Preparing for Q-Day

Podcast Archives - Software Engineering Daily46mJune 16, 2026
AI-Generated Summary

The threat of quantum computers breaking modern cryptography is no longer a distant theoretical concern—it's accelerating rapidly, with experts now projecting a 'Q-Day' as early as 2029. In this episode, Boss Vesterbond, a cryptography engineer at Cloudflare, explains how quantum computers could render today’s public-key encryption obsolete, enabling attackers to decrypt years of recorded encrypted traffic (the 'harvest now, decrypt later' threat) and forge trusted digital certificates. While symmetric cryptography like AES remains secure, the real danger lies in algorithms like RSA and elliptic curve cryptography, which quantum computers could crack using Shor’s algorithm. The solution lies in post-quantum cryptography—particularly lattice-based schemes like MLDSA—which are already being deployed in modern browsers. However, full migration requires upgrading not just software, but also hardware, certificates, and protocols across a vast ecosystem. The biggest challenges aren’t technical—they’re organizational: legacy systems, embedded devices with limited memory, and vendors who won’t update. Vesterbond warns that the real risk isn’t just the technology—it’s the 90% of systems that won’t be ready in time. The good news? Most software upgrades are straightforward if you start now. The bad news? The window to act is shrinking fast. The episode reveals a critical insight: quantum readiness isn’t about waiting for a breakthrough—it’s about proactive risk management.

Key Takeaways
1

Start upgrading cryptographic libraries today—even if you're not using post-quantum algorithms yet. The biggest effort is updating old software, not the cryptography itself.

2

Post-quantum cryptography is already being deployed in modern browsers, but full protection requires dual certificates (classical + post-quantum) on every server.

3

The biggest threat isn't active attacks—it's 'harvest now, decrypt later': attackers are recording encrypted traffic today to decrypt it when quantum computers arrive.

4

Lattice-based cryptography (like MLDSA) is the leading post-quantum solution, but it increases handshake size to ~15KB—potentially slowing performance on low-bandwidth connections.

5

Embedded devices are at risk not from computation speed, but from memory requirements: post-quantum signatures need ~5KB RAM vs. 200 bytes for elliptic curves.

…and 3 more takeaways available in PodZeus

Chapters
0:00
3 min

The Quantum Threat to Modern Cryptography

If a quantum computer is actually built, doesn't exist yet, but if it's actually built, that's big and powerful enough, then most of the cryptography falls away.

Highlight
2:30
3 min

Understanding Post-Quantum Cryptography

Vesterbond demystifies post-quantum cryptography, focusing on lattice-based systems like MLDSA. He explains how the mathematical difficulty of finding the shortest vector in a high-dimensional lattice forms the basis of security, unlike factoring or discrete logs.

5:50
4 min

The 'Harvest Now, Decrypt Later' Threat

People can record encrypted sessions today and if they're not protecting using post-quantum cryptography, cryptography designed to be secure against the attack of quantum computers, then they can be decrypted in the future.

Highlight
10:00
5 min

The Race to Deploy Post-Quantum Certificates

While post-quantum key exchange is already in use (65% of clients), post-quantum authentication remains unrolled. The rollout requires dual certificates and new protocols, with Chrome set to accept them in Q1 2027.

15:00
5 min

The 90-10 Rule: Easy vs. Hard Migrations

Most systems can upgrade with minimal effort—just updating libraries and installing dual certificates. But 10% of systems (legacy hardware, embedded devices, custom protocols) face major hurdles due to memory, vendor lock-in, or protocol rigidity.

High-Impact Quotes
So if a quantum computer is actually built, doesn't exist yet, but if it's actually built, that's big and powerful enough, then most of the cryptography falls away.
Boss Vesterbond4:59
So if I'm hearing you correctly, they got a 20x improvement of mapping from physical qubits to logical qubits.
Kevin Ball37:27
I mean, probably the biggest part of the work will be just the usual things. Updating that library that's been using that library from 2011.
Boss Vesterbond45:09
Speakers

Host

Kevin Ball

Guest

Boss Vesterbond
Topics Discussed
post-quantum cryptography95%quantum computing threats90%harvest now decrypt later88%lattice-based cryptography85%q-day timeline83%post-quantum certificates80%embedded device security75%protocol ossification70%
People & Brands

Boss Vesterbond

person

15xNeutral

Kevin Ball

person

12xNeutral

Cloudflare

organization

8xPositive

Google

organization

6xNeutral

MLDSA

product

5xPositive

Shor's algorithm

other

4xNeutral

Tiger Data

organization

2xPositive

Fidelity

organization

2xPositive

Estuary

organization

1xPositive

Start discovering podcast insights today

Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.

No credit card required • 7-day trial • Cancel anytime