[Cryptography] Quillon Graph: A private, post-quantum electronic cash system
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jan 7 23:34:48 EST 2026
Peter Fairbrother <peter at tsto.co.uk> writes:
>Ummm, (ignoring that they can't be decrypted) signatures aren't really
>subject to HNDL
Nothing is subject to HNDL. Have you noticed how all the claimed quantum
factorisation records are for just that, factorisation? It's because it's
easier to cheat with that. No-one has ever claimed to have achieved any
quantum result against (EC)DH, which would be needed for HNDL against TLS,
SSH, IPsec, OpenVPN, Wireguard, Signal, WhatsApp, Facebook Messenger, ...,
because it's much harder to cheat with the (EC)DLP than with factorisation.
Incidentally, last night I factored (among other things) this value, a 1024-
bit RSA key:
static const BYTE testValue3[ 128 ] = {
0xDC, 0xC6, 0xFD, 0xDA, 0xED, 0x19, 0x03, 0xE5,
0x6E, 0x36, 0x13, 0xC6, 0x39, 0xBF, 0x85, 0x5A,
0xD8, 0xC0, 0x34, 0xD9, 0x67, 0x36, 0x32, 0x20,
0x78, 0x03, 0x01, 0x73, 0x6B, 0xE6, 0x40, 0xDA,
0x25, 0x8E, 0xAE, 0x2C, 0x29, 0x81, 0x7A, 0x77,
0xD8, 0x22, 0x16, 0x9C, 0xA0, 0x8C, 0x47, 0xE9,
0x67, 0x45, 0x5C, 0x95, 0x42, 0xD1, 0x8C, 0x1C,
0xCC, 0x87, 0x31, 0x7C, 0x43, 0x09, 0x75, 0xF8,
0x9E, 0x96, 0xDC, 0xE7, 0x5E, 0x44, 0x29, 0x4C,
0x6D, 0x28, 0x5C, 0x96, 0x75, 0xAA, 0xB0, 0x98,
0x07, 0xA9, 0x53, 0x9F, 0xDD, 0xD1, 0xA4, 0x68,
0xAF, 0xBA, 0x08, 0xA2, 0x23, 0xF1, 0x0D, 0xC5,
0x1F, 0xC0, 0x09, 0x62, 0x5A, 0x9B, 0xC6, 0xEF,
0x43, 0xB0, 0x65, 0x6F, 0x8C, 0x2A, 0x75, 0xE6,
0x66, 0x61, 0x93, 0x2A, 0x29, 0x04, 0xA3, 0xC3,
0x9D, 0xF8, 0x63, 0xD1, 0xA8, 0x8E, 0x3F, 0x1F
};
Done using a combination of an abacus algorithm of unknown age but probably
many centuries and another algorithm from the early 1600s, with the result
obtained in a few hundred microseconds. No quantum factoriser can even come
close to this, and it's a deliberately-chosen insecure key.
Peter.
More information about the cryptography
mailing list