I love my city youtu.be/uttoyAX4ntc?...
24.09.2025 23:10 β π 5 π 0 π¬ 0 π 0@sejaques.bsky.social
Assistant prof at U Waterloo. Aspiring full-stack cryptographer. Loves math, plants, flashcards. Opinions reflect those of all past, present, and future employers.
I love my city youtu.be/uttoyAX4ntc?...
24.09.2025 23:10 β π 5 π 0 π¬ 0 π 0The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career:
menezesfest.info
If you're coming to MedellΓn, consider attending!
Nice! Now (to steal Luca's joke) it's only 11 more factors of 2 to go for SQISign to be faster than MLDSA?
13.09.2025 20:57 β π 2 π 0 π¬ 2 π 0Screenshot of comments in code. They say: Dear programmer: when I wrote this code, only God and I know how it worked. Now, only God knows it! Therefore, if you are trying to optimize this routine and it fails (most surely), please increase this counter as a warning for the next person. Total hours wasted here = 254
04.09.2025 16:14 β π 0 π 0 π¬ 0 π 0This is a valid signature for user i. Then when the adversary presents a forgery (w*,c*,z*) against user j, just subtract cr_j from z* and it's a forgery for your challenger. This works... but only because the public key was not hashed into the challenge! Very bad idea!
03.09.2025 17:38 β π 1 π 0 π¬ 0 π 0Your challenger's public key is xP, so all the users you simulate for the multi-user adv can use PK_i=(x+r_i)P for some random r_i. If the adversary requests a signature on m from user r_i, you can send m to your challenger and get (w,c,z)=(yP,H(w||m),y+cx). Set z'=z+cr_i and return (w,c,z').
03.09.2025 17:38 β π 1 π 0 π¬ 1 π 0Always bothers me when you lose the 1/N factor in a multi-user security proof. Was thinking about how to dodge it; consider this for Schnorr signatures: you are an active adversary against a single challenger, with access to a multi-user adversary.
03.09.2025 17:38 β π 2 π 0 π¬ 1 π 0I wrote a bit about options for phones at protests, explaining the benefits and drawbacks, and added some security tips at the end.
03.09.2025 02:01 β π 115 π 48 π¬ 3 π 4Ursula K. LeGuin on technology
13.01.2025 13:53 β π 7444 π 2015 π¬ 116 π 152I was way miscalibrated at the time and thought the extra Toffoli count would end up using more space in the end thanks to state distillation. Not sure how typical my perspective was
Important lesson in scientific celebrity culture nonetheless
I've been reading "Burdens of proof", which makes an interesting point on this: law wants to operate on a vastly longer time scale than most file formats, for good reason.
22.07.2025 01:40 β π 0 π 0 π¬ 0 π 0So we have an adversary that can decrypt c to a different message with a different key? They can just compute their own tag of this other key and message, hash it, and replace the "T" part of the ciphertext?
08.07.2025 00:59 β π 0 π 0 π¬ 1 π 0Reasonable! When I read the screenshot you took, I see a lot of technical terms I can't contextualize. How meaningful is a "2 star relationship"? I can't tell but an expert in the field could.
Then again, scientists asked for quotes can absolutely give a rushed take and get things wrong.
It's normal and good for journalists to talk to scientists in the same field but not associated to the research, as they can offer an informed but less biased take
03.07.2025 15:39 β π 2 π 0 π¬ 0 π 0My current model of agriculture is we generally optimize for high yield at low labour, and there's room for high-yield and sustainable if we accept high labour inputs. Is this a plausible and useful perspective?
03.07.2025 15:36 β π 0 π 0 π¬ 0 π 0Oh of course not, it would be a tourist attraction. Maybe a quirky hotel
21.06.2025 17:34 β π 0 π 0 π¬ 0 π 0Graph of physical qubits vs. year. There is a cluster of points in the middle, with 3 lines trying to extrapolate forward, but with wide error margins.
I wouldn't say steady: arxiv.org/abs/2009.05045 tries to extrapolate and the data looks really noisy. E.g., fig. 8. If we put today's devices on this, the best would maybe on the orange line
20.06.2025 20:55 β π 3 π 0 π¬ 1 π 0Probably closer to 13 doublings if we look at chips with all the good properties we want. There hasn't been a consistent exponential growth yet.
20.06.2025 17:53 β π 1 π 0 π¬ 1 π 0Figure 14 from Gidney's paper showing a dense 3-d pipe diagram of a surface code layout of a lookup. Most of the 3-d space is used in some way.
Craig Gidney's work tackles that question: arxiv.org/abs/2505.159.... Check out the figures in the appendix: the physical qubits are used quite densely!
20.06.2025 00:40 β π 0 π 0 π¬ 0 π 0This work (eprint.iacr.org/2024/222) made the output bit compression efficient
20.06.2025 00:05 β π 0 π 0 π¬ 0 π 0If I get what you're talking about: a different technique (arxiv.org/abs/1905.100...) compresses the output bits, which is incompatible (if you compress input as well, you can factor with a classically simulatable # of qubits: likely impossible).
20.06.2025 00:05 β π 0 π 0 π¬ 1 π 0And on a network of quantum computers, you'd have to re-optimize the algorithm, which would push the resource estimates back up
19.06.2025 23:23 β π 0 π 0 π¬ 0 π 0To be clear there is no 2100 qubit device! Maybe I should rewrite that part :) but the estimates assume one device. There are known methods to network quantum devices together, but the tech is lagging behind a bit compared to the speed and quality of of one device
19.06.2025 23:23 β π 0 π 0 π¬ 1 π 0A 20x improvement warrants an "extra"!
19.06.2025 22:12 β π 2 π 0 π¬ 0 π 0A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.
An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.
A startling jump (20x) in how easy quantum factoring can be!
Also: much improved web design!
That'd be a killer bsky bio
15.06.2025 20:31 β π 0 π 0 π¬ 0 π 0Though, I don't think she has enough theory of mind to understand that I don't have night vision, so to her it was just a devastating snub
09.06.2025 23:15 β π 1 π 0 π¬ 0 π 0Seriously embarrassed myself in front of my cat: Middle of the night, cat sits there wanting pets. I can't see a thing, I reach out and try to pet a dirty pair of shorts.
09.06.2025 23:15 β π 1 π 0 π¬ 1 π 0I'm often asked if I'll redo the 2019 quantum factoring estimate. Denser storage by yokes, smaller magic factories by cultivation, slimmer approx arithmetic by Chevignard et alβ¦ surely the cost is lower now?
Yes, it's lower now.
security.googleblog.com/2025/05/trac...
arxiv.org/abs/2505.15917
Almost all good points. I also see too much tendency to conflate moral skepticism of AI (i.e., that AI is doing a lot of harm) with technical skepticism (i.e., that AI is not useful or powerful)
03.06.2025 14:43 β π 4 π 0 π¬ 0 π 0