A Cryptography Engineer’s Perspective on Quantum Computing Timelines (words.filippo.io)

submitted 1 day ago by corbin@awful.systems to c/notawfultech@awful.systems

6 comments fedilink hide all child comments

I'm not gonna dig up the links since I'm sure y'all're already tired of talking about quantum computing. I am going to insist that, while I professionally disagree with Filippo about plenty of things, I do not see any mistakes in their analysis here. Please start thinking about post-quantum cryptographic tooling today.

you are viewing a single comment's thread
view the rest of the comments

[-] corbin@awful.systems 3 points 7 hours ago

First, I personally don't yet believe in the cryptographic security of LWE on lattices. I agree that it sure looks hard, but we don't have a solid proof. But also, I don't believe that we've found any provably one-way functions in the classical regime either. So I agree with you from different premises.

Unlucky 10,000: Shor's algorithm speeds up any discrete logarithm. It actually speeds up the abelian HSP. This does give us a theoretical reason to expect that LWE on lattices won't fall to Shor's approach, as the underlying groups are non-abelian. It does make me sad for elliptic curves, though; they're so elegant and the keys are so small.

[-] aio@awful.systems 1 points 11 minutes ago* (last edited 7 minutes ago)

Not sure what you think my "different premises" are? Also I obviously already know that Shor's algorithm solves the discrete log problem. I don't know why you phrased your comment assuming I'm an idiot.

this post was submitted on 06 Apr 2026

13 points (100.0% liked)

NotAwfulTech

567 readers

13 users here now

a community for posting cool tech news you don’t want to sneer at

non-awfulness of tech is not required or else we wouldn’t have any posts

founded 2 years ago

MODERATORS

self@awful.systems