, wird jetzt Realität.

Die #EU zieht nach – mit einem offiziellen Fahrplan zur Post-Quantum-Kryptographie. Frühzeitiges Handeln war nie optional – sondern zwingend.

Denn wie schon im Artikel beschrieben: Wer heute nicht vorbereitet, läuft morgen Gefahr, dass Jahrzehnte an vertraulichen Daten entschlüsselt werden – ganz im Sinne von „Store now, decrypt later“.

🔗 Mein Artikel: secunis.de/post-quantum-krypto

🔗 EU-Fahrplan: digital-strategy.ec.europa.eu/

:boost_ok:

SecunisPost-Quantum-Kryptographie1. Die unterschätzte Bedrohung: Quantencomputer und Kryptographie „Store now, decrypt later“ – was…

100 logical qubits with built-in error correction in 2029, 1,000 in 2031, dramatically smaller size and energy requirements vs current HPC setups. Of course, not all problem spaces are subject to quantum advantage, and this new hardware approach needs further testing and development - but still, yet another promising advance in error correction. #quantum #PQC
mas.to/@AlexJimenez/1147451961

mas.toAlex Jimenez (@AlexJimenez@mas.to)Attached: 1 image 'A first in applied physics': Breakthrough quantum computer could consume 2,000 times less power than a supercomputer and solve problems 200 times faster https://buff.ly/KpxCN1R #QuantumComputing #Innovation

New paper from a team at Shanghai University outlines how a team there factored a 22-bit RSA integer on a #quantum computer (D-Wave's Advantage).

They reframed integer factoring as combinatorial optimization (which matches well with quantum annealing hardware) instead of Shor's period-finding approach. The previous best effort was 19 bits and was less efficient (more qubits per variable required).

The researchers also attacked some AES underlying algorithms including Present, Rectangle, and the Gift-64 block cipher.

(Notable context: Back in 2022 a different team in China claimed to have factored a 48-bit semiprime with a 10 qubit quantum computer, but that was later retracted.)

n.b., headline is clickbait but article is actually pretty good.

#PQC

earth.com/news/china-breaks-rs

cjc.ict.ac.cn/online/onlinepap

Earth.comChina breaks RSA encryption with a quantum computer, threatening global data securityResearchers in Shanghai break record by factoring 22-bit RSA key using quantum computing, threatening future cryptographic keys.