All Post-Quantum, PQC Posts
-
Post-Quantum, PQC, Quantum Security
Q-FUD: The Quantum Panic Industry
Cybersecurity has always had a FUD problem. “FUD” (fear, uncertainty, and doubt) is the oldest trick in enterprise security marketing: paint a worst-case scenario, imply you’re already compromised, sprinkle in enough jargon to make the buyer feel outgunned, and then offer the “only” solution - conveniently available this quarter. Q‑FUD is that same playbook, just dressed in quantum vocabulary. Why is Q‑FUD uniquely toxic? Because…
Read More » -
Post-Quantum, PQC, Quantum Security
Pinnacle Architecture: 100,000 Qubits to Break RSA-2048, but at What Cost?
Iceberg Quantum's Pinnacle Architecture paper claims RSA-2048 can be factored with fewer than 100,000 physical qubits - a genuine 10× reduction over the previous state of the art - by replacing surface codes with quantum LDPC codes. The result is credible but shifts difficulty from qubit count to equally daunting engineering challenges: non-local connectivity, fast QLDPC decoding, and month-long sustained fault-tolerant operation. In my paper…
Read More » -
Post-Quantum, PQC, Quantum Security
Payments and the Race to Quantum Safety / Post-Quantum Cryptography (PQC)
The payments industry has navigated big cryptographic transitions before. The migration from magnetic stripes to EMV chips took the better part of two decades and cost billions. The shift from SHA-1 to SHA-256 certificates was painful but bounded - it mostly meant updating software, not ripping out hardware. The post-quantum transition is different in kind, not just degree. It touches every layer of the payments…
Read More » -
Post-Quantum, PQC, Quantum Security
120,000 Tasks: Why Post‑Quantum (PQC) Migration Is Enormous
When I tell fellow CISOs, board members, or even seasoned program managers that the integrated program plan for a comprehensive quantum security / post-quantum cryptography (PQC) migration I recently worked on contained over 120,000 discrete tasks, the reaction is almost always the same. First, there is a polite silence. Then, the inevitable furrowing of the brow. Finally, the question: "Surely, you mean you counted every…
Read More » -
Post-Quantum, PQC, Quantum Security
The Cryptographic Iceberg Inside a Mobile Banking Transaction
A single mobile banking payment triggers millions of cryptographic function calls across nine parties. Here's what actually happens - from silicon to settlement - and why it matters for quantum readiness. The Cryptographic Iceberg Inside a Mobile Banking Transaction 320 function calls before you even type an amount It takes roughly half a second. You press your thumb against the sensor, your banking app opens,…
Read More » -
Quantum Policies
NIS2, DORA, and the EU Post-Quantum Roadmap
If you are a CISO under NIS2 or DORA, you are already expected to run a risk-management system that tracks material, evolving threats - and to implement “state‑of‑the‑art” controls appropriate to the risk. The EU’s PQC roadmap is effectively saying: quantum is now one of those evolving threats you must govern. The most important conceptual shift for leadership teams is this: the EU is not (yet)…
Read More » -
Quantum Policies
The Complete US Post-Quantum Cryptography (PQC) Regulatory Framework in 2026
Three pillars anchor the US PQC framework: the Quantum Computing Cybersecurity Preparedness Act (federal law that no executive order can undo), NSM-10's 2035 migration target (still in force), and NIST's finalized FIPS standards (published August 2024). The Trump administration's June 2025 executive order streamlined, rather than eliminated, PQC obligations, removing prescriptive procurement mandates while retaining the CISA product category list and a TLS 1.3 deadline…
Read More » -
Quantum Policies
No Single Law, No Single Excuse: How Canada Regulates PQC Without Saying “Quantum”
Canada's visible PQC guidance - three documents published mid-2025 - is just the tip. Beneath it sits a layered enforcement framework spanning financial regulation, critical infrastructure law, privacy obligations, and securities disclosure that collectively creates binding pressure for quantum readiness. OSFI already requires federally regulated financial institutions to maintain "strong cryptographic technologies" and has issued a direct quantum readiness bulletin. The pending CCSPA would add…
Read More »