“It’s Quite a Shock”: The Quantum Deadline Is Real
主講人:João Tomé, Sharon Goldberg, Bas Westerbaan
最初直播時間:4月14日,上午11:00 - 下午12:00 [EDT]
In this World Quantum Day special edition of This Week in NET, host João Tomé is joined by Bas Westerbaan (Principal Research Engineer) and Sharon Goldberg (Senior Director, Product) to explain why the timeline for post-quantum cryptography may be arriving sooner than expected.
Recent research suggests the number of qubits required to break today’s encryption could fall dramatically, accelerating the urgency for companies and the Internet ecosystem to migrate to post-quantum security. Google has set a 2029 migration target, and Cloudflare is working toward a similar timeline.
Bas, who has spent years deploying post-quantum cryptography at Cloudflare, explains why the shift from theoretical risk to practical planning is happening now, what “Q-Day” would actually mean, and why upgrading the Internet’s cryptography is one of the largest coordinated security transitions ever attempted.
The episode also covers the difference between post-quantum encryption and authentication, how quantum computers work, and what organisations should start doing today to prepare.
Check the Cloudflare Blog:
blog.cloudflare.com/post-quantum-roadmap
English
文字記錄 (測試版)
People only start working when there is a near the deadline, right? I mean, if we're honest, people would have slacked off until the deadline anyway.
So it's not really like it's different.
It's just a kick on the arm. So that's one thing. And another is one of the other fevers at the moment, AI, of course.
If this news would have dropped only half a year before, I would have been much more concerned because the task is enormous.
Hello, everyone, and welcome to This Week in NET.
It's April the 14th, 2026. So it's World Quantum Day.
So this felt like the right moment for a special edition on quantum computing and post-quantum cryptography.
And also because there has been urgent news on the matter.
Also, this week, you should check our blog for our Agents Week announcements.
There's a lot of amazing stuff there to explore. So stay tuned.
I'm your host, João Tomé, usually based in Lisbon, Portugal, but this is not Lisbon.
This is London because tomorrow it's our Connect event. So I'm here in town for that.
We split this episode into two parts, one short and explanatory, giving you some concepts you may need in this area.
The other one is a bit more technical.
So first, we'll go to Boston, where you'll hear from Sharon Goldberg, Senior Director of Product Management at Cloffler.
Sharon helps set the bigger picture, explaining why this matters now, what post-quantum cryptography actually means and what it looks like from a company and security platform perspective.
That includes, for example, Cloffler One as the first SaaSy platform to bring modern post-quantum encryption across the full platform.
And then we'll travel to the Netherlands to hear from Bas Westerbouw.
He's a Principal Research Engineer at Cloffler, our expert in post -quantum cryptography.
And he has been leading this effort for years.
Bas recently wrote about why Cloffler is accelerating its roadmap.
And in this episode, he helps us understand what changed, why researchers are so concerned and what companies also should be thinking about now.
We'll also start with a short clip recorded today, where Bas reacts to feedback on the blog and also answers some of the questions you sent us on social media.
And then we have the full scope of conversation that was recorded two weeks ago.
Let's go into it. Hi, I'm Sharon Goldberg. I'm a Senior Director on the product team inside Cloffler One, and I've been at Cloffler for about two years now.
So right now I work on AI security, post -quantum cryptography, and I've also recently started working on our data sovereignty plans at Cloffler.
So we're at a really interesting moment right now in terms of the post-quantum uplift of the Internet.
In the last maybe three weeks, we've had new research results that were unexpected that really made the community, the quantum computing community, feel like we're getting closer to a day where we will have quantum computers that can actually break all of the public key cryptography that's being used on the Internet.
And we think that that day is sooner than we thought. And what's really interesting for me is that in 2024, NIST, the National Institute of Standards, told the industry that we need to upgrade all of our public key cryptography by 2030.
And now what we're feeling like is 2030 might be too late, like cutting it close.
And that's all really changed in the last three weeks.
We at Cloffler, we're an infrastructure provider.
We provide infrastructure to much of the Internet. And so because people rely on us for infrastructure, we feel it's really important that we be upgraded very soon because everyone else really needs to turn things on and use us and use infrastructure providers themselves.
And so we're going to be ready as soon as we can.
We announced last week that we are setting 2029 as a day for all of Cloffler to be upgraded to post-quantum cryptography.
And the product suite that I work on, which is Cloffler One, our SASE platform, we announced that we'll be ready by 2028.
So really excited about that and lots of work to do.
I'd say if you're listening to this and thinking what you need to be doing, I think the most important thing to do right now is look at your vendors, look to see which one of them supports post-quantum encryption today, because that's pretty much all that's available right now in the market, post-quantum encryption, and then ask them about what their plans are for post -quantum authentication, which is what the Internet is really working towards upgrading right now.
I think it's important that vendors hear this from their customer base because it's really going to help drive the urgency and the process of making these upgrades happen in time for whenever that day comes, when we have those powerful quantum computers.
So let's talk quickly about encryption versus authentication.
Up until now, most of the industry has been focused on something called harvest now, decrypt later attacks, which is something we should still focus on, right?
And that's an attack in which an adversary collects data that's encrypted, stores it, and then in the future, when the quantum computers become powerful enough, goes and decrypts that data.
And so this is a threat if it's something like healthcare data, government data, financial data, all that stuff remains valuable even five, 10 years in the future, right?
So we've been worried about harvest now, decrypt later attacks.
How do you stop those attacks? Post -quantum encryption, which is why as of today, about 67% of the traffic that hits Cloudflare's network from a web browser, for example, is using post-quantum encryption.
And we use it in a lot of other places, including Cloudflare One, our SASE platform.
So that's where most of the progress has been made by vendors up until now.
Now, what's changing is that there is now going to be an emphasis on post-quantum authentication.
So authentication is needed to stop someone from getting into a system that they're not authorized to access.
So think about after we have these powerful quantum computers, if someone can forge credentials to a system using a powerful quantum computer, they can get into that system.
So think about getting into banks, getting into telecoms, getting into infrastructure providers, getting into tech companies, using quantum computers to forge credentials is a really big threat.
And so that's why our concern now in the industry and what we're doing at Cloudflare where a big focus is, is on post-quantum authentication.
And so you're going to start to see vendors talk about that.
And the last thing I would say is that as you're thinking about this, you know, you talk to your vendors, see if they're supporting post-quantum encryption today because they should be, and then see if they're supporting post-quantum authentication in the future and what's their roadmap for getting that work done.
You work in this area for a few years, encryption and post-quantum included, and you have students.
Can you give us a run through of what excites you the most in this area?
Why do you like this area in particular? What should people know about that?
I mean, I'm really excited to work on this because I'm currently working at Cloudflare, which is a great place to actually have an impact on the Internet's cryptography.
I used to work in a university where I would be kind of going to people, companies like Cloudflare, going to the ITF and suggesting things, but being at Cloudflare and being able to make those decisions is just really, really exciting.
So I'm having a really good time working on this cryptography uplift across the company.
Can you tell us about the blog post that was launched this week where you participated in?
Why is that important and people should care? This week, we released Cloudflare's reference architecture for enterprise MCP.
This happens to be something that I've had tens of customer conversations about.
I get pinged every other day for someone asking me to meet their customers and talk about how we've adopted MCP in the enterprise.
And so we decided it was time to really just write down what we've done internally and write down how do you build these secure architectures.
And actually, it's not just about security, it's also about cost control and making it easier to discover things and use things.
And so we wrote that all down and it became this giant reference architecture that I'm really excited to release in partnership with so many people across Cloudflare.
And you can find it on the blog and it's part of agent week.
So I hope you'll take a look and read it.
Hello, Bas, and welcome to This Week in Ed. We're actually doing this on April the 14th.
There will be a conversation that we had a couple of weeks ago, but we're doing this bit of conversation to do it on the actual World Quantum Day, but also after you publish a blog post.
Can you explain to us what that blog post was about in terms of the 2029 perspective?
Yeah, Joe, great to be here again.
We will get into it, the why and the how, but the short of it is given the recent advances in quantum computing on the hardware and importantly, on the software side, we feel that we really have to accelerate our timeline.
We're targeting now to have Cloudflare fully post-quantum secure by 2029.
We're also sharing some intermediate milestones.
We'll have support for post-quantum certificates on Azure 2027 to origins this year.
And our SASE suite Cloudflare 1 will have support for it early 2028.
And we'll have more deadlines as we figure them out. We're still trying to figure out how we get all of this done in time.
We'll keep you apprised.
One of the things that surprised me the most in our conversation that people will see is first how immediate and urgent this is, but then how important it is in terms of not the tech industry, the whole, all of the industries.
And can you give us a run through on the feedback that the blog had, our announcement that we're actually pushing the date for 2029 to be post -quantum secure?
Yeah, so Cloudflare is, I mean, we're not the only player on Internet, right?
And for a user to be secure, for a business to be secure, all of their vendors, everyone has to be secure and be able to talk in the same way, right?
There's a lot of work there. And one part of that is getting everyone aligned on the urgency and how to move forward together.
And we've been very pleasantly surprised by the feedback here on how much this is seen as a big step.
First, of course, we had Google announcing that 2029 timeline.
Now we, and I feel there's a real shift in perspective here, luckily, because we'll need that to get everything done in time.
Exactly. It's a big task. And one of the things that you mentioned in the blog is post-quantum authentication, also really important to be ready.
Can you explain folks what is post-quantum authentication in this situation?
I think we'll get to it in the... Yeah, I think we did. I think we did.
Short of it. I think we did. The short of it is people have been thinking about data, right?
About store now, decrypt later, harvest now, decrypt later. That's been the story about quantum.
And that's the story if Q day, the day that quantum computers break, cryptography is far away.
So then it's about the data that's stored now and could be decrypted later by a quantum computer.
But once Q day comes closer, uncomfortably close, the thing that we have to worry about is access, because cryptography is used to secure data and access and more things, but mostly data and access.
And if the day arrives that there is a quantum computer, every access management thing, a login or a certificate or signatures that are not quantum secure, the quantum attacker can use them.
They can access systems and then do whatever they want there.
They can steal data, of course, but they can also bring it offline, extort you, whatever they do.
So that's the thing. The closer Q day comes, the more urgent also having post-quantum authentication certificates becomes.
Sjoerd Of course, of course. And we're going into details in the conversation that's following next, but we have a few questions that were done online that I wanted to ask you.
One is from Quantova, a global, how should systems reason about security once it becomes time dependent?
So it's latency, exposure, windows, how can that be?
Yeah, so this is again, thinking about, very much about Harvard's now decrypt letter thinking, but about exposure with no data, that depends on the data.
But I'd say to be secure with access, you have to upgrade everything anyway.
So you cover that too. But yeah, you also have to think of the data, but upgrade now.
Don't think, oh, our data is only valuable a few years. Takes a few years to upgrade, so better start upgrading now.
Another question is, do you have any insight into how Cloudflare should ideally treat client devices that can support a post-quantum encryption key exchange by 2029 using network security policies?
Yeah, so this is a great question. The thing is, is that it's unreasonable to expect everyone to upgrade.
Just like today, some connections are not using HTTPS at all, right?
It will depend on the use case and on the customer, right?
Some bank might want to take the action to disallow it. Maybe not, they'll have to figure out what's best for them.
You might add a toggle if there's enough questions for that, but that's really a question of what should be done.
But there are ways to prevent downgrade attacks without this, but it's a great question and something we will write about more as well.
Many of these are actually things that we're still trying to figure out, right?
The researchers, the industry, it's not always like a clear answer specifically.
Yes, but one of the best browsers are also, we're very much on top of this.
We're talking with them and it will be probably, it will be like how we treat it with, how we treat non-HTTPS.
So a plaintext connection today, there will at least be an interstitial.
But the nice thing is with post-quantum, we already have the first step.
We're already in the TLS land, so actually we can do a bit better than just the tricks we do for HTTP versus HTTPS.
Good feeling there. Another one is, don't you think that regardless of which benchmark we consider, it's concerning that the Shor's algorithm proposed in 1994 has seen rapid theoretical advances, yet experimental implementations remain extremely limited?
Yeah, so this is about the question, quantum computers haven't factored 21 yet, why should we worry about it?
I mean, it's, I can understand the, I mean, it's an obvious question, but if you look at how the algorithm works, how quantum computers work, is they are noisy, which means that you need error correction to make sure that you can have a longer computation.
And there's a lot of baseline overhead to this. So you need a lot of qubits and computation just to get the basic algorithm running.
And this is well known to people in the field.
Scott Aaronson compares it to, you wouldn't expect a small nuclear explosion, right?
You need a big, quite a amount of fissile material before you can get a nuclear explosion.
And when you get it, it's damn big.
Exactly. That's a good analogy, actually. But it gives, it gives us that are not the experts perspective for sure.
There's another one, which is how real is the harvest now, decrypt later threat today.
And also how do you build a business case for urgency when the threat is by design invisible and what indicators or real world assumptions are organizations actually using today to justify the action?
Again, this is about priority between data and access, right? But again, I would say in a way, the impact is not new.
People deal with data breaches every day.
People deal with ransomware, people gaining access to the system every day.
The big difference is this will happen all at once. It's not just one system and you just deal with it just in time.
Every single system, if you haven't prepared for it, right?
So, so I mean, this is the urgency. And the potential for chaos is much bigger, right?
Because all at once it's, it's chaos. It's not one company.
You can't do this just in time. You really have to, we are comfortable with 2029.
So do with us what you will, but we really feel we should be ready by then.
These are the questions I have. This was great, Bas. Anything you want to say for folks that are just about to see a bit of our conversation about quantum, one thing they should know?
Enjoy and also there will be a link to the blog here.
There will, there will be a link to the blog for sure, because the blog is much more complete in terms of giving the timeline of actually putting together some concepts and links.
Thank you, Joao. And thank you, Bas. The rest. Hello, Bas. How are you?
Hi, Joao. Great to be here. We spoke many times, but folks, of course, don't have that context.
For those who don't know, can you explain to us a bit of your background, how things started for you in terms of research, your interest in these types of areas?
Distant path passed. I worked on the theory behind quantum computing, but then I switched sides, so to say.
And for, I think, first time I joined Cloudflare was, I think, seven years ago as an intern.
I have been working on deploying post-quantum cryptography all the way since back then to help protect the Internet against the then quite distant threat of quantum computers.
Even before that, just give us a run through in terms of where are you based, how you became interested in the area specifically.
Ah, yes. So I'm here in the Netherlands.
I studied mathematics. I always had a keen interest in physics and security.
I ended up doing a PhD on the topic of theoretical foundations of quantum computing, but with a professor in computer security.
So in the group, there would always be people working on post -quantum cryptography around, and I would avoid working on my actual thesis.
I would enjoy implementing some post-quantum cryptography.
So that's how I kind of rolled into it. I had a quick stint in London doing a postdoc at UCL, where I also first did an internship at Cloudflare.
Since I tasted industry and the research there, I said goodbye to academia and have been very happy working to help improve the Internet at Cloudflare.
On that regard, it's a fascinating topic that has become, I would say, even more fascinating in the past few years that you have been working on it.
What drives you first for quantum computing, for quantum areas specifically?
So quantum actually is really interesting.
When you first hear about it, it also seems a bit magical.
And it got me quite annoyed when people would say the cat is dead and alive.
And when I got the chance to actually do research on it, I thought, yes, let's go figure out how this stuff works.
Still, it's, I don't know whether I can say I completely understand why a cat is dead and alive, but it's good fun.
It's a difficult topic in a sense.
Yeah. The mathematics is very clear, at least. The mathematics is very clear.
What it means, that's the hard thing. But from there, from the mathematics, from the physics, it's very clear that quantum computers will be a thing in the future and they will break cryptography.
So when I had the opportunity to do an internship at Cloudflare to help figure out whether this post-quantum cryptography can be of any use, I stepped on it.
It was clear for me that this will be useful in the future.
I didn't know when. Yeah. I remember as a journalist writing about these topics and we were seeing many news about it, but it seemed like groundbreaking, but it seemed that it was stalled after a big announcement.
This didn't change too much. So the big change was always a few years more, a few years more.
But in recent years, really interesting to see how the quantum research and industry even has been evolving.
For those who are not experienced in this topic, what would be the explanation that you can give us in terms of the evolution and importance of this topic in particular, the quantum computing possibilities really?
And where are we at right now? Yeah. So quantum computers, you can best see them as a kind of a specialized hardware.
They're like maybe graphics cards.
You can perhaps compare them to them. A graphics card can't run your operating system.
A graphics card does only quite specific things.
The same with a quantum computer. They're really great at solving very particular problems and they're very fast with that.
One of them is that they allow much faster simulation of quantum mechanics itself.
You use the thing to simulate itself and that has potential applications in better material materials.
Instead of making a material, testing it, you can simulate it better.
And so there are many tentative applications there.
And also it's, we don't have it yet. So it's a bit hard to completely figure out, but there seems to be a lot of promise there.
That's on the constructive side.
On the rather more destructive side, the kind of the unfortunate part of quantum computers is that they allow us to break two key pieces of cryptography that we've come to rely on, which is RSA and elliptic curves.
And actually one of the blog posts that is most popular from the Cloudflare blog is a 2012 blog from Nick Sullivan about elliptic curves and its relevance for cryptography to make our data, our information secure in an encrypted way, quite important.
And one of the scares regarding the quantum computing possibilities is those, those keys that are keeping things inside what we think are safe safes, let's call it like that.
Those could be broke by the possibilities there.
Not currently, but that's a big possibility, right? What can we explain in terms of how cryptography works currently and how it could be put at risk with these possibilities?
Yes. So cryptography is everywhere. We've had this cryptography for almost 50 years now, and we've had 50 years to put it in basically everything around us, right?
Even if you don't use cryptography directly, I mean, the companies we deal with every day, everyone, everyone relies on cryptography to keep things safe and for different things, but mainly it's for confidentiality that someone reading along can't see what is being transmitted.
That's an important one, but also for authentication that we know that the website you're talking to is actually your bank or the bank card or paying, that's all cryptography.
The trust element, like, you know that this is who we say it is. That's quite important as well, of course.
Yes, exactly. Yeah. Yeah. Yeah. I'm really the holder of this card.
It's me who's paying. It's Google we're actually connecting to when you search something, et cetera.
And breaking that, going back specifically to the possibility of that being disrupted, Koffler and you have been one of the most important people doing that, has been working for several years now with the industry, because all of these things must be done with the industry to have post-quantum cryptography in place.
We have actually a page on Radar that already shows how much percentage of the web that goes through Koffler is protected for post-quantum cryptography, but how post-quantum cryptography came about and how it has evolved really.
And these are two questions. So, so yeah, so the, so what, so the problem is RSA and let the curse, they are bust, right?
When the quantum computer hits, which maybe spoilers can be quite a bit sooner than everyone expects.
So we need to solve that. Luckily we can solve this. Usually when we talk about this, sometimes people think, oh, we need a quantum computer to protect ourselves against, against quantum computer attack.
That's not the case. It's not, you don't need to fight fire with fire.
So the solution is just use cryptography that's resistant against quantum attack.
It's just, it happens to be an unfortunate coincidence that the two main pieces of cryptography we use, RSA and elliptic curves are both vulnerable to quantum attack.
That's, that's rather unfortunate, but luckily there has been, there's more cryptography around and most of that is actually resistant to quantum attack.
And the one that's actually deployed now a lot already, more than half of the visitors already use it.
It's lattice-based cryptography.
Lattice-based cryptography is, people think that must be very new.
It's new that we use it a lot. It's, it's, it's now a few years, but it's also been around for a couple of decades that people have been looking at it.
So new cryptography, but underpinnings are quite a bit older.
So what's out there already?
There has been many news, right? The current news, first, we're actually doing this and recording this for those news, because there has been some news there.
And also on April the 14th is actually a day worth celebrating, which is World Quantum Day, an international event that most people didn't realize that existed, but that said is a good, also a way to talk about these topics.
But on the news front, there has been some news, especially from Google, but not only Google, Caltech as well, right?
That has been changing the dynamics of how soon do we need post-quantum cryptography, right?
Can you explain to us those news specifically?
Yes, it's, it's quite a shock. So when I started, I thought not before 2035.
It's a bit, it's a bit hard to say with, with quantum computers, because you're building something from the ground up.
You don't yet know how to do it.
And you need to figure out there's engineering challenges to solve, right? But there's not just one approach to quantum computers.
There, there's a bunch of them.
There's superconducting qubits, ion trap, neutral atoms, several more. And each of these approaches has their own problems.
So 10 years back, you would think that's a lot.
Will they get there? It's like, maybe one will not hit the wall.
Maybe worth mentioning that that's also because, and please correct me if I'm wrong, that the, the way that quantum computers work, qubits and all that is so different from what we know that computers work today.
The binary thing is so completely different in ways that it's actually really difficult to explain some situations that making them work properly with a good output is the thing that is the issue.
It's a bit like physics or the people are waiting for free energy from a fusion, cold fusion.
Oh, it's 10, 15 years for 50 years now. And with quantum computer computers, there's a bit of that as well, but maybe 10, 15 years, and it's been lagging because it's a different beast and technology completely difficult to comprehend, right?
Well, that was the feeling certainly 10 years ago, but all of these approaches, I mean, I would have expected maybe some to peter out, but at the moment, many of the approaches, they are on the frontier now.
They are, they aren't quite there yet.
If they would have solved all the problems, we would be too late.
In terms of cryptography, making cryptography, the current cryptography work and actually people trusting things, that would be like, Yeah, and that would be a real problem, but each of the approaches to quantum computers, they have been making progress, right?
Especially now with the neutral atom computer, the gap there between what they still need to do and before they're able to break our cryptography is uncomfortably small now.
So that we already, we kind of saw that the neutral atoms are more scalable than we thought that was already last year.
But the two pieces that dropped at the end of March are actually not directly on the hardware side.
They're on the software side, because to break cryptography, you need to run quantum software on the quantum computer.
And if you want to know how capable does a quantum computer have to be, you have to know how difficult is the computation, how much memory and speed do you need from it?
And here the improvements have been really staggering where original estimates were in order.
You need maybe 200 million qubits, 200 million qubits to do anything.
That dropped to a million in 2025.
And that dropped again with a more clever algorithm.
And that dropped again with better error correcting code, because it's not just the software as it is, it's also how do you optimize it for a particular quantum computer?
And especially the neutral atom ones, ones where the qubits have nice connectivity, good connectivity, there it turns out that you can be really clever with error correcting codes, much cleverer than expected.
And so the big two announcements were of Oratomic, of the spin-off of Caltech, where they figured out you can do much better error correcting codes than anticipated on neutral atom machines.
And the other breakthrough is an even better optimization to breaking a curse by Google, where very interestingly, they didn't give the algorithm.
They said, this is how little you need. We're not giving you the algorithm because we're scared that someone might abuse it.
But they did give a zero knowledge proof.
So zero knowledge proof is a proof that the algorithm actually works without revealing it, which is I think quite exciting.
And revealing it could be dangerous because if it's really effective, the danger of revealing it could be relevant of others using it for we don't know what really, right?
I think the right way forward is responsible disclosure where progress is made in public.
Like we always do in security. Progress is made in public. We adjust to it.
That's responsible disclosure. But I think when this comes near and with the risks that are on the table, I think we will see more progress move out of the public eye.
At least as we see here, Google gave a zero knowledge proof.
So to their credit, they are actually telling us something with that. They are telling us something, yes.
How scared are you with those things? I'm really worried.
I'm really worried, yes. I don't think there's... But when a researcher like you says, I'm really worried, I'm worried.
And why is the question, what is the risk?
Well, so if the quantum computer would arrive in 2035, and I think this shows it could be much earlier, even if it would arrive in 2035, I think it's really tough for everyone to hit that target, right?
In terms of post -quantum cryptography, things being protected for quantum computers.
Yes. Cryptography is everywhere.
It's all around us and every single thing needs to be updated to remain secure.
Hopefully it's just a software update, but sometimes cryptography is baked into the hardware in a way where you need to replace it.
Are you looking forward to replace your car because it had a remote control?
I'm not. True.
Even banks and there's all sorts of banks and telecommunications providers, authentication to services where you have some relevant data.
Authentication is quite important as well.
Oh, I just authenticated this and I'm protected, or I do the two-factor authentication.
There are concerns there, right? Yes, definitely.
I mean, it's basically, we would make a list now of where is cryptography used?
Well, everywhere. And how is it used for a lot of things, right? It's a lot.
And so 2035 is tough if you look at the whole industry already, but if you look at what this means, it's clear, although they don't say directly, it's clear from Google's focus.
They moved their timeline to 2029 and they say, we're going to focus on fixing authentication.
And that to me tells that they're worried it's very soon after.
Because post-quantum authentication is only useful if quantum computers are near.
If they're not near, post-quantum authentication doesn't give you anything.
So that tells me that they're worried about a quantum computer could arrive in 2030.
Actually, just to give folks a bit of the news there on the specifics, Google announced that it's preparing for a possible 2025 Q-Day.
2029. So they set that target to migrate all of Google by 2029.
Exactly. And that's the timeline for cryptography.
And it suggests that that transition is really being, if there's a date, it's because they think that date is important, right?
Yes. And it's a large infrastructure.
What in a sense can we say about Q-Day? What is Q -Day here specifically?
It's when quantum computers will be actually ready to do actual relevant things with real world impact.
Is that it? So Q-Day, Q-Day is kind of a shorthand, right?
Q-Day is the day that the first serious cryptography gets broken by a quantum computer.
There are some, sometimes people, they complain about Q-Day because it will be more of a long period, right?
Initially, attacks are expected to be slow and expensive and maybe only attack elliptic curves and not yet RSA.
And at a later date, it might be so. So there's nuance here. When actually quantum attack is relevant for your cryptography and relevant to the adversaries you are worried about, that will differ.
But still Q-Day, I think it's an important shorthand.
When are the real attacks starting? So it's related to the cryptography part.
One of the things I'm curious, first, it's close to doom day, which it's a bad example here maybe, but it's definitely scary.
Oh, Q-Day. And if there's a date for it, it's definitely for people to have in mind.
Another piece of information here that could be relevant is in what way those that will have access to those quantum computers.
First, actually, will, after this is reached by a company, let's say Google, will other companies will follow with their quantum computers or is it focused only on that technology from that company that generated?
Yeah. So Google, they have a branch that works in a quantum computer, but actually they were pursuing silicon-based, superconducting silicon based quantum computers, not the neutral atoms.
Well, they just bought a startup. So they're also pursuing neutral atoms now for, it turns out, a good reason.
It could be Google, that's the first one, but across the world, not just the US, Europe, China, all across the world, there are many labs pursuing all different approaches to quantum computing.
So it's not clear at all who will be first.
But after one is first, if it doesn't announce how it got there, will the others follow easily?
We know that technology, even by very relevant things like even atom bombs, that technology flows sometimes faster than one would expect.
What is the feeling there? Yeah, certainly once, even if the details are not known, once you know that something is possible, it makes it much easier to focus, right?
It will not be long until others have caught up.
Makes sense. In terms of the importance here, if, and this has been talked with other technology, AI, we've been speaking about, hey, if this technology will be reached first, Gentic, AGI, by this government or this country first, we'll be behind and that's relevant.
Do you think it's the same situation here?
Whoever gets that first will have the keys, in a sense, that will be really relevant.
It will be, you will get a lot of access if you have a quantum computer, yes, yes, certainly, yes.
I don't just worry about nation states. At some point, even petty criminals will have access to them.
There's billions and billions and billions of investment in quantum computing, just in single countries, private investment, and they will want to recoup.
It's really hard to actually tell what a quantum algorithm is doing once we have, I mean, there are already quantum computers in the cloud.
They're just not capable enough to crack cryptography yet, but at some point they will, and it will be open to anyone.
We, on radar currently, we have how, around, over 60% now, I think, of the web that we see is protected by post-quantum cryptography specifically.
Even if we reach 100%, which is the main takeaway from, in terms of the industry, of getting to Q-Day, that won't give the whole protection, right?
You mentioned hardware, you mentioned like little companies, many things, banks and things like that.
It's not only in terms of websites and traffic of websites, it's the other part as well.
So even if we reach 100% there, are all protected, right?
Let me add an asterisk there, so that 60% is post-quantum encryption to counter store now, decrypt later, where an attacker stores encrypted communication and after Q-Day decrypts it.
So this is very relevant now, right?
This is something you want to do yesterday, right?
To protect your data. And that's why we have deployed it since 2022. It took a while for, so it's enabled at our sites, on any website you put on Cloudflare.
Even free ones, right? Yeah, all free. We do this for free, right? We think security is the baseline for the Internet.
So we enabled this for free. Not all browsers, the big browsers, the browser also needs to enable it.
The client that's the visitor that's connecting, big browsers have done so.
And so that's why we're at 60% or so, but it's a lot of old software around, old hardware around that hasn't been upgraded yet to support it.
But this is the store now, decrypt later.
It's not yet authentication. We haven't deployed it yet because we thought Q-Day was, we still had some time.
Further away. There was no use, but we're going to deploy this next year.
We are working with, again, we are running now an experiment with Chrome to test out post-quantum certificates, Merkle tree certificates.
It's running now in Chrome as an experiment. And we hope to roll this out in production next year, in 2027.
Yes. So that our edge is fully post-quantum secured in preparation of Q-Day.
You also had a, that's not all. Of course. There's internal.
We have a lot of connections. We have connections going out with all kinds of various products where cryptography is used and all of them we'll need to upgrade.
Most, the vast majority of them we've upgraded with a store now decrypt later protection, but we'll need to add in post-quantum certificates and we'll do that.
Those later will be. Yes. These will be added. We are matching Google and we are getting that done by 2029.
So the idea is to have the full stack of possibilities there ready for that possibility that is just around the corner in the sense and the Internet turn for sure.
Yeah. It's a huge task. There's, I mean, we have so many internal services and product.
I mean, I don't even know all the products that Cloudflare has.
We need to figure out for each of them, what the impact is, which do we need to upgrade first, et cetera.
So we're on that now. And we're figuring it out.
It will be a fun few years. I bet, but it's full throttle, right?
What this news brings is a concern and also a, this is a priority and urgency much more than we were actually expecting in a sense.
Yes. It's, I mean, it's always nothing ever happens until it does, right?
That's the thing. That's the thing. Yeah. 2026 has been a crazy year.
True, true. And in other realms, even of AI as well, but this one is quite important if everything plays out as it seems that is going to play out.
What more can we say about some of the news that was around? You already mentioned the Caltech one, but the 2029 date seems to be a norm now, not only from Google, right?
It seems to become now a real target even for others, right?
Yeah, we're starting to see that actually it's not, so Google targets 2029, whereas actually they implicitly, they think that a quantum computer could arrive 2030.
But if you look at some other comments, the CTO of IBM QuantumSafe says that he could expect a moonshot quantum computer by 20, puts the deadline on 2028.
Prepare for that.
We are also preparing for 2029. I expect Google was not the only organization with timeline concerns.
So I think we'll hear a lot more announcements very soon and probably a few more after this has been recorded.
True. If it's really, really big, we just go come back and do a follow-up even for a few minutes.
One of the things, and we spoke about this over the years many times, I'm actually doing a project you helped called Randomness Playground that has a post -quantum key that grows, which is kind of cool.
But one of the things over the years that has been interesting is sometimes there's news and I go to you and you say to me, oh, there's a lot of hype there.
There's a lot of marketing there. I can see it.
It's not as relevant as they say or something like that, which is not the case here.
So I'm a bit more worried because of that. Usually you're the, this is a bit of hype guy and not in this situation.
Yeah. It's also really cool. It kind of caught me off guard.
I wasn't used to thinking about such an earlier timeline.
You have to really click to start thinking about, oh, okay, shit. This is, sorry about the language.
No worries. We're not in broadcast TV here. So maybe, maybe I do want to add some positive notes to say some positive things.
It's not all gloom and doom.
So the first is people only start working when there is a near the deadline, right?
I mean, if we're honest, people would have slacked off until the deadline anyway.
So it's not really, really like it's different. It's just a kick on the arm.
So that's one thing. And another is one of the other fevers at the moment, AI, of course.
If this news would have dropped only half a year before, I would have been much more concerned because the task is enormous.
And it's not that the task of upgrading is each bit of them is necessarily difficult.
I mean, there will be hard cases.
There will be things you can't easily replace or need to do something very clever.
But in most cases, it's just, it's just a software update in most cases, but it's, it's a software update to software.
You don't know if you, where it runs, where it is, or if you have it.
And for these mundane tasks, these LLMs, they are absolutely fantastic.
I'm quite a bit more optimistic about getting this done quickly.
Thanks to this other frenzy of LLMs.
Exactly. Agents, and that's already here completely and making a difference with a bit of slop, but things are getting better each day.
So that's exciting as well in this area, because deploying things and making changes, if that becomes even on the software side, that if that becomes easier, that will also help this part.
I don't trust them to write the cryptography just now, but having them help, help you out to find it and being the first line of support for helping engineering teams upgrade.
I mean, if you have an engineering team, cryptography has been so successful where it's hidden away from the developer.
A developer, they connect to a database, right?
You go to a website, you don't have to think about the cryptography and that's how it should be.
But it also makes it hard to figure out if you're using cryptography and where and which and how, and if it's post-quantum.
And this is where LLMs can really help out with figuring out for you where it is you use cryptography and if it's already upgraded.
While we have you here, it's maybe a good opportunity to explain some topics because those are always relevant.
You know, not only about post-quantum encryption, but also the quantum possibilities.
Even thinking outside a bit of the encryption part, what are the hopes?
Let's see the positive side of a quantum computer in terms of a real one that could do...
There are common quantum computers, as you said, currently, but the ones that will break encryption, but also having good possibilities in terms of output.
You mentioned real world examples and hardware and things like that. What are the capabilities and hopes that there are in terms of quantum computers, even for a quantum Internet, maybe?
Quantum Internet. Yeah. So as I said at the... So one application of quantum computers is simulating nature itself.
This was the original application of quantum computers when they were first proposed.
If you want to simulate nature now, it is difficult because quantum mechanics requires you to keep track of...
It's a bit oversimplified. Keep track of all possible worlds in a way to actually simulate it.
And that's slow. That's slow to do. But with a quantum computer, that's quite a bit faster because you have nature available to you directly.
So that's the original application and that can be used to simulate how new materials will behave, maybe medicine.
So here it is still very early because we don't have them yet.
So we don't really can play around and see what works well and not.
But that's certainly one of the big promises advances in material science.
I mean, materials, if we look back at the ages, I mean, it's the Iron Age, it's the Bronze Age, it's the Silicon Age.
It's the materials that really shape technology.
And so, well, let's see which new materials the quantum age brings.
True. That's more important than it seems for sure. And as a former journalist, one of the things that we always learn in college is the medium is the message type of thing.
With the medium, and this comes back to robots, will robots be sentient?
Will they be conscious? Even that part, for example, that's like the medium is a message type of thing.
So the medium you use will also inform what you say, the possibilities.
You connecting to a robot is, or you downloading your mind to a robot, there's movies with that.
That's also, if the technology and the actual hardware works, the material work, things will be possible that you didn't think those would be possible.
There's many sci-fi movies with that, an area that I love, to be honest, but the possibilities are quite astonishing.
Even airplanes, we see on movies, spaceships doing amazing stuff with things that don't exist currently, but maybe with quantum computers doing new materials, new possibilities for materials.
Some things only the realm could be real.
Of course, this is too much sci-fi right now, but quite interesting to think about specifically.
Yeah. Downloading minds into computers does well.
That's absolutely, absolutely, but we don't know for sure. We know about the cryptography part because that's more immediate for sure.
One of the things maybe you can explain to us a bit there is the way the quantum computers work that is behind this.
There's this neutral atom perspective that you spoke. Can you explain to us the difference, neutral atom, qubits, differences between the binary computer these days?
In a way, everything where something can be one thing or another, a one or a zero in nature is already a qubit.
If you have a photon, it has a polarization.
These glasses where if you turn it, then it blocks light or not, it's because a photon, they have a polarization.
Already the polarization of it is an example of a qubit.
Whether an atom is vibrating a little or a lot, whether anything that can be there or not is fundamentally quantum mechanic and is a qubit.
The only problem with, so you can make, I mean, just like you can create a zero and a one from whether there's electricity or not, whether there's water or not, whether there's a pressure or not, whether there's a mechanical switch is flipped or not.
You can make qubits from basically everything. The problem is that it's controlling the noise because qubits in nature, they are very much analog, right?
They are directly influenced by everything around it. So it's all about how can you get some, I mean, you just take anything that can be on or off really, but how do you protect it in such a way?
How do you do it in such a way where there isn't that much noise influencing it?
So with the superconducting qubit approach, they have a little radio resonator.
I don't know if you've done electronics, it's like a coil and a capacitor.
I mean, that's basically the analog.
On the silicon, they put a little coil and a little capacitor and then you get a, it starts to resonate and either it resonates in the ground state or an excited state and that's the qubit.
And now normally there's noise, but what they do it, they put it in a very expensive cryogenic fridge so that it becomes superconducting.
And then there's very little noise and that's the qubit there. In the neutral atoms case, they have in a vacuum, they put, I'm not really a physicist, no, what is the letter?
Rubinium, I think. They put them there and also there it's the excited state, which is the qubit.
But you can also have them with photons.
Photonics uses photons and you have ion traps where it's like neutral atoms, but it's not neutral.
They're charged, they're ions. And so they can use magnetism to keep them trapped and out of the noise.
And each of these has different pros and cons.
With some it's, they're inherently more stable. Some, the operations are slow.
It takes time to work with them. With all of them, they're very fast.
So the silicon ones, their operations are very fast. They compute fast, but they have more noise.
With the silicon, you have a grid so qubits can only talk to each other, which isn't annoying if you want to do something between two qubits far away.
Whereas with the neutral atoms, you can use tweezers made out with lasers.
You can just move these neutral atoms around, which is actually one of the huge deals with them because that allows you to do much more efficient algorithms actually, if you can move them around instead of having to do a long chain of operations.
There's a lot of possibilities. Yeah. Which is interesting, but also shows us that it's something that's still in experimenting stages specifically in terms of the methods there.
Yes, but the gaps have been, the engineering challenges, they have been just hammering them out for each of the approaches.
There used to be a long list for each. How do, I mean, how do, so there was an array of 6,000 neutral atoms just last year, whereas a few years ago, it was inconceivable to have more than maybe a couple.
So for each of the approaches, the different labs around the world have been solving one challenge after another.
And now the list of challenges for each approach is frighteningly short, especially for the neutral atom ones.
Is there a perspective, maybe too much in terms of possibility, a perspective of which architecture will potentially win or if many will potentially win?
So last year I thought superconducting silicon, that one looked best, but now neutral atoms have leapfrogged.
Which one will win? I don't know.
Let's see. The future will say that specifically. But also they have their advantages.
So one thing is that the neutral atom one, the first generation of them, they will be kind of slow as in they are stable.
They allow for the rearranging, which allows for very efficient algorithms.
But it will be, to break a key, it will take hours or days even.
So not very fast. Whereas if you have a scalable superconducting silicon quantum computer, those are probably pretty fast.
Once they're out, maybe not the first one, but it's very likely that such one will be able to break a key in perhaps a minute or so.
So that's also a completely different threat model.
And so far, both neutral atom and superconducting silicon, they don't show sign of hitting a wall yet.
The neutral atoms are ahead. They're probably, at the moment, they seem to be the first one.
But the superconducting silicons, they are not far behind.
Neither are the trapped ion. So it's a whole field.
It's a whole field, of course. But we mentioned a bit of quantum Internet.
What is that? Is that a real thing? What is it? Yeah. So the Internet we have now, that transmits bits, bits, bits.
So it allows computers to talk to each other.
So quantum computers can also use the Internet, but they can't transmit quantum information.
You can't send a qubit over the Internet. In packets, inside submarine cables.
Well, actually with the cables over, you can send qubits over fiber optic using photonics, but you need different hardware.
You can't just use an off-the-shelf router.
To read. To read. Yeah. To read and to transmit. To actually send qubits between quantum computers, to communicate in a quantum way, that requires new technology and new kind of routers.
And this is the quantum Internet, the Internet where you connect quantum computers.
Application there is very specific, of course.
Maybe you want to connect to quantum computers to do one algorithm bigger, or there's, I mean, there's many different things you could do there.
It will not be, the main Internet will not be the quantum Internet. The quantum Internet will be the connection of quantum computers.
It will be the Internet for quantum computers.
Yes, that's great. I like that. Yeah. So that's great. I think that has, it's an obvious next step and that has promise.
One question that comes specifically about Q-Day in a sense and all these worries is thinking from the company side, what should companies actually do right now if they want to prepare?
Is there something they should do? Any call to action that we can suggest?
Or is it just for infrastructure companies specifically currently? So the timeline is tight.
There's not enough time and organizations have only limited resources, some organizations more than others.
So the most important thing I think is to start now by trying to understand, not to find all the places where cryptography, not the what, but why.
What are your essential systems? What is it you're trying to achieve?
And what happens if that you don't have the security anymore?
And it might sound a bit negative, but to reduce the panic, just think, what if everything is broken and we don't get to upgrade in time?
What will happen?
What will happen? For some things it's bad, but for a lot of things it might not be that bad.
There might be solutions. For instance, if you go to your office, there's a gate, it's called.
When you go to the parking, you mean? The parking gate.
There's cryptography in there. It's probably not post-quantum secure. Is it a big deal that someone with access to a quantum computer can park for free?
Probably not.
And probably no one will do that just because it's not necessary. Although with AI, they can spread out chaos.
So that's also a concern. So really start with what is it that's business essential and work back from that.
Prioritize from that.
We are trying to get really everything done in time. And for us, it's already tight.
And we'll probably have to solve, in some places we have to solve the problem differently than just with cryptography.
We have to change the way we do things because just a direct replacement isn't there.
But it's really, it's about why we're using cryptography.
What do we want to achieve? Focus on that. And you can start that now.
You can start already now. Second is just get started. There's a lot of fear when you touch cryptography as in, as in it's a scary thing.
There's a lot of very long names with letters and numbers mixed in. But once you get started, it's not that bad.
We've seen that in our past migrations, getting post-quantum in the very first product that took the most amount of time.
And once it was in the first two products, the other teams, they, it became new normal and people follow suit.
So make it the new standard. Get started now with, with just pilots.
Don't need to pick it. Just start with one where it's easiest. Get started with pilots, figure out what goes wrong.
You can't plan completely ahead.
You just have to try. There are a few other possibilities that I see as interesting.
For example, let's do a quick fire round of questions. Sometimes those are fun.
One is biggest misconception about quantum computing. Yeah. AES-128 is fine.
No need to replace that. What is AESS? What is that? That's symmetric cryptography.
I think the biggest misconception is that people think they need to replace 128-bit keys with 256-bit keys.
I mean, it doesn't hurt. And if you like it, just do it, but don't go out of your way to replace AES-128 with 256 or to replace SHA-256 with SHA-512.
If you don't need it. The type of the key, right? The type of the key specifically.
This is two out, two kind of symmetric cryptography. They're fine.
They're already post -quantum. No need to, no need to change them for the quantum thread.
That's the biggest misconception. One thing the media gets wrong about quantum computers, maybe that's different now with the current news, but is there a thing that usually the media gets wrong?
There's always the colorful analogies where quantum computers compute everything all at once, which is, it's not true.
It's kind of a quantum computers don't compute everything at once.
No. It's actually way more interesting than that. So if you look at the mathematics of it, so in these algorithms, in Grover's algorithm, the very first step in the algorithm, it basically computes everything at once.
That doesn't help you.
So you have in this state, you have all the answers you want. You have computed everything you need to compute.
But if you open the box and look at it, it would just give you one bit of information, not the thing you actually wanted.
And so the crux in quantum computers is not the computing everything at once.
That's not what they do. The trick is that once you have all the information in there, which is pretty easy to do in the quantum state, you have to, the problem is once you have all the information in there in the quantum state, when you look at it, you only get one piece of it.
To actually get useful information out of it, you have to cleverly interfere the information in the quantum state with itself.
And that's also what makes it difficult to write, to do this in self-interference in a clever way.
But that's really what is the, what is the, where the power comes from.
One thing that I think you already talked a bit, I'll ask, will quantum computers replace classical computers?
No, quantum computers, they're just, they're like a graphics card.
They are an add-on for specific computations.
Exactly. They do other things in a different way than normal computers, but they will, the things they will do will be quite relevant, like a new realm.
Yes. They, they, they have a very specific niche. I mean, way more specific than a GPU, way more specific than a tensor unit, or it's really very specific what they'll do, but they'll be damn good at it.
One I particularly like, which is, is there a favorite cryptography algorithm you have for some reason?
My favorite algorithm is the algorithm that's deployed. And that must be MLchem now.
That's originally called Kyber. I have a sticker of it on my laptop.
Is that the post-quantum one? That's the post-quantum one. It's the one that's protecting, since 2022, millions, billions of connections already.
So that's my favorite.
Because of its relevance or? Yes, because it's deployed now. It's securing now.
Yes. Okay. That's, that's cool. Is there a most elegant cryptography idea you like?
Oh, there's so many elegant ideas. The one I, I, the one I like it's, it's a recency bias, but the one, one idea I really liked is, which is called the vol in the head.
It's a clever new idea, quite recent, with which you can do post-quantum zero knowledge pools.
And this goes quite in the weeds, but it's, it's, it's, if you're a cryptographer listening and haven't looked into vol in the head, have a look.
It's simple and quite elegant. I really enjoyed learning about it. One, one, maybe that could be relevant here as well.
Is there a surprising thing about working in cryptography?
Most surprising thing that you've encountered? Working with cryptography?
Yeah. So the most surprising thing about working in cryptography for you?
I have some answers, but they're not very positive. They're negative.
They bring concerns. The amount of emails I have to dig through to, to get things standardized at industry.
Yeah. Things, the amount of useless single things people can quibble about.
Let's see how it sounds. Humans will be humans, right?
So everywhere. It's a, it's a necessary part of it. Cryptography is not the hard thing.
No. Well, it's, it's, I would guess it's surprising if you didn't say it's not the cryptography that's, that's actually hard in getting it deployed.
It's, it's the getting people aligned. It's, it's all the process things, figuring out where it is, getting people to agree on, on the small details.
Yeah.
That's, that's the challenge. It's not, it's not a technical challenge. Mostly it's really a people, people's challenge.
Yeah. Makes perfect sense. And I've many times in this show and podcast in different areas, security, protocols, there's humans will, will be humans, which is interesting for sure.
I like this one, which is working in cryptography that you've seen how things started like pioneers.
Is there a pioneer that you think is really relevant and you think people should know about in this area?
Pioneer. I think this is of course a bit more personal, but I have to, I'm indebted to my old boss, Nick Sullivan, of course, who hired me and worked on, so I've been here for quite a few years, but, but he was there when, when, when Cloudflare started to super scorn cryptography.
That was a great foresight of Nick.
I actually have another one that I think could be cool here.
One thing developers should learn about encryption, although now we are all developers.
If you're asked to configure cryptography, something went wrong.
Cryptography should be configured in a sensible way by default. Unfortunately, it's not the reality today.
A lot of times to actually get the best security, you have to configure it, but the way it should be is that it's, it's secure by default.
And this has been great. For instance, OpenSSL has enabled post-quantum by default, which means that a lot of people that didn't override the default settings got post-quantum by default for free with the software updates.
And that's also good. Best practices get you really far along already.
Just keeping your software libraries up to date, automate certificate issues and token rotation, just all the usual good stuff and best practices.
They will really help with post-quantum as well.
Of course, because the industry will, if the industry adopts things and companies adopt things to be post-quantum ready, if you just update to the latest one, you'll have that security, supposedly.
In the end, in the end, the migration is a software update and a key rotation in most cases, which is something we know how to do.
We just need to do it in time and don't forget about any.
I have here a few that are a bit personal, but is there a movie or book or show that you really enjoy that you think gets cryptography right or even wrong?
So actually in the matrix, there is, I mean, there's more security than cryptography, but in the matrix, this is very quick scene where Trinity hacks into something.
And it's actually a real vulnerability in SSH that I think that that was, that was very cool.
It was completely needless, right?
Because there was enough suspension of disbelief in the whole movie, but they just put that in.
It was really a actual thing. It's the actual assembler of exploits for vulnerability in SSH.
And recently, I think probably this will be dated, but just last week I went to Project Hail Mary.
That's a great movie. It's a book.
Actually, we have it here somewhere in the library. I also like the positive vibe of it.
We can do it, we can do it, mentality of it against, I mean, clearly a bigger danger than QD, right?
QD is nothing compared to astrophage. I have two last ones.
One is post-quantum cryptography in one sentence that you can summarize, maybe difficult, but...
Post -quantum cryptography, the term itself will disappear, right?
It's just cryptography now, right? It's after QD, there's no post-quantum cryptography.
It's either secure or not. If you want a funny answer, it's big.
It's large. Post-quantum cryptography is large. It's what? Large. Large.
Yeah. It's much more bytes on the wire. It's not slow. People think post -quantum, that must mean slow.
Big means slow. It's not slow. It's fast. It's just big on the wire.
A lot of bytes. Many bytes will be around for sure. And last but not least, the Internet in 2035, quantum safe or quantum broken?
I'll try to be...
I'm going to be positive. It's quantum safe. We'll get it done. Hopefully, for the sake of all of us and companies and bang and...
Not saying you should sit back, but we'll figure it out.
I mean, what's with urgency, then people start acting.
And I hope people see now it's urgent. And once it's urgent, we can move mountains in moments.
That's true. That's humans for you. Oh, well, the bottlenecks will be removed if there's urgency, usually.
This was great, Bas. Thank you so much.
My pleasure. And let's talk more if more comes in the recent weeks and months.
There'll be enough quantum to talk about. It's only April. That's true.
That's true. Many news already and more to come. So thank you. And that's a wrap.
