BSidesSF 2026 - Is Q-Day Worse than Y2K? Strategies for Surviving the Quantum... (Sandip Dholakia)

Welcome to the uh first talk of uh the theater 2 speaking track. Yeah, please settle in. Please take a seat. There's a couple of seats at the front as well. If you're coming in, I think there's two or three up here. Uh I'd like to introduce our speaker today. Uh his name is Sep Dakia and the talk is on is Qday worse than Y2K strategies for surviving the quantum threats. If you have any questions during the talk uh there is a Q&A app called Slido. Uh there is a code besides SF2026. Once you do that, you hit theater 2 and then you're welcome to ask questions. Uh other than that, I will uh hand it to Sundep and um go for

it. Thank you. >> Hi Rishi, I appreciate the introduction. Thank you. Uh I know it was very short because there's not much to talk about me. But uh to start with, you know, I always had a dream to go on big big screen one day. So I guess this is uh this is the closest I can achieve my dream too right on big screen. Uh before I start I do have one uh small disclaimer and it is about my speech. I have a speech impairment so I stutter I choke. I'm difficult to understand at time with my accent it makes it worse. But I will try to make it as slow as I can. And if you

still don't understand understand uh please feel free to ask me after the talk that's fine. Um after all this if you still don't understand anything it's on you. I warned you. So my so before I start right let's take a quick pulse. How many of you know about quantum mechanics and quantum computers? Show off your hands. Okay, very few. Okay, let's let's increase our odds, right? How many of you know about encrypts and cryptography in general? Uh, I have some more hands up. Let's let's increase our odds even more, right? How many of you know about Monik Galavanski? Good. Okay. So, you are all with me, right? Okay. But, you know, jokes apart, in reality, we are here, we are here to

answer, is Qday really worse than Y2K? And if it is, then what we can do about it, right? That's what our um plan is in next 30 40 minutes to achieve. Uh before I say all that right you may think that why would you trust me right an old Indian guy with accents and stuttering. So here is uh what I have to say. I have been in the industry for almost 25 years. I have written a book on cryptography. I have a patent on cryptography. I chair SAP's uh innovation hub for cryptography. So I've been around long time and right now we are actively actually planning uh planning uh we are planning to implement the crypto agility.

Uh so hopefully I will have some info for you in next half an hour which will be helpful to you. So we have a theme and I to to stick to the theme instead of agenda. I I thought it would be good to a playlist and we will start with uh some short introduction because I saw very few hands go going up about the quantum computing or quantum physics and then we will define the problem right dissonance like what exactly is the issue and then we'll proposed how we can fix it and obviously at the end we will have a finale meaning uh what we learned in this 30 minutes and u open mic right if

you have anything to ask me so let's at cranking right uh so what is Qday right so essentially Q day is a day or a time right when we have enough cqits uh enough noise free efficient cubits that can break our encryption in an reasonable time like it is very important to say reasonable time because right now we want we can factor 128 bit RSA in like 6 months right so that's not really helpful so we want to have it in a reasonable time a hacker can collect the data in reasonable time right so how many cubits we need and when we will when we have that that's our Q day um now when when it will hop sorry so when

it will happen it will we don't really know right but people always say especially especially people in academia and you know startup and everybody they say 5 to 10 years every 5 years they say 5 to 10 years because if with the starting they say oh is 45 years away they won't get investment right? They won't get funding. So every 5 years they extend by 5 to 10 years. But right now like we will talk in next few minutes. It looks like next 5 to 10 years is probably the time like early 30s uh we could have it. So why 2K versus Qday right? Uh so we know right the January 1st 00 we knew

the date. We knew what the impact was right. If you don't change the code, it would set the date to uh 1 1900 0 and all that. And the price tag they put at that time was very huge like 300 billion. The problem that we have right now, right, we don't know any of these three factors because we don't know uh when it will happen for sure. We we our best estimate right now is only early 2030s as I said. uh we don't know how many applications we have which runs uh uh PKI or um PKI encryption or or uh asymmetric encryption right because uh according to an estimate that I read once uh they have like they actually

said like 60 billion applications right now around the world run uh asymmetric encryption now out of that we don't know how many of those really encrypting uh my text to my wife and how many are encrypting PII for people right so we don't know what how how bad the impact would be if there's all 60 billion was cracked and we don't even know how long it would take to fix all this so we can't really estimate the cost so there is no price tag right now uh there is approximately date that we know but we still want to make sure in next half an hour that we know how to fix it if that happens right or when that happens.

So I know uh only three four people said they know about the quantum physics and it's very difficult to explain in 30 minutes because it's like a fouryear degree right the quantum physics but uh if you have to learn one or two things out of that which we can use in next uh 30 minutes. These are two terms right one is superposition one is superposition uh and other is entanglement. Now the term superposition means that electron atom or photon they can be in two state at the same time. So if electron spins up it can also spins down at the same time or like photons travels vertically it can also travel horizontally at the same time. Now I will not say all these

three all the time. We'll for simplicity we'll just stick to electron. Right? So for example if electron spins up if we define that as digital one and elect electron spinning down we define that at digital digital zero then electron can be at the same time in state one and zero at the same time and that is called superposition. Now this can happen only only at the subatomic level or in Detroit right I'm from Detroit in Detroit we talk in terms of automotive language right so we say under the hood so this actually happens under the hood so we don't see it right in physical world we can't see one chair becoming two chair at the same time right if that

happens my wife would have two of me and one always doing the dishes at home you know so so so don't don't hope for that this is all happens at the subatomic level And uh so electrons can be in two state at the same time. The other property important that we need to know is entanglement. That essentially means that even the electrons are far apart. Uh one is here other is in as an example it would still be in sync. So when one spins up other automatically spins down if they are in entanglement. Now while electrons or like electrons atoms and photons all three but like I said we'll stick to electrons while electrons in

this this two state right the superp position and entanglement that time we want to have as long as we can and and that time is called coherence times so longer the time we have better the output but right now the issue we have is because of the EMI noise and other issues uh we can't maint maintain that time then that is why we don't have noise-free efficient cubits enough of that right to make a strong enough u PC with the quantum bits the cubits so coherence time is very important now as soon as we try to check the state it decor meaning electron would be staying will will come back to only one state either zero or one and all bets are off

at that point after that it would basically work as a traditional uh uh a digital PC right so our goal is to work uh extend the coherence time as much as we can now if you don't understand right so there was a basically oh and by the way I did not mention the first two diagrams are not mine they are from uh IBM research lab I think and oops sorry and and this diagram is from Wikipedia so there was a physicist ist named uh Irwin Schroinger in 1935 he said okay this is all very difficult to understand so he did a cat experiment he actually said that you put a bad food and a cat and if if if cat

should eat that food cat could die and he said close the box now while the box is closed say for an hour we keep the cat in the box with the food if cat stays in that box for an hour for us she is in both state dead and alive she may add the food uh and she died or she did not die and she didn't even eat the food. Either way uh she could be in either state for us at the same time and and while the box is closed we call it like corance time basically as soon as you open the box we know whether cat is in dead state or alive state and we

decor right that's the basically the gist of it and he actually uh used this as a thought experiment so if you love animals there's no cat harmed or anything you know animal were not harmed here so don't worry about Right. Uh so if you don't understand all this right you are not alone like our uh famous scientist uh who won uh the uh Nobel prize uh with openheimer right uh Richard Fineman he said uh he he he actually had a difficult time understanding this. So is our friend Einstein, right? He he he actually declared this is a spooky spooky event at a distant as a a distance. And our cat guy Sroer, he said he's very sorry

that he had anything to do with this. So you know all these great people they did not understand all this. So um if we don't understand that's okay. Uh you just need to get married. your wife will fix all the issues in quantum mechanics, you know, or or husband equal opportunity, right? Like see encryption encryption always, you know, since 1976, the first encryption paper was written, they did not have Bob and Joe. They had Bob and Alice, right? So we always believed since 1976 in equal opportunity. We always talked to Bob and Elise at the same time. No, no, no one gender. So I stick to that. your spouse. So I I as I said right the digital bit

right the one we use right now in the traditional computer it can be in the zero and one and the speed basically comes up from the how fast your CPU is right on the other hand uh our cubits are 3D they can be in zero and one like I said at the same time and the speed comes on uh having uh both state or multiple state at the same time if there are multiple cubits right so um like for QIT like for uh three three bit like say for example you have a three bit logical gate uh with traditional digital gate right so is 0000 0 to 11 one you have eight state but your traditional PC or

the gate could be in only one state out of eight while the cubits if you have three cubits it could like all hands on deck or again as we say in Detroit right uh like it firing on all cylinders. So it would it would uh use all state right at the same time. So is a basically multiply the power. uh so the efficiency or the output comes from uh doing work at the same time for multiple multiple states right that's where it gets the power not based on the how fast is your hardware how fast is your PC right that's not the goal here so people always misunderstand or slightly get confused they always think that is a a supercomput a quantum

computer and that's not really true because supercomput still works on our physical law. I mean the traditional uh digital gate and the speed comes from how fast your CPU is, your bus speed, your RAM, your throughput and all that. While cubits just brings the power the more cubits it two to n basically right and uh so it it it it basically brings the strength from the physical laws and not the uh the how how how better is your hardware. So uh what is at stake right? So we we we knew this right since 1994 uh Peter Sh from MIT he actually proposed this theory published a paper stating that if you have enough cubits we could factor

uh integer and that's what we use in RSA and uh ACC and all that right uh the the math that we use it's like 8th nth grade math right and we always hope that PCs will not be fast enough to crack that easy math problem because factorization is a eighth grade problem essentially but we use it until now and although Peter Sh warned us in 1994 we didn't really do anything right until now I mean it's not that we just try to do it now but it took time right for and we'll go into it why it took us so long uh but the point here is so we knew this 1994 so when when we have enough cubits

to to factor uh our encryption will be at risk that happened in 1994 and actually Richard Fineman right in 1981 he actually said that that you cannot build uh the quantum computer with the digital bits you have to have the cubits and it is where late 80s you know the uh people started trying to build the cubits and we are still trying to do it obviously but uh you know big giants at the time like IBM and Xerox and they actually started doing this and thanks to them that we are approaching that but uh so that happened in 81 and actually in 1972 uh Alexander Halego said that cubit holds exactly same amount of information

as the digital bit so there is no more information in cubits but like I said the they are more efficient because they can operate in multi or like two state at the same time so uh in and not too long after 1994 in 199 96 at Caltech. Love love love Grover he proposed another theory and he said if we have enough cubits we can uh increase the speed of unstructured data search by four times and obviously for Peter Shore and love Grover the intention was good right to help us doing the math and search very faster but hackers took their own advantage out of this and and it is when uh we got into trouble here

so like I mean We already briefly touch upon all these but uh so this ECC defilment RSA the factorization all these are at risk right now and uh there is uh we have a way out of this uh but we have we have to implement this and that's what the next time next few minutes we are going to talk about so what exactly the risk like if you see these three like RSA uh defilment and and uh ECC they are technically broken. So when I say broken we don't know for sure but on paper according to Peter Shaw the theory that he published in 94 if we can successfully implement that yes they are broken but obviously we don't have

enough cubits to implement that yet but if we if if not if but when that should happen uh we we should use n uh n recommended pqc uh primitives to implement this uh the other two are like shaw and ees PS are obviously uh at the symmetric. So according to low Grover this uh it will be weakened but they are not broken right. So if you increase the key size we should be technically okay. And the last three are Andrew, Meliss and uh the latest based are again when I say not used and not broken meaning they're not widespread used like AES and RSA because they're newer and people haven't implemented that as many uh but

they are used uh at like you know labs and things like that to try out and uh basically on the experimental phases and when I say it's not broken again we don't know because we don't have enough cubits to test it out but as of Now on paper it seems they are rock solid. So what is at stake right? So obviously people ask right we don't have cubits right enough cubits. So why why really is the problem and that's fair enough right? If if like we don't have cubits for next 10 years so why worry in 2026 right let me enjoy my life. uh but the thing is uh I there is an attack called

uh basically collect the data now decrypt it later right and that's what people are uh scared about because if they encrypt my text uh like iMessage are always encrypted for example and if they collect that data and store in the basement for 10 years and then they decrypt when they have enough cubits we don't care obviously right I mean it's okay if they take mics but when you're applying for a bank loan and it has your information like uh your bank account number, card number, address, we still don't care because your address could change. Your card will expire in 5 years so it will change right all these we can live with. But the problem we have is

what we call is long shelf life data and things like your date of birth, your SSN, your mother's maiden name. you fill out in your bank application right now. Somebody would track it down, hack it, store the data and save it in the big hard drive in their basement. And then 5 years later or 10 years later when they have enough cubits, they order it from amazon.com and decrypt it and apply a bank loan on your name for 1 million and you then pay the installment, right? That's the worry uh we have, right? That people could start doing this. And according to this blog from Mike Maglin, uh he actually says this and I don't know how he knows

about uh this information but in the blog he says that China is actively trying to collect information around around the world from as a part of their espionage and uh they will decrypt as soon as they have enough cubits and according to one report by FBI they were on target to do that by 2040 but because of the AI boom came in in 2022. Their attention or their focus right now is on AI and it got delayed to 2049. Now I don't know how these dates they know but somehow they published these dates and that's what the blog says. So if you are more interested please uh refer to this blog by Mike Mlan. So how real is the threat right? I mean

we don't have to read every line here but if you just focus on the green uh uh green headings or green um fonts right uh like to break 256 bit ECC uh you need 317 million cubits to break it in in an hour which is huge and 370 million noisefree efficient cubits we will take it will take a long time for us to go there right if you make the that reasonable 12 time longer to one week we still need like you know 13 million cubits that's lot uh so but this was in August of 2023 according to forms again I have a link here if you are interested in the article uh this is like two and a half

years ago uh but in May of 2025 right uh Google like Craig Gney he said okay I can do it in one week with noisy 1 million cubit so the Point I'm trying to make here is that although it looks too far, we are making steady progress in the direction that we will have it in next 5 to 10 years. Uh enough cubits to break encryption at at least at some level if not all. Uh this is a graph from Brian. So he was Brian actually was a chief cryptographer for Windows implementation from 1990s to 2010 or 11 and he actually shared this graph with me and according to him right uh the MD5 they had 50 different

implementations of MD5 in in basically from Windows 3 all the way to Windows 10 or whichever he had at the time. Um like this is not just uh true for encryption right this is true for every security control but that over time security control weakens and we have to replace it it happens right like web app whe is IM or login okay we can't use like 8 8 digit long password anymore we have to make it to MFA we have to keep upgrading right our security controls that happens in in like every aspect but the problem with cryptography is once it's cracked it takes long time to replace it. Like MD5 first attacked was on 2004.

Uh it's it it was still in use until 2015. SHA 1 was cracked in 2005 and it's still you know right now it's not going down to zero. is still hanging out there and uh the same same way for RSA right so the the the problem the cryptography faces basically it once it's weakened the cryptography algorithm or primitive or it's cracked we take long time to replace it and and and there are reason for this right it's not that we don't want to well that sometimes we don't want to but for for the most part there are technical and practical reasons uh that uh it takes time. Oops. There you go. So, one of uh the the

first one is backward compatibility, right? There is one of the major ones, right? We I mean we we meaning some major tech companies always try to acquire, right? uh small companies or they work with many third party vendors and if that the acquired company or the vendors are not on the latest uh protocol or or they don't use like SHA 2 or SHA 3 and they're still on SHA one then we are stuck there right because we we can't uh use this as a backward compatible uh fashion so that is one of the major issues other one is uh uh a lack of regular upgrade right people always ignore more that oh my god I have

to upgrade the key size. So uh upgrading key size is not a difficult task right the issue comes because it would slow down their application and to avoid that they have to do whole lot other things because it's not just upgrading key size at that point because every time uh someone try to encrypt or decrypt or try to send the data or or like trying try to access your data from the database and you have to go through these longer key size it would ac micro milliseconds or microsconds and it feels lot right when you do all the time like if you are trying to search on Google and if it keeps delaying by few

hundred millisecond every time at the end of the day people is not people are not going to like it and like that's why they said okay it has overhead it delays and people said okay I will not upgrade unless I have to and that once you put it off you are basically running a risk of weaker protocol or primitive for a longer time. So other one is uh uh down downstream compatibility uh and uh oh sorry the backward compatibility the other one was downstream sorry I can't read here because of the lights but you you still got the point right the backward uh backward compatibility is basically uh SHA 2 and SHA one is the prime

example right we actually upgraded to SHA 2 because SHA one was crack in '05 but SHA 2 can't work with SHA 1. So if I'm talking to an application which is on SHA one, I'm forced to stay on SHA one until uh we can upgrade to uh other application upgrades to uh SHA 2. So that's another issue. the resource availability we briefly talked about it but when we try to increase the key size or change anything right uh it would slow down the application and to make it fast you have to have like latest CPU hardware and all that good stuff right and if you don't have it it's going to slow down the experience of people how they use it and

they don't want to do that so uh that I mean this is not as bad a problem because now people are on the cloud so it's easy to upgrade the upgrade the infrastructure but if you're are running on prem or having your own um basically hardware and you don't upgrade it with time uh it does take time right and uh yeah embedded like I said we we actually started this journey in 1976 and from early 1990s we have been implementing this and at that time we didn't realize right how significant this will be eventually and people uh just put down the key size right down right in the code at the basically hardcoded and now

like I gave this MD5 example in Windows right what they did in Windows 3 was haunting them for Windows 8 or Windows 10 the same thing right once you embed everything in there it stays there forever like hard bleed right that we all know probably that was first discovered in 2012 and after 8 years we still had 200 150,000 implementation and that that we know of right there are like so many probably people don't disclose or they don't know. So these are the issues why we take so long right uh to upgrading and it is why we have to be wake up now if you want to be ready in next 5 to 10 years to go to PQC. So

this is basically uh I just scared you so far. Now I'll tell you okay don't scare we have a way don't be scared we have a way out of this the cryptographic agility right so just that you all know right the agility is not new to software industry but for some reason cryptography was left out as an orphan so this is not new obviously and uh the steps I'm trying to describe here they're also not new I just put it in the cycle form and call it calc but the idea is still the same that we have to have the vigilance We have to plan ahead keep our eyes and ears open uh about what's going to happen when

Qday will going to come and all that. Once we know and we we approve the implementation the first step should be the inventory right as I said we have like 60 billion applications around the world running this but we need to know how many of these are really uh having like encrypting PII and other important data. So it is why there's a big push right now to create the C bomb right the cryptography bomb. So if you have a C bomb right if you start with C bomb it would give you very good idea about what content you have how many MD5 you are running or shawan or TLS 1.0 0 or whatever right what are the older

primitives are there in your application your systems that's where you get the uh clear picture once you have that obviously you want to uh basically uh uh once you have that you want to put them in proper bucket you want to label them that okay out of this 100 data that we found 25 are pir are uh another 30 are very high-risisk data which includes my employees uh data or my customers data my IPs whatn not right and another data is uh not that critical data so you want to label them create different buckets and all that then you want to figure out right how you want to encrypt do you still want to stay with ECC or

you want to go PQC or you want to use both right and we'll talk about that right so so Then then then you want to figure out your strategy that how you want to protect the data you that you discover. Um once you all have all that you want to create the road map that PII I want to encrypt and and have it done with say next 6 months other important data 6 months after that and everything else I could do it in next two years or whatever the time frame your business risk can support. Right? These are obviously examples but you get the point. Once you have this uh we get to the implementation and then

we test right uh testing obviously in Detroit we call it we kick the tires so we we do the testing and again you start the cycle and you keep doing this so we don't end up in the situation where we are now that it takes 30 years to improve to to implement shavan to su right so benefits. Uh how are we doing in time? We have time, right? Oh, we have 10 minutes. Okay. So, benefits. Uh we have lots of benefits and you know all these right? I mean you're all probably software expert. So I don't don't have to spend much time here. Uh but obviously when I started right in 1998 like what we used to call like

spaghetti code and we don't do anymore right hopefully and and with this agility steps right we will have very nicely well definfined software. We can easily swap anything if we need to. Um we can also have the key length and key size in everything as a config variable instead of hardcoded and we don't need to compile again when we change those. Uh the another prime important benefit is like there is no vendor locking lock in if you are going to use third party software or a uh tool. uh and obviously PCIDSS and HIPPA and uh Dora and everybody's very high on okay please move up to the latest uh protocol SH three they are pushing for now right

and so we want to uh be with them right we want to be compliant and this agility would obviously help very quickly uh obviously we don't have to guess anything like Windows right how many MD5 implementations we have and uh well ultimately the benefit and the goal here is to improve the security or the resiliency of the system right so we could do that with this so these are I I know I ran through very quickly but I'm sure you have a very good background on these ones on on these benefits uh but you know this one I wanted to talk a little bit so there are two ways we could protect our system or applications

in postquantum era era Right. One is uh with the quantum cryptography. Now uh the problem uh with quantum cryptography is it works on the physics uh quantum physics and they use photons that photon travels horizontal, vertical, diagonal and based on that they figure out what your key derivation is that is very strong rock solid. If if like anybody try to try to tap into your key uh the photon would got distorted. So you would know that somebody tried to hack it or or distorted it. So you can scrap the key immediately, right? Uh so it has some uh very good advantage but the problem like I said right is very hard to find the photons which can maintain

the core and state and uh I mean it's very hard to implement and and it's very expensive even if we can right now. The last that I read it was I think last fall uh I I read a paper that a lab in UK they actually uh did it uh this QED and they could extend it for one mile or 1 kilometer I guess uh without interrupting or without uh having any noise impact or anything. So it's very hard to implement it's very expensive so that's off the table for now next five years. So we have to stick to our math problems. So math problem this time at least we learned right that we can't use

high school math. So we have to so we have gone to like you know AP level math or a little bit higher math we use like vector algebra and uh codebased algebra and uh multiariate multi-equations right and we talk about it a little bit later but uh so uh this is very easy to implement this is math we can do it day in and day out and it's very cheap and all that uh the downside obviously if if like somebody is to hack it you won't know like RSA or ECC or Yes, right. If somebody can hack it, we won't know. And that still stays true here. But uh as I said, right, we don't even know how good

your PQC PQC will be. So one way to go is to use both at the same time PQC with our traditional ECC or RSA. So if at all PQC does not hold up to the hype, we have our original uh encryption to fall back on. Right? So here are different ways to implement uh both at the same time. And obviously I'm not going to read the whole diagram, whole chart here, but there are four ways, right? Number one is you you could implement both at the same time, right? So PQC and the traditional one and uh then you can exor or concarnated the output and uh uh you can uh take the output uh the other one is like I said

right I uh you could uh use both as a wrapper on each other. So if one is to break uh other one hopefully will hold hold up because it's underneath the layer right basically is a wrapper. The PQC will work as a wrapper. So hopefully it won't be cracked but if it does then you you have ECC or RSC or whatever you use right now to strong it. Uh the the first one when you use both I didn't mention that uh the security is uh as good as the strongest link right out of the two. So if one of them holder holds up the X or output would hold up right and here also if one of them breaks the

other one would work hopefully the third one is again same as the other two basically there's nothing new but the the the the implementation is new so first and third are technically same but the implementation is third is they use KDF instead of XR so meaning the you take two keys differently and fit through KDF which is key uh key derivative key derivative framework uh and it will generate a combined key. Uh so so uh for someone to crack it they have to figure out both keys which went into KDF. Uh with all these three right actually all these four uh the problem is very large key sizes double key sizes so it slows down. So you will have to

improve your you know you're up your game in terms of like CPU and RAM and all that good stuff but uh uh they are they do improve uh uh your security against the hacking and the attacks right and the uh the fourth one the the digital signature oh I didn't realize you oh you do see it right here okay yeah these are the two two two basically signatures came is exactly same as number two, right? The wrapper. But uh this is used for DSA, a digital signature algorithm. And uh to uh to make sure that we have the proper signature, both signature has to be uh true otherwise we will reject the signature. So that's basically I mean

there are many other ways we could implement right. This is I'm not trying to say that this is it but these are the uh prime one or the low lowhanging fruits that people starts with right now that I see it. Um I mean okay yeah I think we're almost done. So there are four uh there are multiple actually ways but I'm going to talk about four major ones right now. So number one is the code base. Now code here doesn't mean the software code is like error error correcting code error correcting code and that takes basically uh add some random values to your key and so it will become difficult for hacker to figure out your key that's the

goal this is around since 1978 actually mis when he proposed he also ran for AES in 1998 but obviously n did not pick them up because of the large key size and it really slow uh they were in the race again for the niche in this 2018 for the P uh 2022 for the PQC uh and again they were not selected I think uh oh sorry so another one here the is the uh the lettuce based uh lettuce based and that is what is used or proposed right now by n and that basically work on the vector algebra so we have a long vector and short vector long vector is your public key short vector is your p

private key if you know one you can't really figure or other that's what we are hoping right now with the enough cubits also you can do that and that's what uh NAT is after and it it can also work on FHE and uh it has also a large key size but is relatively efficient and very robust other two are I'll go quickly like hashbased we know this and that's not really for a asymmetric right that is mainly used for the symmetric and the signatures and all that while uh this one the multivariat is Again math problem uh we have like uh probably hundreds of uh long equations. Each equation has many unknowns and the goal is uh to find the

private key is to solve all the equations for all the unknowns. So it takes long time if somebody needs to do it with traditional PC or even enough cubits. But again it's a large key size um and it was not selected for NIST final four. So these are the final four by east and we can talk a lot about this but I know we have only few minutes left so we'll stop but uh the fifth two three four five were released in August 24 almost year and a half later and last March was released uh this uh another one that that was a backup to original KM the 203 because this was only the one algorithm

and they already recommended two for two for the signature based so they released another one for KM the key encryption. So what we know like I said right is we have to do it both otherwise people can take your data and store it. We have to plan ahead. We have to have the vision to implement the executives and leaders should support this initiative and obviously we have to implement the agility because we don't want to do it just one time right I mean we want to be ready if this happens again or we have to change the algorithm or what not so what do we have here takeaways is not if it's when is going to happen even

changing the key size takes a long time right so if you have to change uh the entire PQC from This is it would take long time uh and well it will slow down your application but there's no other harm right it will increase your security even right now if you implement it and the last one is the NIST right n actually says that you should start upgrading everything by 20 no later than 2030 and you should be on 100% PQC by 2035 so with that timeline unless they change it we have 10 years to go right Oh, I think I made it in time. Christian, thank you.