Research, analysis, and tools for the post-quantum transition.
Two papers from Oratomic/Caltech and Google Quantum AI confirm ECC-256 breaks one to two orders of magnitude faster than RSA-2048. The most modern cryptographic deployments are the most exposed.
Read more →Google committed to completing PQC migration by 2029, well ahead of regulatory deadlines. Their acceleration matches what we see in deployment: the tooling works, hybrid PQC is a config change on most cloud infrastructure, and the real bottleneck is inventory, not research.
Read more →China will finalize independent PQC standards by 2029 on structureless lattice math, diverging from NIST. Organizations with cross-jurisdictional exposure now face parallel migration tracks.
Read more →Aer Lingus gets a B from SSL Labs and an F from pqprobe. Both grades are correct. They answer different questions, and the gap between them is where the real risk lives.
Read more →A researcher confident enough to put a hard date on Shor’s algorithm doesn’t know the protocol it breaks. The gap between theoretical physics and operational security is where risk lives.
Read more →WSJ calls quantum computing “seemingly magical science.” CSIRO calls entanglement “the magic of quantum computers.” This framing gives CISOs permission to defer migration. That’s the damage.
Read more →IBM published a quantum-centric supercomputing blueprint. Qutwo signed enterprise orchestration deals. These are not physics experiments. They are procurement decisions.
Read more →More than 90% of origin servers negotiate zero post-quantum key exchange. The IETF is debating the 2035 destination. Most organizations haven’t met the 2027 starting line.
Read more →COM(2026) 13 adds the first explicit PQC requirement to EU law. BSI wrote the guidance and co-chaired the EU roadmap. We scanned bsi.bund.de. No post-quantum key exchange.
Read more →Three days after we argued that edge PQC numbers create a false floor, Cloudflare launched origin-server tracking on Radar. The gap narrowed from 60% vs 1% to 60% vs some-fraction-of-10%. Still enormous. Still the most important number in PQC.
Read more →A group of engineering professors and PQC hardware executives have announced their "apocalypse" algorithm breaks RSA-2048 in 11 hours. However, it failed initial scrutiny, which reveals how commercial incentives threaten to distort PQC migration.
Read more →Google won’t add post-quantum X.509 certificates to the Chrome Root Store. Instead, Chrome is building Merkle Tree Certificates — and the migration target just moved for everyone.
Read more →Cloudflare reports 52% PQC adoption. Behind the edge, 1% of origin servers are post-quantum. The gap between those numbers is where the risk lives.
Read more →Which of your vendors are actually shipping post-quantum cryptography? We mapped 28+ vendors across seven categories and checked announcements against TLS handshakes.
Read more →Australia’s Signals Directorate published a quantum primer with no qubit estimates. That tells you everything about what actually matters for PQC migration.
Read more →BSI published 70 pages of post-quantum guidance. Four years later, 28 out of 150 companies responded to a survey about what they’d done. The manual was never the problem.
Read more →Germany PQC-hardened the eID chip. Nobody's talking about the quantum-vulnerable middleware between the chip and the EUDI Wallet shipping in 2026.
Read more →HAProxy delegates TLS to OpenSSL. If OpenSSL supports ML-KEM, HAProxy can negotiate it. The question is whether yours does.
Read more →Germany's BSI now recommends classical asymmetric encryption should no longer be used alone after 2031. For high-sensitivity applications, 2030.
Read more →The industry talks about one barrier to cryptographically relevant machines. I think there are five, and they're nested.
Read more →NSA, ASD, and the G7 are setting migration deadlines based on intelligence the open research community doesn't have.
Read more →Citi says $2-3 trillion at risk. Google says 10 septillion years. Both are right, and that's the problem.
Read more →Mandiant published 8TB of attack tools and 4 sentences on remediation. We built the defense tool they didn't.
Read more →We scanned Cloudflare's "post-quantum" Matrix homeserver. Zero post-quantum cryptography found in the application layer.
Read more →