Re: State of Post Quantum Cryptography?

On a sunny day (Mon, 6 May 2024 15:53:18 +0200) it happened Jakob Bohm
<jb-usenet@wisemo.invalid> wrote in <v1ancg$2jieu$1@dont-email.me>:

On 2024-05-02 10:20, The Running Man wrote:

What is you guys take on PQC (Post Quantum Cryptography) algorithms? I know the NIST has held a contest and that there are
winners, but do you guys think they're safe to use?
 
I fear they may be broken in the future thereby destroying the security and privacy of millions of unsuspecting users. Current
cryptographic algorithms are known to be safe and will be for at least the coming decades. OTOH these new PQC ciphers hold the
promise of eternal confidentiality which current ciphers cannot guarantee.

>
If any bad actor has a quantum computer with just a few more Qubits
than the ones demonstrated in public, they can break most current public
key algorithms using known attack algorithms written a long time ago for
such (then hypothetical) computers.  They can also break symmetric
encryption at the same difficulty as if the key length was half as many
bits (thus AES 128 would be as weak as IDEA, AES 256 as weak as AES
128).
>

 
I myself am very much in doubt whether to use PQC or stick with known ciphers.
 

>
From what I read so far, the most promising PQC signature algorithm is
the Merkle scheme in RFC8554 and RFC8391, though a secure implementation
will take serious work.
>
Key exchange will be harder, though the DJB-sponsored proposal for a
"Classic McElice" variant may be solid.
>
Any PQC public key algorithm will need to be combined with double
strength symmetric algorithms.
>
Enjoy
>
Jakob

Experiment opens door for millions of qubits on one chip:
 https://www.sciencedaily.com/releases/2024/05/240506131552.htm
Summary:
 Researchers have achieved the first controllable interaction between two hole spin qubits in a conventional silicon transistor.
 The breakthrough opens up the possibility of integrating millions of these qubits on a single chip using mature manufacturing processes

?