Overall, most of us don't need to figure out when Q-day will strike. Studying the timing of quantum attacks is important for our understanding, but I think we can agree it's less relevant to building systems today.
Post-quantum cryptography is an immediate work item & product requirement.
This wide alignment will sweep along every nation trading with these two major blocs.
Two points:
1. 2030 marks the end, not the start, of this shift in crucial institutions,
2. given long upgrade cycles, I don't see an executive affording to choose a vendor that's not quantum-ready after 2026,
European milestones:
* 2026: National PQC transition roadmaps adopted.
* 2030: Critical infrastructure (finance, energy, health, defense) adopts quantum-resistant standards.
* 2035: Full EU systems transition.
Alongside DORA & NIS2 mandating "state-of-the-art" cryptography & future-proof upgrades.
On the old continent, the European Commission published a Recommendation in 2024 and a Coordinated Implementation Roadmap in 2025.
eur-lex.europa.eu/eli/reco/20...
digital-strategy.ec.europa.eu/en/library/...
The UK's NCSC is aligned with this, and the US & UK alignment carries other "5-eyes" countries with them (Canada, Australia, NZ), with high-priority migrations targeted by end-2031, and *full transition by 2030* for Australia:
www.cyber.gov.au/business-go...
As most know, NIST is phasing out quantum-vulnerable cryptographic algorithms, deprecating by 2030 and disallowing by 2035. As most miss, new National Security systems must comply with CNSA 2.0 by Jan 1, 2027. More info: media.defense.gov/2022/Sep/07...
I think we need a different approach, particularly with institutions like banks, energy companies, and government admin. These organizations avoid keeping cryptographers on staff and don't opine on cryptography, instead following cryptographic standards and recommendations.
I don't know who is right, but in 2025, it often doesn't matter. At least not when building something new.
Yet others, like Scott Aaronson, think the quantum threat is much more proximate. scottaaronson.blog/?p=9325
Other experts think that the NIST timeline β placing the threat 5 years from now β is appropriate.
bfswa.substack.com/p/when-will...
Some experts think the quantum threat is not as proximate as folks hype it to be, and that the development of quantum computers is pretty much on pace, which would make its era of cryptographic relevance 15 years from now.
unchainedcrypto.com/the-choppin...
There's much talk about Q-day, the future date when quantum computers become powerful enough to break some of todayβs public-key cryptographyβspecifically RSA & elliptic-curve schemes.
We do have good quantum-resistant cryptography, but when should we invest the work needed to switch?
In 2025, someone arguing you need FHE operating on global shared state to do good private DeFi is probably selling you something. arxiv.org/abs/2103.01193 academic.oup.com/qje/article...
The same discretization that hides individual trades also yields fairer pricing and eliminates latency and information-asymmetry rents ... an insight published 5 years earlier than Angeris et al. by authors less than enthusiastic about blockchains.
Redesigning the CFMM to batch is challenging but allows both privacy via ZK-proofs _and_ provides better market design: by removing continuous shared state, you make privacy and efficiency coincide.
One thing to recall from @hdevalence.bsky.social 's work: @lmao.bsky.social, @pinged.bsky.social & @alexhevans.bsky.social showed that just encrypting a continuously updated CFMM (e.g. via FHE) fails to provide real privacy, since the very structure of a live, convex invariant leaks information.
@sashamtl.bsky.socialβ¬ βͺand @gaelvaroquaux.bsky.socialβ¬ presenting arxiV:2409.14160 at ACM Facct 2025
At ACM #Facct2025, learning that LLMs face diminishing returns & comparatively worse task-specific performance when fixating on a larger scale. arxiv.org/abs/2409.14160 (paper by βͺ@sashamtl.bsky.socialβ¬
βͺ@gaelvaroquaux.bsky.socialβ¬ & βͺ@meredithmeredith.bsky.socialβ¬)
I aimed to convey my enthusiasm for this progress from a practitioner's perspective ... and suggested a few additional directions worth exploring. You can find the recording and slides here: www.garillot.net/talks/2025-...
But in 2025, there's so much more: thanks to the hard work of @alberto_sonnino, @akihidis, Andrey Chursin, Arun Koshy, Mingwei Tian, and others, the Mysticeti implementation in the Sui repo is now modular, structured, and user-friendly, perfect for various projects.
I spoke at @protocol_berg on Modern Multi-Proposer Consensus. Consensus researchers know that algorithms like Mysticeti and Cordial Miners now elegantly blend HashGraph's virtual voting and @brynosaurus's Threshold Logical Clocks on a DAG. High throughput, low latency, the dream.
There's a clever yet obscure workaround used in Plonky3 (and other places) that allows you to use this method while preserving your spans, thanks to the magic of a drop-in "maybe-parallel" facade.
Find all the details (and a link to the code) in the note:
A potential issue with this method, which relies on spans, is that it becomes less useful when using Rayon, used to leverage parallelism in CPU-bound tasks.
Ever wonder exactly where your Rust code spends its time? I wrote a note on how to light up perf bottlenecks with Tokioβs tracing and the lightweight tracing-texray layer.
I might just have stumbled on the same functionality for Rust, and it was indeed quite simple to do! Have a look at github.com/huitseeker/l... : hopefully this is useful for someone!
Thanks @filippo.abyssdomain.expert for the inspiration and @simonwillison.net for the llm tool!
#rustlang #llm
My latest note explores this delicate balanceβbecause this ain't a simple area; and I think design is about choosing the right trade-offs for the user.
7/7
Hybrid architectures might offer a way forward, blending the parallel strengths of BCB with periodic consensus checkpoints or innovative fraud-proof mechanisms.
6/7
Another major hurdle: scalability of reads. Without consensus, clients must query multiple validators directly, risking bottlenecks. Is BCB's speed benefit eroded by its read-path complexity?
5/7
The challenge: BCB systems inherently limit expressivity and introduce complexity around state contention. Is full parallelism practical, or are consensus-backed approaches like Sui actually better aligned with real-world blockchain usage?
4/7
At its core, BCB leverages independent state shards to eliminate global coordination, promising linear complexity over traditional worst-case quadratic Byzantine consensus. Theoretically powerfulβbut does this parallelism come at a hidden cost?
3/7
