Comment by Tyyps
7 hours ago
There is no clear evidence that the risk of "a practical post quantum computer would arrive in the next 5 years" is greater than "post quantum scheme X is broken" for any scheme X. The only way to go is hybridation and it is quite hard from an engineering point apparently.
There is evidence of the opposite: graph singular isogeny mumbo jumbo algorithm was proven to be easily broken on an ordinary computer.
Hybrid encryption is as simple as running one encryption and then the other. Problem is mostly that post quantum keys are large.
Am I missing something fundamental here?
If Algo-A and Algo-B both rely on "factoring big numbers is hard!" then once the Quantumpocalypse occurs, breaking Algo-B(Algo-A(plaintext)) is no harder than asking ChatGPT 99.5 to add an extra step in your vibe coded cracking engine's frontend, such that it now does B_breaker < cyphertext | A_breaker >> plaintext.lol or whatever the equivalent is for the fashionable language of the that future day.
He was saying hybrid encryption as in use both a well established classical "factoring big numbers is hard!" algo and also a fancy new post quantum cryptography algo. That way if it turns out the fancy new algo can be broken by non-quantum computers at least you aren't in a worse position than you were in before because you are still protected by the well established classical algo.
You have to break both algorithms. One of them is quantum-safe if it's secure, but it could also be completely insecure like supersingular isogeny was.