[scorpionfeet]

Y2K

Oh wait: thousands of programmers started working on this in the early 90s so that there would be so few failures people thought it was a scam.

The entire financial and government infrastructure was based on ecdsa until the shift to pqc. The consequences of not preparing are literal threats to global economy. That can’t be understated. The cost to switch to (hybrid) pqc is essentially zero when compared to the costs for not doing it.

[0xdeafbeef]

Cost is 100+ times bigger signature size and more cpu usage. If you process several k per second it matters

[scorpionfeet]

Key is 2600 bytes for mldsa 87. Your fav icon is 10x bigger than that. Verify time and encapsulation is a few hundred microseconds for one verify and encaps. Your scary proportions are minuscule in practice. Even cortex m class can handle it. Not sure you have an argument when you put it up against a typical browser session. Plus 50% of all web traffic already uses pqc ciphersuites sooooo….

[0xdeafbeef]

I was thinking about transaction processing, eg visa/blockchain. And here storing and sending almost full packet for signature instead of 32 bytes matters. For sessions this shouldn't matter

[scorpionfeet]

Oh good point. Thanks. I don’t think about cryptocurrency at all. But yes the sigs are now 4.6k. Thats a huge block. Yeah that sure throws a wrench into blockchain. But the alternative is that blockchains based on ecdsa go away. Seems like a win to me. But I despise cryptocurrency.