Sam Jaques's Avatar

Sam Jaques

@sejaques.bsky.social

Assistant prof at U Waterloo. Aspiring full-stack cryptographer. Loves math, plants, flashcards. Opinions reflect those of all past, present, and future employers.

197 Followers  |  105 Following  |  74 Posts  |  Joined: 26.03.2024  |  2.2859

Latest posts by sejaques.bsky.social on Bluesky

How This Small City Built Light Rail For Cheap
YouTube video by Oh The Urbanity! How This Small City Built Light Rail For Cheap

I love my city youtu.be/uttoyAX4ntc?...

24.09.2025 23:10 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
MenezesFest 2025 MenezesFest brings together researchers, colleagues, and friends to celebrate the career and impact of Alfred Menezes.

The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career:

menezesfest.info

If you're coming to MedellΓ­n, consider attending!

18.09.2025 06:17 β€” πŸ‘ 12    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0

Nice! Now (to steal Luca's joke) it's only 11 more factors of 2 to go for SQISign to be faster than MLDSA?

13.09.2025 20:57 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Screenshot of comments in code. They say: Dear programmer: when I wrote this code, only God and I know how it worked. Now, only God knows it! Therefore, if you are trying to optimize this routine and it fails (most surely), please increase this counter as a warning for the next person. Total hours wasted here = 254

Screenshot of comments in code. They say: Dear programmer: when I wrote this code, only God and I know how it worked. Now, only God knows it! Therefore, if you are trying to optimize this routine and it fails (most surely), please increase this counter as a warning for the next person. Total hours wasted here = 254

04.09.2025 16:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is a valid signature for user i. Then when the adversary presents a forgery (w*,c*,z*) against user j, just subtract cr_j from z* and it's a forgery for your challenger. This works... but only because the public key was not hashed into the challenge! Very bad idea!

03.09.2025 17:38 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Your challenger's public key is xP, so all the users you simulate for the multi-user adv can use PK_i=(x+r_i)P for some random r_i. If the adversary requests a signature on m from user r_i, you can send m to your challenger and get (w,c,z)=(yP,H(w||m),y+cx). Set z'=z+cr_i and return (w,c,z').

03.09.2025 17:38 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Always bothers me when you lose the 1/N factor in a multi-user security proof. Was thinking about how to dodge it; consider this for Schnorr signatures: you are an active adversary against a single challenger, with access to a multi-user adversary.

03.09.2025 17:38 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Options for Phones at Protests Simply showing up to a protest leaves you susceptible to all sorts of surveillance, including cameras, drones, facial recognition, and more. There's not always a lot you can do about pernicious street...

I wrote a bit about options for phones at protests, explaining the benefits and drawbacks, and added some security tips at the end.

03.09.2025 02:01 β€” πŸ‘ 115    πŸ” 48    πŸ’¬ 3    πŸ“Œ 4
Post image

Ursula K. LeGuin on technology

13.01.2025 13:53 β€” πŸ‘ 7444    πŸ” 2015    πŸ’¬ 116    πŸ“Œ 152

I was way miscalibrated at the time and thought the extra Toffoli count would end up using more space in the end thanks to state distillation. Not sure how typical my perspective was

Important lesson in scientific celebrity culture nonetheless

31.07.2025 23:28 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I've been reading "Burdens of proof", which makes an interesting point on this: law wants to operate on a vastly longer time scale than most file formats, for good reason.

22.07.2025 01:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

So we have an adversary that can decrypt c to a different message with a different key? They can just compute their own tag of this other key and message, hash it, and replace the "T" part of the ciphertext?

08.07.2025 00:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Reasonable! When I read the screenshot you took, I see a lot of technical terms I can't contextualize. How meaningful is a "2 star relationship"? I can't tell but an expert in the field could.

Then again, scientists asked for quotes can absolutely give a rushed take and get things wrong.

03.07.2025 16:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It's normal and good for journalists to talk to scientists in the same field but not associated to the research, as they can offer an informed but less biased take

03.07.2025 15:39 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

My current model of agriculture is we generally optimize for high yield at low labour, and there's room for high-yield and sustainable if we accept high labour inputs. Is this a plausible and useful perspective?

03.07.2025 15:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Oh of course not, it would be a tourist attraction. Maybe a quirky hotel

21.06.2025 17:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Graph of physical qubits vs. year. There is a cluster of points in the middle, with 3 lines trying to extrapolate forward, but with wide error margins.

Graph of physical qubits vs. year. There is a cluster of points in the middle, with 3 lines trying to extrapolate forward, but with wide error margins.

I wouldn't say steady: arxiv.org/abs/2009.05045 tries to extrapolate and the data looks really noisy. E.g., fig. 8. If we put today's devices on this, the best would maybe on the orange line

20.06.2025 20:55 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Probably closer to 13 doublings if we look at chips with all the good properties we want. There hasn't been a consistent exponential growth yet.

20.06.2025 17:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Figure 14 from Gidney's paper showing a dense 3-d pipe diagram of a surface code layout of a lookup. Most of the 3-d space is used in some way.

Figure 14 from Gidney's paper showing a dense 3-d pipe diagram of a surface code layout of a lookup. Most of the 3-d space is used in some way.

Craig Gidney's work tackles that question: arxiv.org/abs/2505.159.... Check out the figures in the appendix: the physical qubits are used quite densely!

20.06.2025 00:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Reducing the Number of Qubits in Quantum Factoring This paper focuses on the optimization of the number of logical qubits in quantum algorithms for factoring and computing discrete logarithms in $\mathbb{Z}_N^*$. These algorithms contain an exponentia...

This work (eprint.iacr.org/2024/222) made the output bit compression efficient

20.06.2025 00:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

If I get what you're talking about: a different technique (arxiv.org/abs/1905.100...) compresses the output bits, which is incompatible (if you compress input as well, you can factor with a classically simulatable # of qubits: likely impossible).

20.06.2025 00:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

And on a network of quantum computers, you'd have to re-optimize the algorithm, which would push the resource estimates back up

19.06.2025 23:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

To be clear there is no 2100 qubit device! Maybe I should rewrite that part :) but the estimates assume one device. There are known methods to network quantum devices together, but the tech is lagging behind a bit compared to the speed and quality of of one device

19.06.2025 23:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

A 20x improvement warrants an "extra"!

19.06.2025 22:12 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.

A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.

An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.

A startling jump (20x) in how easy quantum factoring can be!

Also: much improved web design!

19.06.2025 18:52 β€” πŸ‘ 61    πŸ” 26    πŸ’¬ 3    πŸ“Œ 0

That'd be a killer bsky bio

15.06.2025 20:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Though, I don't think she has enough theory of mind to understand that I don't have night vision, so to her it was just a devastating snub

09.06.2025 23:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Seriously embarrassed myself in front of my cat: Middle of the night, cat sits there wanting pets. I can't see a thing, I reach out and try to pet a dirty pair of shorts.

09.06.2025 23:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image Post image

I'm often asked if I'll redo the 2019 quantum factoring estimate. Denser storage by yokes, smaller magic factories by cultivation, slimmer approx arithmetic by Chevignard et al… surely the cost is lower now?

Yes, it's lower now.

security.googleblog.com/2025/05/trac...

arxiv.org/abs/2505.15917

23.05.2025 13:25 β€” πŸ‘ 73    πŸ” 14    πŸ’¬ 2    πŸ“Œ 4

Almost all good points. I also see too much tendency to conflate moral skepticism of AI (i.e., that AI is doing a lot of harm) with technical skepticism (i.e., that AI is not useful or powerful)

03.06.2025 14:43 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@sejaques is following 19 prominent accounts