All Post-Quantum, PQC Posts
-
Post-Quantum, PQC, Quantum Security
Quantum-Readiness / PQC Full Program Description (Telecom Example)
Preparing a large telecom (or any enterprise) for the post-quantum cryptography era is a massive, multi-faceted undertaking, but it is achievable with foresight, resources, and commitment. We’ve seen that it involves much more than just installing new algorithms - it’s about transforming an organization’s approach to cryptography across potentially thousands of applications and devices, under uncertain timelines and in coordination with many external players. In…
Read More » -
Q-Day
Forget Q-Day Predictions – Regulators, Insurers, Investors, Clients Are Your New Quantum Clock
Whether you personally believe Q-Day will come in 5 years or 50, the world around you isn’t taking chances - and neither can you. As a CISO, you’re now being implicitly (and sometimes explicitly) told by every corner of your ecosystem that quantum preparedness is mandatory. Regulators demand it via hard deadlines. Key clients and partners demand it in contracts and RFPs. Insurers will soon…
Read More » -
Post-Quantum, PQC, Quantum Security
Stop Asking What Number a Quantum Computer Factored. Ask These Five Questions Instead
One of the laziest talking points in quantum security is that quantum computing has “gone nowhere” because people still talk about factoring 15. That confuses an early proof-of-concept with the real engineering path to a cryptographically relevant quantum computer. The 2001 Nature experiment explicitly described factoring 15 as the “simplest instance” of Shor’s algorithm, and later analysis showed that compiled factoring demos can depend more…
Read More » -
Post-Quantum, PQC, Quantum Security
Device-Independent QKD (DI-QKD)
Modern quantum key distribution (QKD) has always carried a slightly uncomfortable subtext: the math may be information-theoretic, but the box on the rack is engineered. And engineered systems fail in messy, non-theoretical ways. That gap - between "provably secure on paper" and "secure in a live network with real detectors, lasers, firmware, calibration routines, and supply chains" - is exactly the space that device-independent QKD…
Read More » -
Post-Quantum, PQC, Quantum Security
Marin’s Law on Crypto-Agility: Adaptability Determines Survivability
Thesis: Migration time to safer cryptography is inversely proportional to an organization’s crypto-agility. Formally: Let A denote an organization’s crypto-agility (0 ≤ A ≤ 1) and Y the wall-clock time required to replace a cryptographic primitive across all in-scope systems. Then Y ≈ K ⁄ A for some complexity constant K. As A → 0, Y → ∞. Corollary: Raising A today shortens all future…
Read More » -
Post-Quantum, PQC, Quantum Security
Why “They’ve Only Factored 15” Is the Wrong Way to Judge Quantum Computing
Early Shor demos were proofs of control, not the real scoreboard. The path to a cryptographically relevant quantum computer runs through error correction, logical qubits, and fault tolerance - not through a neat sequence of ever-larger classroom factorizations. One of the most persistent anti-quantum talking points goes like this: “After 25 years, quantum computers still haven’t factored anything bigger than 15, so the field clearly…
Read More » -
Q-Day
How You, Too, Can Predict Q-Day (Without the Hype)
For three decades, Q-Day has been “just a few years away.” I want to show you how to make your own informed prediction on when Q-Day will arrive. Counting physical qubits by itself is misleading. To break RSA you need error‑corrected logical qubits, long and reliable operation depth, and enough throughput to finish within an attack‑relevant time window.
Read More » -
Post-Quantum, PQC, Quantum Security
CRQC Readiness Benchmark vs. Quantum Threat Tracker (QTT)
I will try and compare my proposed CRQC Readiness Benchmark with QTT, highlighting fundamental differences in methodology, assumptions, and philosophy, all in an effort to clarify how each approach informs our understanding of the looming “Q-Day.” The goal is to articulate why my benchmark and QTT produce different outlooks (2030s vs. 2050s for RSA-2048), and how both can be used together to guide post-quantum readiness.
Read More »
