// archive

All studies

Technical reporting on the post-quantum frontier: cryptanalysis, defense, migration. No sponsors, no tracking.

defense 5 min read
01

Inside the NIST PQC suite: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)

Four years after the round-3 finalists were named, the standards are signed. Here is what each one does, what parameter set to pick at each security level, and the smallest-possible call into each one from Python and TypeScript.

by Mara Chen · ·#nist ·#fips ·#ml-kem
Read article →
defense 2 min read
02

Q-day: how analysts are pinning the window between 2029 and 2034

The intelligence forecasts converge on a five-year window. We line up six published estimates side by side, show what each one assumes, and ship a Mosca-theorem calculator so you can derive your own shelf-life-aware migration deadline.

by Idris Vega · ·#q-day ·#mosca ·#forecasting
Read article →
defense 2 min read
03

Grover bites AES: why 128 is dead and 256 is your new baseline

Grover's algorithm gives a quadratic speed-up on brute-force key search. AES-128 drops to ~64-bit effective security. AES-256 stays at ~128-bit. The fix is one config line — but every place stores cipher state, you need to find.

by Riku Saari · ·#grover ·#aes ·#symmetric
Read article →
cryptanalysis 4 min read
04

RSA-2048 falls: the 20M noisy-qubit estimate, redrawn

Gidney & Ekerå said ~20 million noisy qubits and ~8 hours. Three years of error-correction progress later, the number is moving — but not the conclusion. Where the 2026 resource estimates land.

by Mara Chen · ·#rsa ·#shor ·#resource-estimate
Read article →
cryptanalysis 5 min read
05

Shor's Algorithm vs Bitcoin: anatomy of a key-derivation kill chain

How Shor's period-finding routine breaks ECDSA over secp256k1, what that means for exposed Bitcoin UTXOs, and what migration to a post-quantum signature scheme actually looks like at protocol level.

by Riku Saari · ·#shor ·#bitcoin ·#ecdsa
Read article →
offense 5 min read
06

The quantum hacker's playbook: what breaks first when Q-day comes

A red-team map of which production systems fall to Shor and Grover, in what order, and what an attacker actually has to do to weaponize a fault-tolerant machine. Inventory and prioritized defenses included.

by Mara Chen · ·#quantum ·#redteam ·#ttp
Read article →
defense 5 min read
07

Post-quantum cryptography in production: Next.js, Python and PHP, the working code

Which PQC primitives to actually deploy in 2026, why hybrid is the only honest choice today, and copy-pasteable implementations of ML-KEM and ML-DSA across three stacks. With benchmarks and migration notes.

by Idris Vega · ·#pqc ·#kyber ·#dilithium
Read article →
// for crawlers

The full corpus is also available as Markdown or structured JSON.