[Cryptography] Quillon Graph: A private, post-quantum electronic cash system

[Peter Fairbrother]

On 30/12/2025 04:56, Viktor S. Kristensen via cryptography wrote:

>    For the encrypted portions, HNDL absolutely applies. But here's the defense:
> 
>    - Signatures: CRYSTALS-Dilithium5 (NIST PQC standard, lattice-based)

Ummm, (ignoring that they can't be decrypted) signatures aren't really 
subject to HNDL - at later, either they are still secure and can't be 
forged, or it is known that they were both secure and published (if we 
trust the publishing history) or accepted, (if we trust the acceptor) at 
the time of issue, or they can be forged later - in which case they 
can't be relied on later.

>    - Key exchange: Kyber1024 (NIST PQC standard)

I don't know what the point of specifying actual algorithms in a post or 
paper about a new technique is - you can just say it uses post-quantum 
crypto.

Though to impress here it would be best to specify hybrid classical/PQ 
cryptography instead.

While many here do not think that quantum cryptanalysis will ever get to 
the point where it can do something useful, we don't really object to 
people trying to defend against it - as long as you don't throw the baby 
out with the bathwater.

I know this is almost a cliche, but it bears repeating. Bruce Schneier 
wrote: "Anyone, from the most clueless amateur to the best 
cryptographer, can create an algorithm that he himself can’t break. It’s 
not even hard. What is hard is creating an algorithm that no one else 
can break, even after years of analysis. And the only way to prove that 
is to subject the algorithm to years of analysis by the best 
cryptographers around."

The NIST PQ algorithms simply haven't had those years of analysis.

And while a hybrid system does take a bit more effort, in general the PQ 
part takes up the majority of the work.


>    The temporal security paper (link: https://drive.proton.me/urls/7X9Q1X3CRR#Oad9B38YoQpg) 

It doesn't give an author?

Peter Fairbrother