Security Cryptography Whatever Standardizing Pure PQC
Mar 10, 2026
A lively debate on standardizing pure post-quantum cryptography and what still needs to be done for TLS. They dissect hybrid versus pure PQC approaches and why pure deployments matter. Political undercurrents and trust in algorithm origins come up. Standards process frustrations and whether re-running consensus would change anything are playfully examined.
AI Snips
Chapters
Transcript
Episode notes
Pure PQC Has Legitimate Use Cases
- Non-hybrid post-quantum (PQC) use cases exist beyond hybrids in TLS and standards like CNSA2 require pure PQC.
- Thomas Ptacek argues pure PQC avoids wasting elliptic-curve compute once cryptographically relevant quantum machines exist, pushing a PQC-only future.
Why Hybrids Became The Default
- Hybrid constructions combine classical (X25519) and PQC keys and were used in major rollouts like Chrome and Cloudflare.
- Thomas Ptacek notes hybrids were FIPS-compatible when PQC is listed on the left, which influenced deployments.
Don’t Deploy Risky Algorithms Without Purpose
- If you worry PQC could be broken, question deploying it; deploying broken algorithms offers limited value.
- Thomas Ptacek challenges simultaneous fear of quantum and insistence on hybrids: if PQC is risky, why deploy it now?