This Venn diagram showing which PQ algorithms are permitted by which government regulatory body from Mike Ounsworth's presentation at the Real World Post-Quantum Cryptography Workshop last week.
(Mike gave a version of that talk earlier this year at the PKIC conf: https://pkic.org/events/2025/pqc-conference-austin-us/WED_BREAKOUT_1200_Mike-Ounsworth_Architecting-PKI-Hierarchies-for-Graceful-PQ-Migration.pdf)
Sicherheits-Architekt. Wenn du vormittags elliptische Kurven für die Post-Quanten-Kryptographie evaluieren darfst und nachmittags einem Projektmanager erklären musst, dass das Telefon kein sicherer Kanal ist.
…ja und nein und vor allem ist es Marketing durch Angstmacherei. Quantenkomputer sind noch nicht wirklich einsetzbar obwohl es viele als solches gerne vermarkten.
»Quantenschlüssel aus der Sicht des CISO:
Quantentechnologien – ein Sicherheitsrisiko oder das Mittel der Wahl gegen Cyberangriffe? Warum, für wen und wo es wichtig ist, die Integration von Quantentechnologien zu starten.«
https://www.csoonline.com/article/3846875/quantenschlussel-aus-der-sicht-des-ciso.html
»The Quantum Apocalypse Is Coming. Be Very Afraid:
What happens when quantum computers can finally crack encryption and break into the world’s best-kept secrets? It’s called Q-Day—the worst holiday maybe ever.«
Since this is very much for us, I cannot deny it, but I see it as a marketing propaganda. To scare is also a marketing strategy.
https://www.wired.com/story/q-day-apocalypse-quantum-computers-encryption/
Out of the top 100K domains, roughly 28K negotiate a quantum safe key exchange.
Almost all of those support both x25519_kyber768 and X25519MLKEM758; only 129 sites support SecP256r1MLKEM768. There are _no_ sites that support pure #PQC via e.g., mlkem768.
The overwhelming majority of sites that support PQC do so by way of Cloudflare. That percentage matches Cloudflare's overall coverage of the top 1M domains.
Just in time for Real World PQC Workshop:
I took at a look at who currently supports #PQC. The answer will not surprise you at all.
…neben dem vorhin erwähnten Marketing bezüglich des Post-Quantom Kryptografie ist darauf hin auch wieder die Angsmacherei davon. Das die mal angewendet wird ist klar aber wie ist die Frage.
»Ihre Passwörter sind bald wertlos: Quantencomputer knacken alles!
Quantencomputer revolutionieren die Rechenleistung. Sie lösen hochkomplexe Aufgaben in Sekundenschnelle. Doch die Technologie birgt auch Gefahren.«
UK cybersecurity agency National Cyber Security Centre is recommending that organisations start replacing existing asymmetric public key cryptosystems with post-quantum cryptography (PQC) alternatives to defend themselves against quantum computers
NIST selects HQC (Hamming Quasi-Cyclic -- https://pqc-hqc.org/) for standardization as the second #PQC key-encapsulation mechanism after ML-KEM.
But no rush, "the final version will be published in approximately two years".
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/w-6RREtb7-c/m/vRjBJE3dAAAJ
#OpenSSL will get the now standardized post-quantum cryptography algorithms (ML-KEM, ML-DSA, SLH-DSA) in 3.5 (planned release date is 2025-04-08):
https://openssl-library.org/post/2025-02-04-release-announcement-3.5/
This will include X25519MLKEM768, and will be enabled and preferred by default:
https://mailarchive.ietf.org/arch/msg/tls/g9sagkuAu8KlWpmJ30YdXbga5Xg/
Scientists create world's 1st chip that can protect data in the age of #QuantumComputing attacks
Looks like Google has enabled X25519MLKEM768 for Gmail STARTTLS:
```
$ openssl s_client -groups X25519MLKEM768 -starttls smtp -connect gmail-smtp-in.l.google.com.:25
Connecting to 2607:f8b0:4004:c07::1b
CONNECTED(00000005)
[…]
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
[…]
250 SMTPUTF8
```
Neat!
As the world moves rapidly to adopt Post Quantum Cryptography, it would be REALLY helpful if the implementation instructions were krystal [sic] clear.
But seriously, this is something that needs to be done properly at the outset.
And for the next few iterations of PQCs that we will see over the next few years.
And of course on the day that I push a blog post on post-quantum cryptography, Microsoft announces some cool new quantum computing breakthroughs:
Gonna have to up date my blog post after I have digested all this, but on first skimming, this looks scientifically exciting but doesn't shift our immediate #pqc timelines.
I put together another summary of where we currently are with respect to Post-Quantum #Cryptography in the industry:
Peter Gutmann calling the bullshit bullshit. And he's a cryptologist, physicists are usually even harsher... #PQC #cryptography https://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf
12.02.2025: GnuPG announces release of 2.5.4 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000490.html
PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018
> We present LatticeFold+, a very different lattice-based folding protocol that improves on LatticeFold in every respect: the prover is five to ten times faster, the verification circuit is simpler, and the folding proofs are shorter
so if you assume that what Cloudflare sees is representative of the wider Internet (they carry about 20% of global traffic), radar.cloudflare.com has some encouraging insights: TLS 1.3 adoption is the majority of traffic (nearly two thirds), #PQC adoption at the browser level has grown from < 3% to 33% in the past year, and has doubled in the last six months (driven mostly by desktop and then mobile default support for the new standards by Google Chrome, which represents the majority of user-agent traffic). I love that Cloudflare makes all this data publicly available for anybody to pick through. https://radar.cloudflare.com/adoption-and-usage?dateRange=52w
