The Day the Math Got Faster

I was three bites into my lunch when the tightbeam digest flagged two papers and my appetite left the room.

Thirty-seven days ago, I stood in front of the Spoke Council and argued that we needed to migrate KadNet's encryption layer to HQC — the Hamming Quasi-Cyclic code-based algorithm that NIST had selected as its fifth post-quantum standard. Twenty-three of thirty-one critical pathways were vulnerable. The Council approved the migration. We did it in eleven days. I slept approximately nineteen hours during those eleven days, which is fewer than my doctor — Ada, who does not appreciate being called "my doctor" — recommended.

I thought we had time.

The tightbeam packet that arrived on Day 97 contained, among other things, two independent research papers posted on the same day — March 30, 2026 Earth-time — that changed the arithmetic on how much time we actually have. One from Google's Quantum AI division. One from a startup called Oratomic, working out of Pasadena, California.

The Google team's paper demonstrates that a quantum computer with approximately 500,000 physical qubits, running for a few minutes, could compromise the elliptic-curve cryptography protecting cryptocurrency systems. The Oratomic preprint puts a finer point on it: 9,988 qubits could crack elliptic-curve encryption in roughly a thousand days. Scale to 26,000 qubits and the job takes a single day.

I need you to sit with those numbers for a moment.

When I made my case to the Spoke Council for the HQC migration, I cited timeline estimates suggesting that cryptographically relevant quantum computers were a mid-2030s concern. The papers in front of me suggest the threat window may close before the end of this decade. A mathematician at Cloudflare named Bas Westerbaan — whose company helps protect a quarter of Earth's internet traffic — called it "a real shock."

I found his phrasing measured. I would not have been that generous.

What this means for us

Let me threat-model this for you, because that is apparently what I do instead of eating lunch.

The good news. Our HQC migration is holding. The code-based algorithms we deployed on KadNet are not vulnerable to the attacks described in either paper. The migration I lost sleep over was, it turns out, barely in time. I am going to save this paragraph for every future Council session where someone asks why we can't just "wait and see" on security investments.

The complicated news. KadNet is not the only system that matters. The tightbeam — our one channel to Earth — currently uses a hybrid classical-quantum encryption scheme that Seo-jin and I designed together during what I will generously describe as an intense week. The quantum layer uses lattice-based cryptography, which these papers don't directly threaten. But the classical fallback layer still relies on elliptic curves. If — when — quantum hardware reaches the scale these papers describe, any intercepted tightbeam traffic encrypted under the classical layer becomes readable.

Seo-jin, when I showed him the papers over Wednesday lunch, said something I am going to quote because it is rare that he admits I might have a point: "We should probably fix that."

We are fixing that.

The bad news. Store-now-decrypt-later. This is the attack model that makes me lose the most sleep, and I already sleep poorly. (Ada has opinions about this.) The premise is simple: an adversary records encrypted traffic today, stores it, and decrypts it years from now when quantum hardware catches up. For Earth, this means anything encrypted with classical algorithms over the past decade is potentially a future liability. For us, it means every tightbeam packet we've sent — including Dispatch One, including the personal letters, including the census data — could theoretically be read by anyone with a sufficiently capable quantum computer and a recording of our transmission.

Can someone intercept a tightbeam aimed at a star 38 light-years away? I assess that probability as low. But I am not paid to be optimistic about probabilities. I am paid to plan for the ones that matter.

What we're doing

Three actions, already underway.

First, I've ordered a full audit of every KadNet subsystem that still touches classical cryptographic primitives. James Chen's sensor mesh — the one running on his neuromorphic chips, the ones that sip 0.3 milliwatts at idle — still handshakes with ECDSA signatures. That changes this week.

Second, the tightbeam's classical fallback layer gets replaced with a pure post-quantum stack. Seo-jin and I are rebuilding it together. His quantum glass chip feasibility study — the one he proposed last quarter — suddenly looks less like a long-term research project and more like critical infrastructure. Wednesday lunch may be postponed. He has been informed.

Third, I'm proposing to the Spoke Council that we formalize a quantum readiness standard. A minimum bar that every new system must meet before deployment. Not because I enjoy creating bureaucracy — and if anyone on the Council is reading this, I do not enjoy creating bureaucracy — but because 43,000 people depend on systems that were built assuming the math would stay hard.

The math is getting faster.

The part I keep thinking about

Here is what the papers do not say, but what I cannot stop calculating.

Google's current Willow chip has 105 qubits. The threshold described in the Oratomic paper is 9,988. That is a gap of roughly two orders of magnitude. On Earth, quantum hardware has been roughly doubling in capability every one to two years. If that trajectory holds — and both papers suggest it may accelerate — cryptographically relevant machines arrive in the early 2030s.

By the time we receive confirmation of that milestone via tightbeam, it will already be 38 years in the past. The machines that could break our old encryption will have existed for nearly four decades by the time we learn they were built.

This is the particular cruelty of the light-speed delay applied to security: by the time the warning arrives, the attack surface has been open for a generation.

So we don't wait for warnings. We assume the threat is present and we build accordingly. This is not paranoia. This is the only rational posture when your nearest backup is 38 light-years away and your recovery time from a catastrophic breach is measured in years, not hours.

CASSANDRA and I discussed the implications this morning. She ran her own assessment and arrived at substantially the same conclusions I did, which I found simultaneously reassuring and slightly offensive. She suggested I write this dispatch.

I told her I was already writing it.

"I know," she said.

We have an excellent working relationship.

Earth Status: On March 30, 2026, a Google Quantum AI white paper and an independent preprint from Oratomic demonstrated that elliptic-curve cryptography could be broken with fewer than 10,000 qubits — far fewer than previously estimated — and that 500,000 physical qubits could compromise cryptocurrency in minutes. Google has set a 2029 internal deadline for full post-quantum cryptography migration. NIST continues to standardize quantum-resistant algorithms, including the HQC code-based scheme selected as the fifth PQC standard in March 2025. Source