Thoughts on PQC

Robert J. Hansen rjh at sixdemonbag.org
Mon Apr 13 23:07:27 CEST 2026 

> The point I was trying to make was that in your original e-mail at [1], 
> your second point  and other parts are not helping me understanding your 
> thoughts on PQC.

1. An awful lot of the people talking about PQC are doing so for 
self-serving reasons. Some of these people are committing outright 
fraud. They think that if they can use enough science gibberish they can 
fool people into giving them money. I used as an example a company that 
once traded for $970/share, where their CEO made extraordinary claims 
about how quantum computing capability would double every 38 days for 
the next two years. This man had a Ph.D in physics. Was he just an 
incompetent physicist, to make such an outrageous claim? Or was he a 
fraud looking to sell stock to people who were easily impressed?

Hard to say. I don't know.

So that's my first thought on PQC: a lot of the people talking about it 
are swindlers, scoundrels, rogues, grifters, and flimflam artists. You 
should always remember that when hearing someone talk about PQC. "Is 
this person a fraud, or are they being honest?"

2. Of the honest ones, few of them understand how science works.

Let's say that you traveled back to Napoleon at the Battle of Waterloo, 
and you gave him a carefully machined sphere of plutonium. How would 
this change the Battle of Waterloo?

Some people say, "introducing atomic weapons to the Battle of Waterloo 
would change everything!"

But it wouldn't. The best thing Napoleon could do with a carefully 
machined sphere of plutonium would be to silverplate it (for health: 
plutonium's incredibly toxic) and then keep it around as a fifteen-watt 
space heater.

To successfully use cutting-edge technology normally requires massive 
investments in other cutting-edge technologies just to support the 
operation of the thing you're interested in. In the case of a nuclear 
bomb, you need new kinds of physics, new kinds of mathematics, new kinds 
of metallurgy, new kinds of nitrochemistry, new kinds of electronics... 
and if you don't have them, well, enjoy your fifteen-watt space heater.

Today's quantum computation, quantum cryptanalysis, and post-quantum
cryptography press releases are meant to make you focus on the nuclear 
pit. They're also meant to distract you from the fact that, like 
Napoleon, we really have no idea how to use it. That distraction game is 
another reason I'm very careful about how much stock I put in it.

3. There is thoroughly too much special pleading going on.

The sine qua non of computer science ("without this, there is nothing") 
is effectiveness. If something isn't effective, it's not an algorithm. 
If it's not an algorithm, it's ... well, very probably boring.

The quantum computation and quantum cryptanalysis crowd tends to be 
guilty of this. A few years ago Google invented a "problem" that existed 
to ... to what? They created a random quantum circuit (which is a little 
weird, but not totally weird: random matrix theory is well-known in 
computer science, RQC is sort of its quantum analogue) that did nothing, 
could do nothing, except ... set itself up faster than a classical 
algorithm could.

Where's the effectiveness? What problem was it solving?

"Special pleading" means "I know the law, but this time it's not going 
to apply to me." The law says, if your procedure is not effective at 
doing something, it's not an algorithm and is of far less interest. This 
crowd likes to say, "sure, it's not effective at doing anything, but do 
you see how FAST it is at not being effective at doing anything?"

4. Press releases are not peer review.

The fact a paper is published on arXiv means exactly as much as if was 
mimeographed and distributed via newsletter. arXiv is not a 
peer-reviewed forum. All kinds of crap gets published there.

When the quantum crowd says "read this paper on arXiv, you'll see I'm 
right!", you may safely wait. If the paper is as groundbreaking as the 
speaker claims, luminaries will weigh in on it.

5. What does this feel like?

String theory in the '90s. That's not a very promising feeling.

6. The bottom line

It's something to keep an eye on, but remember the odds are 
overwhelmingly good you won't need PQC in the next five years.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4583 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260413/749487e1/attachment-0001.bin>

More information about the Gnupg-users mailing list