Quantum threat intelligence

qbit404

Field notes from the post-quantum frontier. Tooling, exploits and defenses for the era of Shor.

Q-DAY COUNTDOWN
~T-1340d
Mosca: X + Y > Z, you have a problem.
LIVE FEED
  • ML-KEM-768 negotiated on 38.4% of edge TLS
  • 2 zero-days triaged today by AI hunter
  • Scanner catalog: 1287 signatures
  • Last drift: secp256k1 estimator updated
// studies

LATEST STUDIES

Full archive →
defense 2 min read
2026-06-02

Q-day: how analysts are pinning the window between 2029 and 2034

The intelligence forecasts converge on a five-year window. We line up six published estimates side by side, show what each one assumes, and ship a Mosca-theorem calculator so you can derive your own shelf-life-aware migration deadline.

by Idris Vega
Read article →
defense 2 min read
2026-06-02

Grover bites AES: why 128 is dead and 256 is your new baseline

Grover's algorithm gives a quadratic speed-up on brute-force key search. AES-128 drops to ~64-bit effective security. AES-256 stays at ~128-bit. The fix is one config line — but every place stores cipher state, you need to find.

by Riku Saari
Read article →
cryptanalysis 4 min read
2026-06-02

RSA-2048 falls: the 20M noisy-qubit estimate, redrawn

Gidney & Ekerå said ~20 million noisy qubits and ~8 hours. Three years of error-correction progress later, the number is moving — but not the conclusion. Where the 2026 resource estimates land.

by Mara Chen
Read article →
cryptanalysis 5 min read
2026-05-22

Shor's Algorithm vs Bitcoin: anatomy of a key-derivation kill chain

How Shor's period-finding routine breaks ECDSA over secp256k1, what that means for exposed Bitcoin UTXOs, and what migration to a post-quantum signature scheme actually looks like at protocol level.

by Riku Saari
Read article →
offense 5 min read
2026-05-15

The quantum hacker's playbook: what breaks first when Q-day comes

A red-team map of which production systems fall to Shor and Grover, in what order, and what an attacker actually has to do to weaponize a fault-tolerant machine. Inventory and prioritized defenses included.

by Mara Chen
Read article →
defense 5 min read
2026-05-08

Post-quantum cryptography in production: Next.js, Python and PHP, the working code

Which PQC primitives to actually deploy in 2026, why hybrid is the only honest choice today, and copy-pasteable implementations of ML-KEM and ML-DSA across three stacks. With benchmarks and migration notes.

by Idris Vega
Read article →
// arsenal

OPERATIONAL TOOLS

Built for blue teams that already know the wave is coming.