All Post-Quantum, PQC Posts
-
Post-Quantum, PQC, Quantum Security
No One Has Secretly Broken RSA-2048 or RSA-4096 — Here’s the Science
If someone tells you RSA-2048 or even RSA-4096 has been secretly cracked, they are either lying to you or have been lied to. There is no third option that is consistent with physics, engineering, the observable behavior of governments and intelligence agencies, the visible state of the global research community, the industrial supply chain for quantum hardware, or the entire published history of quantum computing.…
Read More » -
Post-Quantum, PQC, Quantum Security
Bitcoin’s Quantum Timeline Is Not RSA’s Quantum Timeline
Most quantum-risk-to-Bitcoin analyses rehash RSA-2048 timelines. They're missing the point. Bitcoin doesn't use RSA. It uses 256-bit ECC - and Shor's algorithm will break that first. Scan the quantum computing coverage of Bitcoin and you will find a remarkable pattern. Article after article cites the same RSA-2048 qubit estimates - 20 million physical qubits (Gidney-Ekerå 2021), under a million (Gidney 2025), fewer than 100,000 (Pinnacle…
Read More » -
Post-Quantum, PQC, Quantum Security
Q-FUD: The Quantum Panic Industry
Cybersecurity has always had a FUD problem. “FUD” (fear, uncertainty, and doubt) is the oldest trick in enterprise security marketing: paint a worst-case scenario, imply you’re already compromised, sprinkle in enough jargon to make the buyer feel outgunned, and then offer the “only” solution - conveniently available this quarter. Q‑FUD is that same playbook, just dressed in quantum vocabulary. Why is Q‑FUD uniquely toxic? Because…
Read More » -
Post-Quantum, PQC, Quantum Security
Pinnacle Architecture: 100,000 Qubits to Break RSA-2048, but at What Cost?
Iceberg Quantum's Pinnacle Architecture paper claims RSA-2048 can be factored with fewer than 100,000 physical qubits - a genuine 10× reduction over the previous state of the art - by replacing surface codes with quantum LDPC codes. The result is credible but shifts difficulty from qubit count to equally daunting engineering challenges: non-local connectivity, fast QLDPC decoding, and month-long sustained fault-tolerant operation. In my paper…
Read More » -
Post-Quantum, PQC, Quantum Security
Payments and the Race to Quantum Safety / Post-Quantum Cryptography (PQC)
The payments industry has navigated big cryptographic transitions before. The migration from magnetic stripes to EMV chips took the better part of two decades and cost billions. The shift from SHA-1 to SHA-256 certificates was painful but bounded - it mostly meant updating software, not ripping out hardware. The post-quantum transition is different in kind, not just degree. It touches every layer of the payments…
Read More » -
Post-Quantum, PQC, Quantum Security
120,000 Tasks: Why Post‑Quantum (PQC) Migration Is Enormous
When I tell fellow CISOs, board members, or even seasoned program managers that the integrated program plan for a comprehensive quantum security / post-quantum cryptography (PQC) migration I recently worked on contained over 120,000 discrete tasks, the reaction is almost always the same. First, there is a polite silence. Then, the inevitable furrowing of the brow. Finally, the question: "Surely, you mean you counted every…
Read More » -
Post-Quantum, PQC, Quantum Security
The Cryptographic Iceberg Inside a Mobile Banking Transaction
A single mobile banking payment triggers millions of cryptographic function calls across nine parties. Here's what actually happens - from silicon to settlement - and why it matters for quantum readiness. The Cryptographic Iceberg Inside a Mobile Banking Transaction 320 function calls before you even type an amount It takes roughly half a second. You press your thumb against the sensor, your banking app opens,…
Read More » -
Quantum Policies
NIS2, DORA, and the EU Post-Quantum Roadmap
If you are a CISO under NIS2 or DORA, you are already expected to run a risk-management system that tracks material, evolving threats - and to implement “state‑of‑the‑art” controls appropriate to the risk. The EU’s PQC roadmap is effectively saying: quantum is now one of those evolving threats you must govern. The most important conceptual shift for leadership teams is this: the EU is not (yet)…
Read More »
