qbit404
Field notes from the post-quantum frontier. Tooling, exploits and defenses for the era of Shor.
- ML-KEM-768 negotiated on 38.4% of edge TLS
- 2 zero-days triaged today by AI hunter
- Scanner catalog: 1287 signatures
- Last drift: secp256k1 estimator updated
LATEST STUDIES
Inside the NIST PQC suite: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)
Four years after the round-3 finalists were named, the standards are signed. Here is what each one does, what parameter set to pick at each security level, and the smallest-possible call into each one from Python and TypeScript.
Q-day: how analysts are pinning the window between 2029 and 2034
The intelligence forecasts converge on a five-year window. We line up six published estimates side by side, show what each one assumes, and ship a Mosca-theorem calculator so you can derive your own shelf-life-aware migration deadline.
Grover bites AES: why 128 is dead and 256 is your new baseline
Grover's algorithm gives a quadratic speed-up on brute-force key search. AES-128 drops to ~64-bit effective security. AES-256 stays at ~128-bit. The fix is one config line — but every place stores cipher state, you need to find.
RSA-2048 falls: the 20M noisy-qubit estimate, redrawn
Gidney & Ekerå said ~20 million noisy qubits and ~8 hours. Three years of error-correction progress later, the number is moving — but not the conclusion. Where the 2026 resource estimates land.
Shor's Algorithm vs Bitcoin: anatomy of a key-derivation kill chain
How Shor's period-finding routine breaks ECDSA over secp256k1, what that means for exposed Bitcoin UTXOs, and what migration to a post-quantum signature scheme actually looks like at protocol level.
The quantum hacker's playbook: what breaks first when Q-day comes
A red-team map of which production systems fall to Shor and Grover, in what order, and what an attacker actually has to do to weaponize a fault-tolerant machine. Inventory and prioritized defenses included.
Post-quantum cryptography in production: Next.js, Python and PHP, the working code
Which PQC primitives to actually deploy in 2026, why hybrid is the only honest choice today, and copy-pasteable implementations of ML-KEM and ML-DSA across three stacks. With benchmarks and migration notes.
OPERATIONAL TOOLS
Built for blue teams that already know the wave is coming.
PQC Toolkit
Drop-in post-quantum cryptography across Next.js, Python and PHP. Functional code, downloadable.
Vuln Scanner
Catalog of known and exploitable holes. Pipe a target, get a hit-list. Manual included.
Zero-Day Hunter
AI-assisted code review for previously unseen weaknesses. Paste, scan, triage.