Root Causes 454: 2024 Lookback - Post quantum cryptography (PQC)
2024 was an eventful year for post quantum cryptography (PQC). This includes FIPS standards, the PQC onramp, and the dawn of widespread interest among IT professionals.
- Original Broadcast Date: January 6, 2025
Episode Transcript
Lightly edited for flow and brevity.
Tim Callan
All right, Jason, we are doing our 2024 lookbacks, and we want to talk – do an in depth look at post-quantum cryptography. It was a big year for PQC.
Jason Soroko
Huge. We finally got then some NIST standards.
Tim Callan
Got NIST standards. We've got three set of FIPS. 203, 204 and 205. For ML-KEM, ML-DSA and what the heck is the other one called. 205. Whatever that is. What we didn't get was we didn't get Falcon. Which we expected this year, and it didn't happen. But we did get the three main standards that we were expecting to use. We also saw the advent of the Onramp.
Jason Soroko
We had Dustin Moody. Dr. Dustin Moody on the podcast. He walked it right through. Check that podcast out.
Tim Callan
And the point of the Onramp was to push, bring in a bunch of non-Lattice-based opportunities into the set of PQC algorithms that we have, because the worry is, what if some unforeseen attack breaks Lattice. We need to have other places to go.
Jason Soroko
And the point of the Onramp was to push, bring in a bunch of non-Lattice-based opportunities into the set of PQC algorithms that we have, because the worry is, what if some unforeseen attack breaks Lattice. We need to have other places to go. Very important.
Tim Callan
Now we will point out, though, that there are Lattice-based contenders in the Onramp and when we asked him about that, he was like, they could submit whatever they wanted. That's what they submitted. And I was like, okay.
Jason Soroko
Look, Lattice, it’s good. It’s good math.
Tim Callan
And there certainly is possibly the opportunity to come up with something that's a nuanced change and so the big one, the Falcon, which was supposed to be ML6, there's a Lattice algorithm that's still in the Onramp candidates, called Hawk. And the idea is that it takes basically what's in Falcon, but it can do it better with more time to work on it. And so I have to wonder if part of the reason we haven't seen the Falcon FIP standard 06 is because it might be replaced by Hawk instead.
Jason Soroko
Could happen. Tim, 2024 for me was amazing because we now have post- quantum key exchanges going on in our pockets. Apple iMessage, the Signal protocol, and I think in 2025 you'll see even more but 2024 was the beginnings.
Tim Callan
Cloudflare, Chrome. All of this was 2024.
Jason Soroko
Bas Westerbaan had a phenomenal set of podcasts with us about the tremendous success he had in implementing that over at Cloudflare, and we had a little bit of a celebration together. That was 2024.
Tim Callan
So the Cloudflare was going Cloudflare to Cloudflare in 2023 but Cloudflare connecting to Chrome occurred in 2024. And that's when the doors really opened. That's where all of a sudden we had Bas on telling us that 20% of the connections, of the human connections on the internet were PQC.
Jason Soroko
And that's growing by the minute if you read his blog.
Tim Callan
It’s a stunning number, and obviously it's higher now. So, I mean, there was just, I think there was a lot of progress in both just the standardization of the math and the winning algorithms and the winning candidates, and also the productization of all of this.
And these things are essential. For PQC to really run, and this is one of the things we've talked a lot about a lot, but it's very important. For PQC to really run, like in reality in the real world, we need 10s of 1000s of pieces of software and hardware and services and systems and procedures to be updated. It's just the productization aspect of it is unprecedented. -
Jason Soroko
Correct. And we had Bruno come on and talk a bit about that as well. That would have happened in 2024. Tim, I think that what happened towards the later half of 2024 to me was one of the biggest. I mean in the analyst community, which we can't ignore, Gartner talking about 2029 being like, you got to be prepared. And then NIST dropped a draft which is still in draft until a certain point in January. Oh, my goodness, Tim, the declaration of the deprecation of RSA 2014.
Tim Callan
Depreciation in 2030. And mandatory discontinuance in 2025.
Jason Soroko
They did not wait for some panic moment. They drew the line in the sand that we all have to prepare for. Public, private - It doesn't matter. That, to me, is like that ended 2024 with the biggest bang possible.
Tim Callan
At a high level, when you look at all of these things, all these different aspects. And then I'll add the last one is, you want to talk about it really becoming a real media story, like the amount of discussion of post-quantum cryptography in 2024 is more than all previous years combined.
Jason Soroko
Yes. Not even close.
Jason Soroko
I think it's not going to slow down. It is now going to ramp up into a okay, we need to do what Bas told us. We need to do what Bruno told us, which is all shoulders to the wheel now and get prepared, because by the time we get to 2029/2030, Tim, we just did some very meaty podcasts, record length podcasts, and not the least of which was because the Willow chip just got dropped on us. The engineering of this is proving itself out. In other words, we are on our way to having quantum computers are capable.
Tim Callan
So we talked a lot just right now about progress post-quantum cryptography, but of course, there's very impressive progress with the quantum computers themselves.
Jason Soroko
Hats off to Google. Whoever was involved with that Willow project, you guys did some hard work.
Tim Callan
So, all of this just a banner year for PQC, but of course, I think next year is going to be bigger.
Jason Soroko
It is, and I think we're going to wait until 2025 to produce this podcast, but I had a personal PQC moment in 2024 which is, I got to actually use one of the big hyper scalers, and got to program not just a quantum computer, but also quantum simulators. And got to learn. And my mind just went completely orthogonal in terms of, this is a whole new way of thinking. At the age that I'm at, I never thought I'd have such a transformative set of thinking about how to compute.
Tim Callan
You teased me with this in our predictions episode, and I really can't wait to have this conversation. It's gonna be an interesting one.
Jason Soroko
And it began in 2024. So huge year.
Tim Callan
Huge year. I mean, probably no surprise, but huge year for quantum computers. We're gonna stay on this. Huge year for PQC and quantum, quantum, quantum.