sejaques.bsky.social
Sam Jaques
@sejaques.bsky.social
190 followers 110 following 74 posts
Assistant prof at U Waterloo. Aspiring full-stack cryptographer. Loves math, plants, flashcards. Opinions reflect those of all past, present, and future employers.
Posts Media Videos Starter Packs
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · 14d
I love my city youtu.be/uttoyAX4ntc?...
How This Small City Built Light Rail For Cheap
YouTube video by Oh The Urbanity!
youtu.be
5
Reposted by Sam Jaques
dfaranha.bsky.social
Diego F. Aranha @dfaranha.bsky.social · 20d
The impact of Alfred Menezes in cryptography is profound. Francisco RH and I are organizing an afternoon session in Latincrypt to celebrate Alfred's career:

menezesfest.info

If you're coming to Medellín, consider attending!
MenezesFest 2025
MenezesFest brings together researchers, colleagues, and friends to celebrate the career and impact of Alfred Menezes.
menezesfest.info
1 6 12
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · 25d
Nice! Now (to steal Luca's joke) it's only 11 more factors of 2 to go for SQISign to be faster than MLDSA?
2 2
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Sep 4
Screenshot of comments in code. They say: Dear programmer: when I wrote this code, only God and I know how it worked. Now, only God knows it! Therefore, if you are trying to optimize this routine and it fails (most surely), please increase this counter as a warning for the next person. Total hours wasted here = 254
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Sep 3
This is a valid signature for user i. Then when the adversary presents a forgery (w*,c*,z*) against user j, just subtract cr_j from z* and it's a forgery for your challenger. This works... but only because the public key was not hashed into the challenge! Very bad idea!
1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Sep 3
Your challenger's public key is xP, so all the users you simulate for the multi-user adv can use PK_i=(x+r_i)P for some random r_i. If the adversary requests a signature on m from user r_i, you can send m to your challenger and get (w,c,z)=(yP,H(w||m),y+cx). Set z'=z+cr_i and return (w,c,z').
1 1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Sep 3
Always bothers me when you lose the 1/N factor in a multi-user security proof. Was thinking about how to dodge it; consider this for Schnorr signatures: you are an active adversary against a single challenger, with access to a multi-user adversary.
1 2
Reposted by Sam Jaques
yaelwrites.com
🎃Yell👻Growler🧙🏻‍♀️ @yaelwrites.com · Sep 3
I wrote a bit about options for phones at protests, explaining the benefits and drawbacks, and added some security tips at the end.
Options for Phones at Protests
Simply showing up to a protest leaves you susceptible to all sorts of surveillance, including cameras, drones, facial recognition, and more. There's not always a lot you can do about pernicious street...
blog.yaelwrites.com
3 48 120
Reposted by Sam Jaques
abigaildesmond.bsky.social
Dr. Abigail Desmond @abigaildesmond.bsky.social · Jan 13
Ursula K. LeGuin on technology
120 2K 7.4K
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 31
I was way miscalibrated at the time and thought the extra Toffoli count would end up using more space in the end thanks to state distillation. Not sure how typical my perspective was

Important lesson in scientific celebrity culture nonetheless
3
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 22
I've been reading "Burdens of proof", which makes an interesting point on this: law wants to operate on a vastly longer time scale than most file formats, for good reason.
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 8
So we have an adversary that can decrypt c to a different message with a different key? They can just compute their own tag of this other key and message, hash it, and replace the "T" part of the ciphertext?
1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 3
Reasonable! When I read the screenshot you took, I see a lot of technical terms I can't contextualize. How meaningful is a "2 star relationship"? I can't tell but an expert in the field could.

Then again, scientists asked for quotes can absolutely give a rushed take and get things wrong.
1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 3
It's normal and good for journalists to talk to scientists in the same field but not associated to the research, as they can offer an informed but less biased take
2
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jul 3
My current model of agriculture is we generally optimize for high yield at low labour, and there's room for high-yield and sustainable if we accept high labour inputs. Is this a plausible and useful perspective?
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 21
Oh of course not, it would be a tourist attraction. Maybe a quirky hotel
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 20
I wouldn't say steady: arxiv.org/abs/2009.05045 tries to extrapolate and the data looks really noisy. E.g., fig. 8. If we put today's devices on this, the best would maybe on the orange line
Graph of physical qubits vs. year. There is a cluster of points in the middle, with 3 lines trying to extrapolate forward, but with wide error margins.
1 3
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 20
Probably closer to 13 doublings if we look at chips with all the good properties we want. There hasn't been a consistent exponential growth yet.
1 1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 20
Craig Gidney's work tackles that question: arxiv.org/abs/2505.159.... Check out the figures in the appendix: the physical qubits are used quite densely!
Figure 14 from Gidney's paper showing a dense 3-d pipe diagram of a surface code layout of a lookup. Most of the 3-d space is used in some way.
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 20
This work (eprint.iacr.org/2024/222) made the output bit compression efficient
Reducing the Number of Qubits in Quantum Factoring
This paper focuses on the optimization of the number of logical qubits in quantum algorithms for factoring and computing discrete logarithms in $\mathbb{Z}_N^*$. These algorithms contain an exponentia...
eprint.iacr.org
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 20
If I get what you're talking about: a different technique (arxiv.org/abs/1905.100...) compresses the output bits, which is incompatible (if you compress input as well, you can factor with a classically simulatable # of qubits: likely impossible).
1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 19
And on a network of quantum computers, you'd have to re-optimize the algorithm, which would push the resource estimates back up
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 19
To be clear there is no 2100 qubit device! Maybe I should rewrite that part :) but the estimates assume one device. There are known methods to network quantum devices together, but the tech is lagging behind a bit compared to the speed and quality of of one device
1
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 19
A 20x improvement warrants an "extra"!
2
sejaques.bsky.social
Sam Jaques @sejaques.bsky.social · Jun 19
An out-of-schedule update to my quantum landscape chart: sam-jaques.appspot.com/quantum_land..., prompted by
@craiggidney.bsky.social 's new paper: arxiv.org/abs/2505.15917.

A startling jump (20x) in how easy quantum factoring can be!

Also: much improved web design!
A chart for quantum computers, of number of qubits versus error rate, on a logarithmic scale. Broadly it shows a large gap between current quantum computers in the bottom left, and a curve in the top right of the resources they need to break RSA.
3 26 61