You might be right that we'll never have quantum computers capable of cracking conventional cryptographic methods, but I'd rather err on the side of caution in this regard considering how easy it is to switch, and how disastrous it could be otherwise.

▲

simiones 5 days ago | parent | next [-]

As others pointed out, it's not so easy to switch, as the PQC versions require much more data to be sent to establish a connection, and consequently way more CPU time. So the CPS you can achieve with this type of cryptography will be MUCH worse than classical algorithms.

▲

ifwinterco 5 days ago | parent | next [-]

Let's be honest though, key exchange is not exactly the limiting factor for web performance in 2025

	▲	msgodel 5 days ago \| parent [-]
		It can be limiting for other things though. Encrypted DNS was already marginal for some TLD operators, adding the overhead of PQC may actually make it completely impractical.

▲

fxwin 5 days ago | parent | prev [-]

it doesn't get much easier than that, and the downsides are much much much less of an inconvenience than having your data breached depending on what it is.

▲

bbarnett 5 days ago | parent | prev | next [-]

Especially of the break through isn't public, and used behind the scenes.

▲

westurner 5 days ago | parent | prev [-]

"A First Successful Factorization of RSA-2048 Integer by D-Wave Quantum Computer" (2025-06) https://ieeexplore.ieee.org/document/10817698

▲

pclmulqdq 5 days ago | parent | next [-]

Yeah, except when your "2048-bit" numbers are guaranteed to have factors that differ by exactly two bits, you can factor them with any computer you want.

The D-wave also isn't capable of Shor's algorithm or any other quantum-accelerated version of this problem.

▲

westurner 4 days ago | parent | next [-]

Have you or anyone else proven that there is no annealing implementation of Shor's?

Why are you claiming superiority in ignorance?

▲

maratc 5 days ago | parent | prev [-]

I was at a lecture by a professor who's working in the field, his main argument was that quantum computers are physically impossible to scale.

He presented us with a picture of him and a number of other very important scientists in this field, none of them sharing his attitude. We then joked that there is a quantum entanglement of Nobel prize winners in the picture.

	▲	westurner 4 days ago \| parent [-]
		I don't think that that professor was correct. The universe is constantly doing large, scaled quantum computations. The number of error-corrected qubits per QC will probably increase at an exponential rate. Whether there is a problem decomposition strategy for RSA could change. Oh, entanglement and the prize! Adherence to Bell's is abstruse and obtuse. Like attaching to a student of Minkowkski's who served as an honorable patent examiner in Europe who moved to America. We might agree that there are many loopholes by which information sharing through entanglement is possible; that Bell's theorem is not a real limit to communications or QC because there are many "loopholes to"

▲

mikestorrent 5 days ago | parent | prev | next [-]

D-Wave themselves do not emphasize this use case and have said many times that they don't expect annealing quantum computers to be used for this kind of decryption attack. Annealers are used for optimization problems where you're trying to find the lowest energy solution to a constraint problem, not Shor's Algorithm.

In that sense, they're more useful for normal folks today, and don't pose as many potential problems.

	▲	westurner 4 days ago \| parent [-]
		I suspect that we simply haven't yet found an annealing solution for factoring integers yet. It may be that no solution exists; even given better error correction with that many qubits. A standard LLM today won't yet answer with "no solution exists"

▲

adgjlsfhk1 5 days ago | parent | prev [-]

By that argument, I can factor a 100000000 bit number on my computer in a second.