The U.S.-Israeli war with Iran, now in an unstable ceasefire, has exposed a structural failure in the global semiconductor memory supply chain, and it is not the one analysts seem to be tracking. The story receiving attention is helium: Qatar’s Ras Laffan facility went offline, a 45-day inventory clock started running, and spot prices doubled within days. The story receiving almost no attention is bromine, and it is potentially the more dangerous one. Bromine is the raw material from which specialized chemical suppliers produce semiconductor-grade hydrogen bromide gas, the etch chemical that South Korean fabs use to carve the transistor

The post The Bromine Chokepoint: How Strife in the Middle East Could Halt Production of the World’s Memory Chips appeared first on War on the Rocks.

When thinking about recursive self-improvement, there are two things to separate out: whether we’re talking about models (and scaffolds) improving more rapidly, or the wider societal/economic impacts of this recursive dynamic - i.e., stuff that depends mostly on deployments, adoption, and other bottlenecks. The lines are sometimes blurred in the discourse, and I want to make this separation clearer here. I also suspect many of these barriers are more structurally resistant to being dissolved by better capabilities than people often assume.

The models will get better

On the former: yes, we are already using AI to filter data, write better code, build experimental setups, and so on. These enhancements can make the human-led process of developing and researching models more efficient. As a result, I expect the time required to achieve a given increase in model capability to fall over time. Since we want good models, this is good news. But there are a few things worth noting here:

First, there are huge costs in doing all this. Even if much of the model development process is automated, frontier training still requires massive amounts of capital and compute. So far labs have deep reserves or investors willing to fund losses in expectation of future gains. But over any longer horizon, these costs still need to be justified economically, and real-world deployment remains one important way this happens. In a way, this is analogous to what Dario was telling Dwarkesh: “Even though a part of my brain wonders if it’s going to keep growing 10x, I can’t buy $1 trillion a year of compute in 2027. If I’m just off by a year at that rate of growth, or if the growth rate is 5x a year instead of 10x a year, then you go bankrupt.”

Second, when 95% of a process is automated, the remaining 5% can act as an important speed limiter: this can be taste, creativity, bureaucracy, anything that may require ‘human time’. Executives in large organisations are more cognizant of these than researchers who only see their immediate aperture. Now, economic history warns us against assuming new technology will simply replicate legacy pipelines perfectly. Just as the Indian pharmaceutical industry in the 1990s bypassed Western R&D bottlenecks by inventing vastly cheaper manufacturing processes, AI might circumvent current human bottlenecks by inventing entirely new ‘menus of production.’ But even the Indian pharma revolution took years of trial, regulatory navigation, and institutional adaptation before it reshaped the industry. Routing around bottlenecks is itself a deployment problem, not an overnight breakthrough.

Third, even if model improvement accelerates sharply, that alone is not sufficient. Aggregate capability gains only matter insofar as they can be identified, productized, and translated into real-world use. I think a lot of people continue to underestimate the importance of deployments across society, which matter for both (a) justifying training costs; and (b) generating useful data to improve models that customers want to continue using; (c) understanding the strengths and limitations of an existing generation of models in real world settings; and (d) getting the transformative changes you want to see in the world.

Finally, there may also be diminishing returns within any given paradigm, since this can be observed nearly everywhere. It is unclear where and when these hit, but my intuition is that current systems are especially strong at exploiting paradigms that already exist, particularly in domains with dense, legible feedback where RL and synthetic data can productively extend the loop. That can still produce extremely fast progress. But I am less sure that these same systems smoothly generalize from paradigm-exploitation to paradigm-generation, by which I mean the creation of genuinely new abstractions and their productive reintegration into the training and research loop.

More narrowly, I do not think it is yet obvious that we have entered an actual ‘intelligence explosion’, as opposed to simply extending the AI-assisted development loop that was already underway over the past few years. Crucially though, the diminishing returns I’m describing are returns within the current paradigm. One could argue that RSI itself is the mechanism by which you escape this — that sufficiently capable systems identify entirely new abstractions and innovative architectural approaches. I expect a version of that in the coming decade, but initially still through a cyborgian dynamic where researchers leverage increasingly capable agents to crack problems that neither humans nor models would solve alone. In any event, the broader argument does not depend on where exactly that ceiling lies.

When people talk about recursive self-improvement, they sometimes acknowledge these frictions but then treat them as secondary, or assume that sufficiently capable systems can route around most of them via internal deployments and accelerated R&D. I think this is often overstated: these bottlenecks do not disappear just because model development speeds up. They are structural, not incidental, and they push strongly against the more explosive versions of the RSI story.

The inconvenience of deployment

On the deployment side, things get even more complicated. Deploying models into the world is not just a ‘nice to have’ thing that labs do out of charity. Labs have strong incentives to see these systems deployed, permitted, adopted, and integrated across the economy. Over time, this is one major way the scale of frontier spending gets justified. And in parallel, you need to go through the court cases, the regulatory burdens, the legal compliance, the weird adoption dynamics, the integration into legacy systems, the cultural adjustments, the political headwinds, everything! There are all sorts of reasons why deployment takes time and I think people are too quick to just wave these away with some handwavy remark about ‘competitive pressures’. This is less a point about narrow model self-improvement than about industrial diffusion: even if models improve quickly, the automation of the economy still has to run through deployment bottlenecks.

When people talk about recursive self-improvement and then talk about society being unrecognizably transformed at a very fast speed, they’re not talking about models developing, but essentially about the entire economy self-improving, where every physical and human constraint disappears. I think it’s uncontroversial to claim that getting to this point will take time. Even if you get much better robots in the coming years, which I expect will happen, getting humans completely out of the physical and digital economy loop is a pretty damn high bar. And even in such a world, you still do not get a ‘hard takeoff’, because so much remains tethered to human time still.

This points to a general issue in a lot of AI thinking: the concepts of consumption and demand are often muddled, and the focus is solely on the supply of capabilities. To make sense of this, we need to clearly separate economic demand (the rate at which human, and ultimately AI, consumers buy, adopt, and integrate products day-to-day) from final utility (the ultimate human purpose or directive that gives this economic activity a reason to exist).

For some time, I expect the economy’s ability to absorb, integrate, and productively deploy these systems to remain an important constraint, although not forever. Viewed through the macroeconomic lens of Say’s Law and capital deepening, it’s true that immediate consumer spending doesn’t necessarily have to be a hard speed limit per se. If AI triggers massive technological deflation, the economy could in principle equilibrate by reinvesting excess surplus into highly capital-intensive processes: essentially, machines building data centers and robots for other machines. This means an ‘Agent-to-Agent’ (A2A) economy can grow incredibly fast without waiting for humans to consume final products today.

Yet, even if this automated A2A loop takes hold someday, it remains fiercely tethered to final utility. Conditional on systems remaining broadly aligned and instruction-following (which is my current assumption), AIs will not be consuming for their ‘own’ sake: they do not possess intrinsic utility, and they do not build server farms for their own amusement. They are doing so purely a extensions of what a human principal somewhere in space and time ultimately desires. It’s also worth noting that this does not require perfect alignment: human economies have always operated with all sorts of principal-agent problems and we manage these through institutional design, incentives, monitoring, and redundancy, not by solving them in the abstract or by relying on an ‘aligned vs misaligned’ dichotomy.

Imagine a human gives an AI system a top-level directive: invent and mass produce a cure for Alzheimer’s. An autonomous A2A supply chain spins up: Agent A (the R&D lab) realizes it needs 100x more compute. Agent A pays Agent B to build a massive new data center. Agent B pays Agent C to mine the silicon, copper, and steel required. Agent C pays Agent D to build a fusion reactor to power the mining equipment. In this scenario, 99.9% of the economic activity is A2A; trillions of dollars are moving, and massive physical infrastructure is being built. No human had to buy a final product, click an ad, or culturally adapt to to keep this massive industrial boom running. Economically, this loop successfully bypasses the friction of human consumers.

But the initial “seed” of all this activity is still a human goal, and that is the tethered link. Because the A2A ouroboros is anchored to human purposes, it does not operate in a frictionless void. To deliver something like an Alzheimer’s cure, the relevant systems will often still need to interface with the human world: biological reality, legal and institutional processes, property and infrastructure constraints, and human judgments about acceptable risk. Some of these interfaces may become faster and more automated, but institutional adaptation is itself often contested and uneven (which is often a feature, not a bug).

So at some point, the bottleneck is no longer how fast humans can buy/consume things, but how fast AIs can deploy, verify, and physically build things in our highly frictional, human-regulated world. Reality bites: this ouroboros-shaped economy cannot spontaneously generate in a vacuum; it must navigate legacy infrastructure, power grids, API limits, and regulatory realities (yes, they will exist then too, for good reason). As long as AIs are instruction-following, there are no runaway scenarios. So whilst orders of magnitude more efficient than industry today, we shouldn’t confuse a future automated supply chain with a frictionless hard-takeoff type singularity.

What to make of this

It’s worth noting that the very forces that push toward better model development and faster experimentation — the general purpose nature of the improvements that AI provides — also apply to safety, to control, monitoring, verification, robustness, and all sorts of other desirable things. It is in the interest of companies and whoever adopts and uses these agents for them not to be reward-hacking, or for their agents not to do weird things no one asked, or for them to be vulnerable to serious attacks that threaten their consumer base.

So automating ML R&D should also accelerate many of the safety-relevant properties we care about, such as interpretability or getting more deterministic systems with better controls. This only looks implausible if you think of capabilities and alignment as almost entirely separate domains. I do not think that separation really holds. Many safety properties are deeply entangled with broader advances in model quality and engineering, even if that does not mean every failure mode is solved automatically. AI systems are engineered machines, and I expect some of the same forces accelerating capabilities to be brought to bear on alignment, control, and oversight as well. The case for using more intelligence to accelerate alignment work is at least as strong as the case for buying time to do that work manually.

And to be clear, as usual, that’s not to say everything will go perfectly well or that society is perfectly calibrated to handle new technologies optimally. Naturally, I expect all sorts of negative developments and externalities, though I expect many of these will get addressed if they become problematic enough; for example I do expect more cyber incidents in the short run but better adaptation over time (just as we did with spam or DDoS attacks). In general, it’s clear that you want a lot of resources devoted to safety and governance, which I think we do today (and will continue doing). And of course, in a world where you get incrementally faster deployments and societal developments taking shape, you also want governance to be benefiting from the technology. Think of the early days of the internet: you definitely want courts, regulators, and civil society to use the internet too, otherwise they wouldn’t do their job effectively at all. I think the same applies here, and improving governance and institutions remains one of the most important things to focus on in the next few years.

To conclude, the term ‘recursive self-improvement’ often conjures a science-fiction image of a blurry abstraction magically improving itself overnight and leading to some sort of hard take-off. The reality will be both more grounded and more profound. Because we are essentially ‘inventing the inventors’, we may well be heading toward a period of very high economic growth. Even so, I remain sceptical that this translates into a super-exponential takeoff in the wider economy within the current decade, even if model capabilities continue improving rapidly.

But rejecting an instantaneous ‘hard takeoff’ today doesn’t mean using AI to improve AI is no big deal. When this super-exponential flywheel eventually spins up, it won’t do so in a frictionless vacuum and will be tethered to the physical world, constrained by energy limits, robotic manufacturing speeds, and the messy reality of integrating software and robots across human institutions and societies. Unless you believe more intelligence magically bypasses all of this, or that it necessarily means power-seeking and deception, then the future is less about an overnight singularity and more about navigating a massively accelerated, but ultimately jagged and physical, industrial revolution. Self-improvement itself will be uneven: a jagged frontier where breakthroughs in some domains coexist with stubborn stasis in others. We have a window of time to upgrade our institutions for what’s coming, and I think one of the most effective ways to do so is by deploying AI across governance and institutions themselves.

With thanks to Nathaniel Bechhofer, Rohin Shah, Samuel Albanie, Jamie Rumbelow, Ben Clifford, Tim Hwang, Harry Law, and Gustavs Zilgalvis for discussions and feedback.

What makes a college course popular or unpopular? I’ve long been interested in courses for non-science majors that satisfy “general education” requirements, their aim being to foster overall scientific literacy and to convey an understanding of topics that are important to society. I often teach such courses at the University of Oregon, for example a biophysics-for-non-scientists course and one on renewable energy. Last term I again taught The Physics of Energy and the Environment, a course for non-science-majors that I’ve written about before (for example, this).

Here’s the enrollment in Physics of Energy and the Environment for the past 15 years. (See Methods for how I constructed the plot.) The datapoints with the circles are the terms in which I taught the course.

You’ll notice that there are enormous fluctuations, with the number ranging from about 40 to 140. Last term had among the lowest numbers of students. I wondered why.

Here’s enrollment data for The Physics of Light and Color, usually a popular course. Last term was particularly low, less than 50 when it’s usually over 150.

Are there “general education” Physics courses with more students, and in which enrollment last term was high? Yes: Essentials of Physics. Note the scale, 300 students last term:

These were the three general education Physics courses offered in Winter 2026. Even before the term started, I was paying attention to the enrollment, tensely checking to see if my course would cross the 20-student threshold to avoid cancellation. Here’s the graph, starting a week after enrollment opened:

300, by the way, is the maximum allowed for Essentials of Physics. The ceilings for Energy and the Environment and Light and Color were 76 and 218 respectively, indicated by dashed lines above.

What if we look at all Physics general education courses for the past 15 years?

There’s a spaghetti of lines, but it’s clear that something is unusual in recent terms.

What sets the Essentials of Physics course apart? Why is it so popular? The content is “Physics 101” for non-science-majors, i.e. not a particular theme of social or humanistic interest.

While you’re formulating a guess, I’ll note that I’ve often heard great things about the Physics of Light, Color, and Vision course.

Though I’m biased, I’ll note that students also seem fond of Physics of Energy and the Environment. I’ve had enthusiastic students tell me, sometimes even years later, that they like the course. Plus, it has a lot of real-world relevance, and we like to think our students care about this.

From this past term’s student evaluations:

“The relevance of this course content can’t be overstated. This course clearly connects to real world examples and helps explain world phenomenons.”

and

“He [i.e. me] also is very good at including active learning in his lectures by making students think first before directly stating answers.” (The relevance of this will be clear in a moment.)

I’ve posted all the student evaluations here, so you can verify that I’m not cherry-picking a few cheerful kids from an otherwise angry mob.

I have yet to hear praise of Essentials of Physics, though I haven’t specifically investigated. (We don’t have access to other courses’ evaluations.)

Modalities and the Ethics of Instruction

As you’ve likely guessed, what’s different about Essentials of Physics in Winter 2026 (and Winter 2025), is that it’s an online, asynchronous course. This means that there’s no in-person interaction; lectures are recorded. Most importantly, Most importantly, students submit all work online. In principle there could be proctored in person exams at a testing center, but this doesn’t exist for this course, or for most UO online courses. The other two courses, Light … and Energy and the Environment, like nearly all of our other Physics courses, are in person.

The University of Oregon is a residential university that makes a point of stressing in its public relations “live” interactions, student experiences, topical courses, etc. University of Oregon students, therefore, are presumably not enrolling from far away, nor enrolling with the aim of taking classes in their pajamas. The interactions enabled by actually having a room full of students, especially incorporating active learning methods that stimulate student engagement and allow a back-and-forth of questions and answers, are effective ways to enhance learning. Plus, they’re fun.

Apparently all this does not diminish the appeal (or temptation?) to students of online courses.

Obviously, one can’t think about online courses in 2026 without thinking about artificial intelligence. (This has been true since at least 2024, but in 2024 one could perhaps be unaware of AI without being professionally negligent.) Even in high-level undergraduate classes, there is nothing one can assign that can’t be answered perfectly by AI; in a general education course, perfect AI-delivered answers are trivial to obtain. We are all seeing as one of the consequences the evaporation of correlation between homework scores and (in person) exam scores, the former being generally perfect and the latter increasingly bimodal with a large fraction showing stunningly low levels of understanding.

The concern is not simply academic dishonesty, though addressing this is essential to avoiding the devaluation of higher education. Perhaps more sadly, we’re seeing students use AI as a crutch for their understanding. It’s easy to ask any modern LLM to answer and then explain a homework question, read that explanation, and think this is a substitute for thinking about the question and constructing the solution oneself. The student, then, bypasses the actual process of learning, and without meaningful assessments (like quizzes or exams), the students delude themselves about their skills.

Is the immediate filling of the 300-student Essentials of Physics really a consequence of it being online? As an additional datapoint, note the Physics Behind the Internet in the graph above. Having hovered between about 20 and 100 students, it surged to 150 two years ago, and 300 this term. What’s new about Physics Behind the Internet? Two years ago it became an online asynchronous course (ceiling 154 students in 2024, 300 now).

It is possible, I should add, to create a meaningful, rigorous asynchronous online course. As noted above, one can have human-proctored exams, though UO doesn’t have the capacity to do this for large courses. One can schedule online video chats for presentation and assessment (oral exams or quizzes); one of my colleagues in Biology does this — it is effective. This won’t scale to classes larger than 20 or maybe 30; certainly not 300.

It seems obvious that online courses are pedagogical disasters. There are, as mentioned, ways to structure them well. (Doing so requires more work than an in person course, I think!) And, of course, there are motivated and self-aware students who will learn very well from such courses, as they would from other courses. However, for a 300-person general education course with no independent assessment or validation, there’s no way to take such courses seriously, or to be proud to offer them. We may as well just tell students to send a check in return for an “A”, and spare everyone 10 weeks of pretending. There would be considerable student demand for this, just as there is currently considerable demand for the online asynchronous courses.

At a faculty meeting, I asked our department to stop permitting online assessments, which would effectively stop our teaching online asynchronous courses. There was some agreement and some concern with details, but not enough enthusiasm to move forward. I lacked the energy to push the issue vigorously enough, especially because there’s a structural problem with “unilaterally” taking such a step:

The resources of a department, such as my Physics department, are tied to the number of students it teaches. (This connection doesn’t need to exist, but it’s understandable; even more than most public universities, the University of Oregon is dependent on student tuition, so an administrative insistence that departments carry their weight is understandable.) My analysis above suggests that our online courses are siphoning students from our other general-education courses, so canceling these courses would send students to these other courses, like Energy and the Environment, which I would argue would be an educational improvement. However, it would likely also send students to online courses in other departments. Should we hurt our own income, which helps us accomplish our many worthwhile goals, to uphold a general principle about educational validity? I’d argue yes, but I can see that this isn’t an obvious choice.

What we need to solve this dilemma is a university-wide policy about online education that is honest and forthright about what learning looks like in 2026, that considers actual teaching goals and student experiences, and that has teeth. So far, we lack such a policy. UO is not unique; this is a common problem.

On the plus side, my many conversations about AI and teaching with faculty at many institutions, and with students, show a universal agreement that online, un-proctored assessment is meaningless and that universities need to think clearly about what they’re doing. (Students, by the way, are some of the strongest voices against AI-enabled cheating and its facilitation by clueless professors and administrators.) At some point, this will have to translate into changes in how we run universities. The institutions that do this quickly and well may survive more easily than those that don’t.

Methods

Data on course enrollment over time at the University of Oregon isn’t readily available, at least for those of us without any administrative superpowers. However, all our course schedules are available online, so it’s possible to get a web page for every course offered by a given department (like Physics) in a given term, and save it as an HTML file. Reading this by eye is easy. Writing code to read the HTML is hard — the table structure isn’t simple. This is a completely uninteresting programming task and is, therefore, ideal for current AI tools! (Without this, I would not have bothered with this analysis.) I therefore downloaded the HTML files, asked Claude (Sonnet 4.6) to convert all the HTML files to more comprehensible CSVs, and then asked it to write code to extract information from the CSVs. I then read the code, made a few changes, and ran it. this works well.

I don’t use AI to write prose, and I’m witnessing the disastrous results of students offloading learning to AI, but writing routine and boring code is an ideal task for modern artificial intelligence. There’s a lot to think about with all these developments.

Today’s illustration…

I painted a whale to use in a public talk I gave in January. My wife noted that I’ve had two whale paintings on the blog before, in 2013!

— Raghuveer Parthasarathy, April 12, 2025

I have a feeling that everyone likes using AI tools to try doing someone else’s profession. They’re much less keen when someone else uses it for their profession.

— Giles Turnbull, AI and the human voice

Tags: ai-ethics, writing, ai

KIERAN GILBERT, HOST: Prime Minister Anthony Albanese, thanks for your time. What's your reaction to news of a two-week ceasefire, including the reopening, albeit temporarily, of the Strait of Hormuz?

My position on the urgency of rolling out quantum-resistant cryptography has changed compared to just a few months ago. You might have heard this privately from me in the past weeks, but it’s time to signal and justify this change of mind publicly.

There had been rumors for a while of expected and unexpected progress towards cryptographically-relevant quantum computers, but over the last week we got two public instances of it.

First, Google published a paper revising down dramatically the estimated number of logical qubits and gates required to break 256-bit elliptic curves like NIST P-256 and secp256k1, which makes the attack doable in minutes on fast-clock architectures like superconducting qubits. They weirdly¹ frame it around cryptocurrencies and mempools and salvaged goods or something, but the far more important implication are practical WebPKI MitM attacks.

Shortly after, a different paper came out from Oratomic showing 256-bit elliptic curves can be broken in as few as 10,000 physical qubits if you have non-local connectivity, like neutral atoms seem to offer, thanks to better error correction. This attack would be slower, but even a single broken key per month can be catastrophic.

They have this excellent graph on page 2 (Babbush et al. is the Google paper, which they presumably had preview access to):

Overall, it looks like everything is moving: the hardware is getting better, the algorithms are getting cheaper, the requirements for error correction are getting lower.

I’ll be honest, I don’t actually know what all the physics in those papers means. That’s not my job and not my expertise. My job includes risk assessment on behalf of the users that entrusted me with their safety. What I know is what at least some actual experts are telling us.

Heather Adkins and Sophie Schmieg are telling us that “quantum frontiers may be closer than they appear” and that 2029 is their deadline. That’s in 33 months, and no one had set such an aggressive timeline until this month.

Scott Aaronson tells us that the “clearest warning that [he] can offer in public right now about the urgency of migrating to post-quantum cryptosystems” is a vague parallel with how nuclear fission research stopped happening in public between 1939 and 1940.

The timelines presented at RWPQC 2026, just a few weeks ago, were much tighter than a couple years ago, and are already partially obsolete. The joke used to be that quantum computers have been 10 years out for 30 years now. Well, not true anymore, the timelines have started progressing.

If you are thinking “well, this could be bad, or it could be nothing!” I need you to recognize how immediately dispositive that is. The bet is not “are you 100% sure a CRQC will exist in 2030?”, the bet is “are you 100% sure a CRQC will NOT exist in 2030?” I simply don’t see how a non-expert can look at what the experts are saying, and decide “I know better, there is in fact < 1% chance.” Remember that you are betting with your users’ lives.²

Put another way, even if the most likely outcome was no CRQC in our lifetimes, that would be completely irrelevant, because our users don’t want just better-than-even odds³ of being secure.

Sure, papers about an abacus and a dog are funny and can make you look smart and contrarian on forums. But that’s not the job, and those arguments betray a lack of expertise. As Scott Aaronson said:

Once you understand quantum fault-tolerance, asking “so when are you going to factor 35 with Shor’s algorithm?” becomes sort of like asking the Manhattan Project physicists in 1943, “so when are you going to produce at least a small nuclear explosion?”

The job is not to be skeptical of things we’re not experts in, the job is to mitigate credible threats, and there are credible experts that are telling us about an imminent threat.

In summary, it might be that in 10 years the predictions will turn out to be wrong, but at this point they might also be right soon, and that risk is now unacceptable.

Now what

Concretely, what does this mean? It means we need to ship.

Regrettably, we’ve got to roll out what we have.⁴ That means large ML-DSA signatures shoved in places designed for small ECDSA signatures, like X.509, with the exception of Merkle Tree Certificates for the WebPKI, which is thankfully far enough along.

This is not the article I wanted to write. I’ve had a pending draft for months now explaining we should ship PQ key exchange now, but take the time we still have to adapt protocols to larger signatures, because they were all designed with the assumption that signatures are cheap. That other article is now wrong, alas: we don’t have the time if we need to be finished by 2029 instead of 2035.

For key exchange, the migration to ML-KEM is going well enough but:

1. Any non-PQ key exchange should now be considered a potential active compromise, worthy of warning the user like OpenSSH does, because it’s very hard to make sure all secrets transmitted over the connection or encrypted in the file have a shorter shelf life than three years.

2. We need to forget about non-interactive key exchanges (NIKEs) for a while; we only have KEMs (which are only unidirectionally authenticated without interactivity) in the PQ toolkit.

It makes no more sense to deploy new schemes that are not post-quantum. I know, pairings were nice. I know, everything PQ is annoyingly large. I know, we had basically just figured out how to do ECDSA over P-256 safely. I know, there might not be practical PQ equivalents for threshold signatures or identity-based encryption. Trust me, I know it stings. But it is what it is.

Hybrid classic + post-quantum authentication makes no sense to me anymore and will only slow us down; we should go straight to pure ML-DSA-44.⁶ Hybrid key exchange is reasonably easy, with ephemeral keys that don’t even need a type or wire format for the composite private key, and a couple years ago it made sense to take the hedge. Authentication is not like that, and even with draft-ietf-lamps-pq-composite-sigs-15 with its 18 composite key types nearing publication, we’d waste precious time collectively figuring out how to treat these composite keys and how to expose them to users. It’s also been two years since Kyber hybrids and we’ve gained significant confidence in the Module-Lattice schemes. Hybrid signatures cost time and complexity budget,⁵ and the only benefit is protection if ML-DSA is classically broken before the CRQCs come, which looks like the wrong tradeoff at this point.

In symmetric encryption, we don’t need to do anything, thankfully. There is a common misconception that protection from Grover requires 256-bit keys, but that is based on an exceedingly simplified understanding of the algorithm. A more accurate characterization is that with a circuit depth of 2⁶⁴ logical gates (the approximate number of gates that current classical computing architectures can perform serially in a decade) running Grover on a 128-bit key space would require a circuit size of 2¹⁰⁶. There’s been no progress on this that I am aware of, and indeed there are old proofs that Grover is optimal and its quantum speedup doesn’t parallelize. Unnecessary 256-bit key requirements are harmful when bundled with the actually urgent PQ requirements, because they muddle the interoperability targets and they risk slowing down the rollout of asymmetric PQ cryptography.

In my corner of the world, we’ll have to start thinking about what it means for half the cryptography packages in the Go standard library to be suddenly insecure, and how to balance the risk of downgrade attacks and backwards compatibility. It’s the first time in our careers we’ve faced anything like this: SHA-1 to SHA-256 was not nearly this disruptive,⁷ and even that took forever with the occasional unexpected downgrade attack.

Trusted Execution Environments (TEEs) like Intel SGX and AMD SEV-SNP and in general hardware attestation are just f***d. All their keys and roots are not PQ and I heard of no progress in rolling out PQ ones, which at hardware speeds means we are forced to accept they might not make it, and can’t be relied upon. I had to reassess a whole project because of this, and I will probably downgrade them to barely “defense in depth” in my toolkit.

Ecosystems with cryptographic identities (like atproto and, yes, cryptocurrencies) need to start migrating very soon, because if the CRQCs come before they are done, they will have to make extremely hard decisions, picking between letting users be compromised and bricking them.

File encryption is especially vulnerable to store-now-decrypt-later attacks, so we’ll probably have to start warning and then erroring out on non-PQ age recipient types soon. It’s unfortunately only been a few months since we even added PQ recipients, in version 1.3.0.⁸

Finally, this week I started teaching a PhD course in cryptography at the University of Bologna, and I’m going to mention RSA, ECDSA, and ECDH only as legacy algorithms, because that’s how those students will encounter them in their careers. I know, it feels weird. But it is what it is.

For more willing-or-not PQ migration, follow me on Bluesky at @filippo.abyssdomain.expert or on Mastodon at @filippo@abyssdomain.expert.

The picture

Traveling back from an excellent AtmosphereConf 2026, I saw my first aurora, from the north-facing window of a Boeing 747.

My work is made possible by Geomys, an organization of professional Go maintainers, which is funded by Ava Labs, Teleport, Tailscale, and Sentry. Through our retainer contracts they ensure the sustainability and reliability of our open source maintenance work and get a direct line to my expertise and that of the other Geomys maintainers. (Learn more in the Geomys announcement.) Here are a few words from some of them!

Teleport — For the past five years, attacks and compromises have been shifting from traditional malware and security breaches to identifying and compromising valid user accounts and credentials with social engineering, credential theft, or phishing. Teleport Identity is designed to eliminate weak access patterns through access monitoring, minimize attack surface with access requests, and purge unused permissions via mandatory access reviews.

Ava Labs — We at Ava Labs, maintainer of AvalancheGo (the most widely used client for interacting with the Avalanche Network), believe the sustainable maintenance and development of open source cryptographic protocols is critical to the broad adoption of blockchain technology. We are proud to support this necessary and impactful work through our ongoing sponsorship of Filippo and his team.