Preparing for Q-Day
Episode
46 min
Read time
2 min
Topics
Software Development, Product & Tech Trends, Crypto & Web3
AI-Generated Summary
Key Takeaways
- ✓Harvest-now-decrypt-later exposure: Over 65% of Cloudflare clients already use post-quantum key exchange (ML-KEM), protecting against adversaries recording encrypted TLS sessions today for future quantum decryption. Engineers running modern browsers get this protection automatically, but server-side certificate automation must be implemented now to cover the remaining gap before Q-Day arrives.
- ✓Post-quantum certificate deployment timeline: Chrome will begin accepting post-quantum certificate authorities in Q1 2027. Servers will need two simultaneous certificates — one classical RSA/ECC and one post-quantum — to maintain backward compatibility. Engineers should audit whether their application servers currently support multiple certificate slots, since many assume a single slot only.
- ✓Signature size performance impact: ML-DSA-44 post-quantum signatures measure 2.5 kilobytes versus 64 bytes for elliptic curve signatures. TLS handshakes typically send six signatures, adding roughly 15 kilobytes per connection. Since approximately half of QUIC connections transfer under 8 kilobytes total, engineers must audit latency-sensitive or bandwidth-constrained endpoints for degradation before enabling post-quantum authentication by default.
- ✓Quantum timeline compression: Required physical qubits to break RSA-2048 dropped from 200 million to roughly 1 million on superconducting hardware. A separate result using neutral-atom reconfigurable architectures shows P-256 elliptic curve keys crackable with only 10,000–20,000 physical qubits in approximately one month, making a 2030 cryptographically relevant quantum computer plausible rather than theoretical.
- ✓Migration prioritization framework: Rather than bottom-up key inventories, engineers should conduct top-down business continuity analysis — assuming a quantum computer exists today and mapping actual operational impact per system. Hard cases to surface immediately include JWT tokens in URLs, chunky HTTP headers, hardware-bound cryptography, bespoke protocols like WireGuard, and vendor dependencies with no clear upgrade roadmap.
What It Covers
Cloudflare cryptography engineer Bas Vesterbahn joins host Kevin Ball to explain how quantum computers threaten public key cryptography via Shor's algorithm, why Q-Day timelines have compressed dramatically toward 2029, and what concrete steps software engineers must take now to migrate systems to post-quantum standards.
Key Questions Answered
- •Harvest-now-decrypt-later exposure: Over 65% of Cloudflare clients already use post-quantum key exchange (ML-KEM), protecting against adversaries recording encrypted TLS sessions today for future quantum decryption. Engineers running modern browsers get this protection automatically, but server-side certificate automation must be implemented now to cover the remaining gap before Q-Day arrives.
- •Post-quantum certificate deployment timeline: Chrome will begin accepting post-quantum certificate authorities in Q1 2027. Servers will need two simultaneous certificates — one classical RSA/ECC and one post-quantum — to maintain backward compatibility. Engineers should audit whether their application servers currently support multiple certificate slots, since many assume a single slot only.
- •Signature size performance impact: ML-DSA-44 post-quantum signatures measure 2.5 kilobytes versus 64 bytes for elliptic curve signatures. TLS handshakes typically send six signatures, adding roughly 15 kilobytes per connection. Since approximately half of QUIC connections transfer under 8 kilobytes total, engineers must audit latency-sensitive or bandwidth-constrained endpoints for degradation before enabling post-quantum authentication by default.
- •Quantum timeline compression: Required physical qubits to break RSA-2048 dropped from 200 million to roughly 1 million on superconducting hardware. A separate result using neutral-atom reconfigurable architectures shows P-256 elliptic curve keys crackable with only 10,000–20,000 physical qubits in approximately one month, making a 2030 cryptographically relevant quantum computer plausible rather than theoretical.
- •Migration prioritization framework: Rather than bottom-up key inventories, engineers should conduct top-down business continuity analysis — assuming a quantum computer exists today and mapping actual operational impact per system. Hard cases to surface immediately include JWT tokens in URLs, chunky HTTP headers, hardware-bound cryptography, bespoke protocols like WireGuard, and vendor dependencies with no clear upgrade roadmap.
Notable Moment
Vesterbahn reveals that Google published a zero-knowledge proof confirming they discovered a more efficient elliptic curve attack algorithm — without releasing the algorithm itself. This signals the cryptographic community that the threat is real and accelerating, while deliberately withholding details that adversaries could exploit.
You just read a 3-minute summary of a 43-minute episode.
Get Software Engineering Daily summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from Software Engineering Daily
Developing Multiplayer Games in Godot
Jun 11 · 46 min
Pod Save America
What Will Democratic Governance Look Like? + Lina Khan (Crooked Con)
Nov 23
More from Software Engineering Daily
SED News: Apple’s AI Problem, The Real Business Model of AI, and Token Cost Reckoning
Jun 9 · 48 min
Eye on AI
AI Is Already Resolving 90% of Customer Service Tickets - and It's Getting Smarter | Shashi Upadhyay, Zendesk
Jun 12
Books, tools, and gear mentioned in this episode
SignalCast may earn commission on purchases via these links. As an Amazon Associate, SignalCast earns from qualifying purchases.
Tools
“Over 65% of Cloudflare clients already use post-quantum key exchange (ML-KEM), protecting against adversaries recording encrypted TLS sessions today for future quantum decryption.”
“ML-DSA-44 post-quantum signatures measure 2.5 kilobytes versus 64 bytes for elliptic curve signatures.”
“Hard cases to surface immediately include JWT tokens in URLs, chunky HTTP headers, hardware-bound cryptography, bespoke protocols like WireGuard, and vendor dependencies with no clear upgrade roadmap.”
More from Software Engineering Daily
We summarize every new episode. Want them in your inbox?
Developing Multiplayer Games in Godot
SED News: Apple’s AI Problem, The Real Business Model of AI, and Token Cost Reckoning
Web Native Game Development
The Hardware Bottleneck AI Can’t Fix
Autonomous Drone Delivery at Scale
Similar Episodes
Related episodes from other podcasts
Pod Save America
Nov 23
What Will Democratic Governance Look Like? + Lina Khan (Crooked Con)
Eye on AI
Jun 12
AI Is Already Resolving 90% of Customer Service Tickets - and It's Getting Smarter | Shashi Upadhyay, Zendesk
Up First (NPR)
Jun 7
How America is shaping the World Cup
Hard Fork
Jun 5
Hot I.P.O Summer + What Is A.I. Doing to Math? + HatGPT
All-In with Chamath, Jason, Sacks & Friedberg
Jun 3
Bill Ackman: Investment Strategy, What the Market is Missing, How AI Breaks Businesses
Explore Related Topics
This podcast is featured in Best Cybersecurity Podcasts (2026) — ranked and reviewed with AI summaries.
Read this week's Software Engineering Podcast Insights — cross-podcast analysis updated weekly.
You're clearly into Software Engineering Daily.
Every Monday, we deliver AI summaries of the latest episodes from Software Engineering Daily and 192+ other podcasts. Free for up to 3 shows.
Start My Monday DigestNo credit card · Unsubscribe anytime