Most active commenters
  • cyberpunk(6)
  • bawolff(5)
  • (3)

←back to thread

Willow quantum chip demonstrates verifiable quantum advantage on hardware

(blog.google)
429 points AbhishekParmar | 67 comments | 22 Oct 25 15:16 UTC | HN request time: 1.266s | source | bottom
1. Imnimo ◴[22 Oct 25 15:37 UTC] No.45670761[source]
As with any quantum computing news, I will wait for Scott Aaronson to tell me what to think about this.
replies(6): >>45670868 #>>45670978 #>>45671067 #>>45671079 #>>45671833 #>>45672034 #
2. lisper ◴[22 Oct 25 15:50 UTC] No.45670978[source]
Why wait? Just go read the paper:

https://www.nature.com/articles/s41586-025-09526-6

In the last sentence of the abstract you will find:

"These results ... indicate a viable path to practical quantum advantage."

And in the conclusions:

"Although the random circuits used in the dynamic learning demonstration remain a toy model for Hamiltonians that are of practical relevance, the scheme is readily applicable to real physical systems."

So the press release is a little over-hyped. But this is real progress nonetheless (assuming the results actually hold up).

[UPDATE] It should be noted that this is still a very long way away from cracking RSA. That requires quantum error correction, which this work doesn't address at all. This work is in a completely different regime of quantum computing, looking for practical applications that use a quantum computer to simulate a physical quantum system faster than a classical computer can. The hardware improvements that produced progress in this area might be applicable to QEC some day, this is not direct progress towards implementing Shor's algorithm at all. So your crypto is still safe for the time being.

replies(4): >>45671003 #>>45671037 #>>45671611 #>>45671618 #
3. ransom1538 ◴[22 Oct 25 15:51 UTC] No.45671003[source]
SO... BTC goes to zero?
replies(5): >>45671041 #>>45671043 #>>45671120 #>>45671360 #>>45672639 #
4. tux3 ◴[22 Oct 25 15:53 UTC] No.45671037[source]
Quantum advantage papers have a history of overpromising, this one looks interesting, but it would still seem wise to wait for a second opinion.
5. deliriumchn ◴[22 Oct 25 15:54 UTC] No.45671041{3}[source]
no, not really, PQC is already being discussed in pretty much every relevant crypto thing for couple years alearady and there are multiple PQC algos ready to protect important data in banking etc as well
replies(1): >>45671599 #
6. pclmulqdq ◴[22 Oct 25 15:54 UTC] No.45671043{3}[source]
No, we're still not much closer to that event.
7. wnevets ◴[22 Oct 25 15:56 UTC] No.45671067[source]
I'm waiting for Peter Gutmann[1] to tell me what to think about this.

[1] https://eprint.iacr.org/2025/1237

8. getnormality ◴[22 Oct 25 15:56 UTC] No.45671079[source]
I will wait for a HN commenter to tell me what Scott Aaronson thinks about this.
replies(1): >>45671978 #
9. LarsDu88 ◴[22 Oct 25 15:59 UTC] No.45671120{3}[source]
If quantum computers crack digital crytography, traditional bank account goes to zero too because regular 'ol databases also use crytography techniques for communication.
replies(2): >>45671287 #>>45671384 #
10. wcoenen ◴[22 Oct 25 16:09 UTC] No.45671287{4}[source]
If all else fails, banks can generate terabytes of random one-time pad bytes, and then physically transport those on tape to other banks to set up provably secure communication channels that still go over the internet.

It would be a pain to manage but it would be safe from quantum computing.

replies(1): >>45671478 #
11. bilsbie ◴[22 Oct 25 16:13 UTC] No.45671360{3}[source]
I don’t see why bitcoin wouldn’t update its software in such a case. The majority of minors just need to agree. But why wouldn’t they if the alternative is going to zero?
replies(6): >>45671436 #>>45671437 #>>45671613 #>>45672053 #>>45672248 #>>45674763 #
12. OsrsNeedsf2P ◴[22 Oct 25 16:15 UTC] No.45671384{4}[source]
Let's say I give you a function you can call to crack any RSA key. How are you hacking banks?
13. jonathanlydall ◴[22 Oct 25 16:19 UTC] No.45671436{4}[source]
Sir Alexander Dane: MINERS, not MINORS.
replies(2): >>45671863 #>>45672068 #
14. andrewstuart2 ◴[22 Oct 25 16:19 UTC] No.45671437{4}[source]
I'll tell you right now, no way my kids would agree until they're at least adults. They don't even know what asymmetric cryptography is.
replies(1): >>45671700 #
15. SAI_Peregrinus ◴[22 Oct 25 16:21 UTC] No.45671478{5}[source]
They could also use pre-shared keys with symmetric cryptography. AES-256-GCM is secure against quantum attack, no need to bother with one-time pads.
16. cyberpunk ◴[22 Oct 25 16:29 UTC] No.45671599{4}[source]
I don’t really understand the threat to banking. Let’s say you crack the encryption key used in my bank between a java payment processing system and a database server. You can’t just inject transactions or something. Is the threat that internal network traffic could be read? Transactions all go to clearing houses anyway. Is it to protect browser->webapp style banking? those all use ec by now anyway, and even if they don’t how do you mitm this traffic?

Where is the exact threat?

replies(3): >>45671825 #>>45671955 #>>45672073 #
17. AndrewStephens ◴[22 Oct 25 16:30 UTC] No.45671611[source]
> "These results ... indicate a viable path to practical quantum advantage"

I'll add this to my list of useful phrases.

Q: Hey AndrewStephens, you promised that task would be completed two days ago. Can you finish it today?

A: Results indicate a viable path to success.

replies(3): >>45671746 #>>45672051 #>>45673003 #
18. andrewla ◴[22 Oct 25 16:30 UTC] No.45671613{4}[source]
How could updating the software possibly make a difference here? If the encryption is cracked, then who is to say who owns which Bitcoin? As soon as I try to transfer any coin that I own, I expose my public key, your "Quantum Computer" cracks it, and you offer a competing transaction with a higher fee to send the Bitcoin to your slush fund.

No amount of software fixes can update this. In theory once an attack becomes feasible on the horizon they could update to post-quantum encryption and offer the ability to transfer from old-style addresses to new-style addresses, but this would be a herculean effort for everyone involved and would require all holders (not miners) to actively update their wallets. Basically infeasible.

Fortunately this will never actually happen. It's way more likely that ECDSA is broken by mundane means (better stochastic approaches most likely) than quantum computing being a factor.

replies(4): >>45671867 #>>45671886 #>>45671904 #>>45672761 #
19. toasted-subs ◴[22 Oct 25 16:30 UTC] No.45671618[source]
A consistent theme of Quantum Computing is setting up the problem to have the hardwired achieve nicely to get a good news article to get more funding.

Im pretty reluctant to make any negative comments about these kinds of posts be cause it will prevent actually achieving the desired outcome.

replies(1): >>45671801 #
20. LPisGood ◴[22 Oct 25 16:38 UTC] No.45671700{5}[source]
I’m confused, are your kids major Bitcoin miners?
replies(2): >>45671733 #>>45671826 #
21. andrewstuart2 ◴[22 Oct 25 16:41 UTC] No.45671733{6}[source]
Not major miners, but minor miners (if you count Minecraft).
22. iwontberude ◴[22 Oct 25 16:42 UTC] No.45671746{3}[source]
Charlie Brown, Lucy, football
23. guerrilla ◴[22 Oct 25 16:44 UTC] No.45671764{6}[source]
teamwork.
24. bawolff ◴[22 Oct 25 16:46 UTC] No.45671801{3}[source]
Quantum computing hardware is still at its infancy.

The problem is not with these papers (or at least not ones like this one) but how they are reported. If quantum computing is going to suceed it needs to do the baby steps before it can do the big steps, and at the current rate the big leaps are probably decades away. There is nothing wrong with that, its a hard problem and its going to take time. But then the press comes in and reports that quantum computing is going to run a marathon tomorrow which is obviously not true and confuses everyone.

replies(1): >>45672513 #
25. conradev ◴[22 Oct 25 16:47 UTC] No.45671825{5}[source]
The big threat is passively breaking TLS, so it’s browser traffic. Or, any internet traffic?
replies(1): >>45671954 #
26. jdiff ◴[22 Oct 25 16:47 UTC] No.45671826{6}[source]
GGP used the term "minors," GP is running with the typo.
27. guywithahat ◴[22 Oct 25 16:48 UTC] No.45671833[source]
As with most news, I'll be waiting for Scott Adams to tell me what to think about this
replies(1): >>45672036 #
28. FergusArgyll ◴[22 Oct 25 16:49 UTC] No.45671863{5}[source]
That actually confused me. I thought he he meant "the majority of the minority" while I was pretty sure it's just a simple majority
29. iwontberude ◴[22 Oct 25 16:50 UTC] No.45671867{5}[source]
As you alluded to, network can have two parallel chains where wallets can be upgraded by users asynchronously before PQC is “needed” (a long way away still) which will leave some wallets vulnerable and others safe. It’s not that herculean as most wallets (not most BTC) are in exchanges. The whales will be sufficiently motivated to switch and everyone else it will happen in the background.

A nice benefit is it solves the problem with Satoshi’s (of course not a real person or owner) wallet. Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.

replies(1): >>45671934 #
30. jjmarr ◴[22 Oct 25 16:51 UTC] No.45671886{5}[source]
> this would be a herculean effort for everyone involved and would require all holders (not miners) to actively update their wallets. Basically infeasible.

Any rational economic actor would participate in a post-quantum hard fork because the alternative is losing all their money.

If this was a company with a $2 trillion market cap there'd be no question they'd move heaven-and-earth to prevent the stock from going to zero.

Y2K only cost $500 billion[1] adjusted for inflation and that required updating essentially every computer on Earth.

[1]https://en.wikipedia.org/wiki/Year_2000_problem#Cost

31. orblivion ◴[22 Oct 25 16:52 UTC] No.45671904{5}[source]
Firstly I'd want to see them hash the whole blockchain (not just the last block) with the post-quantum algo to make sure history is intact.

But as far as moving balances - it's up to the owners. It would start with anybody holding a balance high enough to make it worth the amount of money it would take to crack a single key. That cracking price will go down, and the value of BTC may go up. People can move over time as they see fit.

replies(1): >>45672016 #
32. jwpapi ◴[22 Oct 25 16:54 UTC] No.45671934{6}[source]
Not even needed you can just copy network state of a specific moment in time and encrypt with a new algorithm that will be used from then on
replies(1): >>45672174 #
33. cyberpunk ◴[22 Oct 25 16:55 UTC] No.45671954{6}[source]
Okay, but breaking that TLS (device->bank) would allow you to intercept the session keys and then decrypt the conversation. Alright, so now you can read I logged in and booked a transaction to my landlord or whatever. What else can you do? OTP/2FA code prevents you from re-using my credentials. Has it been demonstrated at all that someone who intercepts a session key is able to somehow inject into a conversation? It seems highly unlikely to me with TCP over the internet.

So we are all in a collective flap that someone can see my bank transactions? These are pretty much public knowledge to governments/central banks/clearing houses anyway -- doesn't seem like all that big a deal to me.

(I work on payment processing systems for a large bank)

replies(1): >>45672045 #
34. bawolff ◴[22 Oct 25 16:55 UTC] No.45671955{5}[source]
> those all use ec by now anyway

As far as i am aware, eliptic curve is also vulnerable to quantum attacks.

The threat is generally both passive eavesdropping to decrypt later and also active MITM attacks. Both of course require the attacker to be in a position to eavesdrop.

> Let’s say you crack the encryption key used in my bank between a java payment processing system and a database server.

Well if you are sitting in the right place on the network then you can.

> how do you mitm this traffic?

Depends on the scenario. If you are government or ISP then its easy. Otherwise it might be difficult. Typical real life scenarios are when the victim is using wifi and the attacker is in the physical vicinity.

Like all things crypto, it always depends on context. What information are you trying to protect and who are you trying to protect.

All that said, people are already experimenting with PQC so it might mostly be moot by the time a quantum computer comes around. On the other hand people are still using md5 so legacy will bite.

replies(1): >>45672086 #
35. thedrexster ◴[22 Oct 25 16:57 UTC] No.45671978[source]
this is my approach, as well, lol
36. ◴[22 Oct 25 17:00 UTC] No.45672016{6}[source]
37. supernetworks_ ◴[22 Oct 25 17:02 UTC] No.45672034[source]
https://arxiv.org/abs/2509.07255

This paper on verifiable advantage is a lot more compelling. With Scott Aaronson and Quantinuum among other great researchers

38. amiga386 ◴[22 Oct 25 17:02 UTC] No.45672036[source]
The text adventure guy, or the cartoonist who went batshit?
replies(2): >>45673367 #>>45674722 #
39. bawolff ◴[22 Oct 25 17:02 UTC] No.45672045{7}[source]
> Has it been demonstrated at all that someone who intercepts a session key is able to somehow inject into a conversation? It seems highly unlikely to me with TCP over the internet.

if you can read the TLS session in general, you can capture the TLS session ticket and then use that to make a subsequent connection. This is easier as you dont have to be injecting packets live or make inconvinent packets disappear.

replies(1): >>45672194 #
40. keeda ◴[22 Oct 25 17:03 UTC] No.45672051{3}[source]
An MBA, an engineer and a quantum computing physicist check into a hotel. Middle of the night, a small fire starts up on their floor.

The MBA wakes up, sees the fire, sees a fire extinguisher in the corner of the room, empties the fire extinguisher to put out the fire, then goes back to sleep.

The engineer wakes up, sees the fire, sees the fire extinguisher, estimates the extent of the fire, determines the exact amount of foam required to put it out including a reasonable tolerance, and dispenses exactly that amount to put out the fire, and then satisified that there is enough left in case of another fire, goes back to sleep.

The quantum computing physicist wakes up, sees the fire, observes the fire extinguisher, determines that there is a viable path to practical fire extinguishment, and goes back to sleep.

replies(1): >>45674494 #
41. jacquesm ◴[22 Oct 25 17:03 UTC] No.45672053{4}[source]
> The majority of minors just need to agree.

That's an uncomfortably apt typo.

42. jacquesm ◴[22 Oct 25 17:04 UTC] No.45672068{5}[source]
"Ahhhh... now you tell me" (Formerly Prince Andrew, at some point).
43. chuckadams ◴[22 Oct 25 17:04 UTC] No.45672073{5}[source]
Flooding the system with forged messages that overwhelm the clearinghouse having to verify them sounds like a good way to bring down a banking system.
replies(1): >>45672246 #
44. cyberpunk ◴[22 Oct 25 17:05 UTC] No.45672086{6}[source]
> Well if you are sitting in the right place on the network then you can.

Not really. This would be if not instantly then when a batch goes for clearing or reconciliation, be caught -- and an investigation would be immediately started.

There are safeguards against this kind of thing that can't be really defeated by breaking some crypto. We have to protect against malicious employees etc also.

One can not simply insert bank transactions like this. They are really extremely complicated flows here.

replies(1): >>45676894 #
45. strbean ◴[22 Oct 25 17:14 UTC] No.45672174{7}[source]
The problem is that the owner needs to claim their wallet and migrate it to the new encryption. Just freezing the state at a specific moment doesn't help; to claim the wallet in the new system I just need the private key for the old wallet (as that's the sole way to prove ownership). In our hypothetical post-quantum scenario, anyone with a quantum computer can get the private key and migrate the wallet, becoming the de-facto new owner.

I think this is all overhyped though. It seems likely we will have plenty of warning to migrate prior to achieving big enough quantum computers to steal wallets. Per wikipedia:

> The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.

IIRC this is speculated to be the reason ECDSA was selected for Bitcoin in the first place.

replies(1): >>45678614 #
46. cyberpunk ◴[22 Oct 25 17:15 UTC] No.45672194{8}[source]
It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic and we could flag this to our surveillance systems for additional checks on these transactions. In a post quantum world, this seems like something that would be everywhere anyway (and presumably, we would be using some other algo by then too).

Somehow, I'm not all that scared. Perhaps I'm naive.. :}

replies(1): >>45676928 #
47. cyberpunk ◴[22 Oct 25 17:19 UTC] No.45672246{6}[source]
Sure, if a bank gets compromised you could in theory DOS a clearing house, but I'd be completely amazed if it succeeded. Those kind of anomalous spikes would be detected quickly. Not even imagining that each bank probably has dedicated instances inside each clearing house.

These are fairly robust systems. You'd likely have a much better impact dossing the banks.

replies(1): >>45672273 #
48. udev4096 ◴[22 Oct 25 17:19 UTC] No.45672248{4}[source]
The problem is all the lost BTC wallets, which is speculated to be a lot and also one of the biggest reason for the current BTC price, who obviously cannot upgrade to PQ. There is currently a radical proposal of essentially making all those lost wallets worthless, unless they migrate [1]

[1] - https://github.com/jlopp/bips/blob/quantum_migration/bip-pos...

replies(1): >>45672697 #
49. chuckadams ◴[22 Oct 25 17:21 UTC] No.45672273{7}[source]
Yah, I suspect the banks pay a handsome sum to smarter people than you and me, and they've gamed this out already.
replies(1): >>45672304 #
50. cyberpunk ◴[22 Oct 25 17:23 UTC] No.45672304{8}[source]
I build such systems ;)
51. toasted-subs ◴[22 Oct 25 17:39 UTC] No.45672513{4}[source]
There in lies the problem. Hey can I have a few billion dollars for my baby doesn't really work out too well for investors or industry.

The current situation with "AI" took off because people learned their lessons from the last round of funding cuts "AI winter".

That being said any pushback against funding quantum research would be like chopped your own hands off.

52. logtrees ◴[22 Oct 25 17:47 UTC] No.45672639{3}[source]
No, I don't think so. By the time quantum supremacy is really achieved for a "Q-Day" that could affect them or things like them, the existing blockchains which have already been getting hardened will have gotten even harder. Quantum computing could be used to further harden them, as well, rather than compromise them. Supposing that Q-Day brought any temporary hurdles to Bitcoin or Ethereum or related blockchains, well...due to their underlying nature resulting in justified Permanence, we would be able to simply reconstitute and redeploy them for their functionalities because they've already been sufficiently imbued with value and institutional interest as well. These are quantum-resistant hardenings.

So I do not think these tools or economic substrate layers are going anywhere. They are very valuable for the particular kinds of applications that can be built with them and also as additional productive layers to the credit and liquidity markets nationally, internationally, and also globally/universally.

So there is a lot of institutional interest, including governance interest, in using them to build better systems. Bitcoin on its own would be reduced in such justification but because of Ethereum's function as an engine which can drive utility, the two together are a formidable and quantum-resistant platform that can scale into the hundreds of trillions of dollars and in Ethereum's case...certainly beyond $1Q in time.

I'm very bullish on the underlying technology, even beyond tokenomics for any particular project. The underlying technologies are powerful protocols that facilitate the development and deployment of Non Zero Sum systems at scale. With Q-Day not expected until end of 2020s or beginning of 2030s, that is a considerable amount of time (in the tech world) to lay the ground work for further hardening and discussions around this.

53. shwaj ◴[22 Oct 25 17:51 UTC] No.45672697{5}[source]
I’m not sure there’s a better alternative.
54. bloppe ◴[22 Oct 25 17:55 UTC] No.45672761{5}[source]
> would require all holders (not miners) to actively update their wallets. Basically infeasible.

It doesn't require all holders to update their wallets. Some people would fail to do so and lose their money. That doesn't mean the rest of the network can't do anything to save themselves. Most people use hosted wallets like Coinbase these days anyway, and Coinbase would certainly be on top of things.

Also, you don't need to break ECDSA to break BTC. You could also do it by breaking mining. The block header has a 32-bit nonce at the very end. My brain is too smooth to know how realistic this actually is, but perhaps someone could do use a QC to perform the final step of SHA-256 on all 2^32 possible values of the nonce at once, giving them an insurmountable advantage in mining. If only a single party has that advantage, it breaks the Nash equilibrium.

But if multiple parties have that advantage, I suppose BTC could survive until someone breaks ECDSA. All those mining ASICs would become worthless, though.

55. adonovan ◴[22 Oct 25 18:12 UTC] No.45673003{3}[source]
Not quite sure why all the responses here are so cynical. I mean, it's a genuinely difficult set of problems, so of course the first steps will be small. Today's computers are the result of 80 astonishing years of sustained innovation by millions of brilliant people.

Even as a Googler I can find plenty of reasons to be cynical about Google (many involving AI), but the quantum computing research lab is not one of them. It's actual scientific research, funded (I assume) mostly out of advertising dollars, and it's not building something socially problematic. So why all the grief?

replies(1): >>45674692 #
56. cma ◴[22 Oct 25 18:40 UTC] No.45673367{3}[source]
Aaronson isn't a cartoonist, it was an AI cartoon from ChatGPT that an antisemite sent Aaronson in the mail which he then seemingly maliciously misattributed to Woit making people assume Aaronson went batshit.

https://scottaaronson.blog/?p=9098

Aaronson did work at OpenAI but not on image generation, maybe you could argue the OpenAI safety team he worked on should be involved here but I'm pretty sure image generation was after his time, and even if he did work directly on image generation under NDA or something, attributing that cartoon to Aaronson would be like attributing a cartoon made in Photoshop by an antisemite to a random Photoshop programmer, unless he maliciously added antisemitic images to the training data or something.

The most charitable interpretation that I think Aaronson also has offered is that Aaronson believed Woit was an antisemite because of a genocidal chain of events that in Aaronson's belief would necessarily happen with a democratic solution and that even if Woit didn't believe that that would be the consequence, or believed in democracy deontologically and thought the UN could step in under the genocide convention if any genocide began to be at risk of unfolding, the intent of Woit could be dismissed, and Woit could therefore be somehow be lumped in with the antisemite who sent Aaronson the image.

Aaronson's stated belief also is that any claim that Isreal was commiting a genocide in the last few years is a blood-libel because he believes the population of Gaza is increasing and it can't be a genocide unless there is a population decrease during the course of it. This view of Aaronsno would imply things like if every male in Gaza was sterilized, and the UN stepped in and stopped it as a genocide, it would be a blood libel to call that genocide so long as the population didn't decrease during the course of it, even if it did decrease afterwards. But maybe he would clarify that it could include decreases that happen with a delayed effect of the actions. But these kind of strong beliefs of blood-libel I think are part of why he felt ok labeling the comic with Woit's name.

I also don't think if the population does go down or has been going down he will say it was from a genocide, but rather that populations can go down from war. He's only proposing that a population must go down as a necessary criteria of genocide, not a sufficient one. I definitely don't agree with him, to me if Hamas carried out half of an Oct 7 every day it would clearly be a genocide even if that brought the replacement rate to 1.001 and it wouldn't change anything if it brought it to 0.999.

replies(3): >>45673889 #>>45674758 #>>45674981 #
57. amiga386 ◴[22 Oct 25 19:20 UTC] No.45673889{4}[source]
I think you're very, very confused.

> guywithahat [...] I'll be waiting for Scott Adams to tell me what to think about this

Scott Adams

Text adventure guy: https://en.wikipedia.org/wiki/Scott_Adams_(game_designer)

Batshit cartoonist: https://en.wikipedia.org/wiki/Scott_Adams

(also, for fun, a cartoon by Scott Aaronson and Zack Weinersmith: https://www.smbc-comics.com/comic/the-talk-3)

58. foota ◴[22 Oct 25 20:08 UTC] No.45674494{4}[source]
Meanwhile Schrodinger's cat sleeps peacefully in their carrier.
59. AndrewStephens ◴[22 Oct 25 20:24 UTC] No.45674692{4}[source]
I completed my degree in computer science at age 22 - at that time Shor had just published his famous algorithm and the industry press was filled with articles on how quantum computing was just a few years away with just a few technical hurdles yet to be solved.

I turned 50 years old this year, forgive an old man a few chuckles.

60. ◴[22 Oct 25 20:26 UTC] No.45674722{3}[source]
61. ◴[22 Oct 25 20:29 UTC] No.45674758{4}[source]
62. chermi ◴[22 Oct 25 20:30 UTC] No.45674763{4}[source]
Hey, why are you bringing the kids into this! ;) "The majority of minors"
63. guywithahat ◴[22 Oct 25 20:51 UTC] No.45674981{4}[source]
I meant Scott Adams, the creator of Dilbert. The joke is just that they have similar names, and Adams does a lot of political/topical commentary in both his comics and podcast but isn't a good source since a lot of his work is comedy focused.

I am unaware of any comics Aaronson made and I don't blame him for anything he did make or was loosely associated with. It is incredible to the extend people are willing to go to claim people are crazy though, both in regards to Adams and Aaronson.

replies(1): >>45677478 #
64. bawolff ◴[23 Oct 25 00:36 UTC] No.45676894{7}[source]
I meant on a technical level you could insert the data into the network. Obviously if the system as a whole does not depend on TLS for security, then no amount of breaking TLS will impact it
65. bawolff ◴[23 Oct 25 00:41 UTC] No.45676928{9}[source]
> It seems like detecting a re-use like this should be reasonably easy, it would not look like normal traffic

I don't see why it wouldn't look like normal traffic.

> Somehow, I'm not all that scared. Perhaps I'm naive.. :}

We're talking about an attack that probably won't be practical for another 20 years , which already has counter measures that are in testing right now. Almost nobody should be worried about it.

66. cma ◴[23 Oct 25 02:21 UTC] No.45677478{5}[source]
Oh the similar names through me off just the same. It wasn't a comic he made but a recent event on his blog involving an antisemitic chatgpt illustration.
67. cubic_prism ◴[23 Oct 25 05:57 UTC] No.45678614{8}[source]
Note, the 126 billion Toffoli gates are operations, so that's more about how many operations you need to be able to reliably apply without error.

It should be noted that according to IonQ's roadmap, they're targeting 2030 for computers capable of that. That's only about 5 years sooner than when the government has said everyone has to move to post quantum.