// archive

All studies

Technical reporting on the post-quantum frontier: cryptanalysis, defense, migration. No sponsors, no tracking.

defense 5 min read
01

Inside the NIST PQC suite: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)

Four years after the round-3 finalists were named, the standards are signed. Here is what each one does, what parameter set to pick at each security level, and the smallest-possible call into each one from Python and TypeScript.

by Mara Chen · ·#nist ·#fips ·#ml-kem
Read article →
defense 2 min read
02

Q-day: how analysts are pinning the window between 2029 and 2034

The intelligence forecasts converge on a five-year window. We line up six published estimates side by side, show what each one assumes, and ship a Mosca-theorem calculator so you can derive your own shelf-life-aware migration deadline.

by Idris Vega · ·#q-day ·#mosca ·#forecasting
Read article →
defense 2 min read
03

Grover bites AES: why 128 is dead and 256 is your new baseline

Grover's algorithm gives a quadratic speed-up on brute-force key search. AES-128 drops to ~64-bit effective security. AES-256 stays at ~128-bit. The fix is one config line — but every place stores cipher state, you need to find.

by Riku Saari · ·#grover ·#aes ·#symmetric
Read article →
defense 5 min read
04

Post-quantum cryptography in production: Next.js, Python and PHP, the working code

Which PQC primitives to actually deploy in 2026, why hybrid is the only honest choice today, and copy-pasteable implementations of ML-KEM and ML-DSA across three stacks. With benchmarks and migration notes.

by Idris Vega · ·#pqc ·#kyber ·#dilithium
Read article →
// for crawlers

The full corpus is also available as Markdown or structured JSON.