From the lab
Audit reports, research, methodology, and conformance notes — what we find at the protocol and architecture layer, written so it generalises.
Post-quantum migration is a risk-asymmetry problem, not a timeline bet
You do not need to predict when a cryptographically relevant quantum computer arrives. You need to weigh the cost of migrating too early against the cost of migrating too late — and those costs are not symmetric.
From the audit floor: replay-attackable post-quantum prekeys
A messaging system issued post-quantum prekeys one-shot but never retired them after use — letting an attacker replay the same ML-KEM encapsulation and quietly defeat forward secrecy.
X-Wing and the TLS group: choosing a hybrid KEM combiner
Hybrid KEMs and hybrid signatures are not the same problem. For key exchange, the industry has largely converged on X25519MLKEM768 — and there are good reasons to follow rather than invent.
Sieve: conformance testing ML-KEM and ML-DSA against the bugs that matter
Even a correct-looking post-quantum implementation can fail in the specific bug-class patterns we see repeatedly in audits. Sieve encodes those classes as targeted, reusable test batteries.
The crypto inventory: finding every place asymmetric crypto hides
“Add post-quantum” is not a single switch. The first deliverable of a serious migration is an inventory: every location where asymmetric cryptography is used, and what depends on it.
From the audit floor: variable-time decapsulation and the KyberSlash class
We have audited ML-KEM implementations whose decapsulation path branched on an internal comparison in a timing-distinguishable way — exactly the gap the KyberSlash class of attacks exploits.
Turn quantum risk into a credential.
Book a discovery call and get an indicative scope and pricing for your organisation.