r/crypto

Been digging into post quantum cryptography lately and why lattice based crypto feels convincing. I've noticed most people talk about quantum threats from a Grover perspective:

“Quantum computers just search faster”
“Security gets roughly cut in half”
“Increase key sizes and you’re mostly fine”

It makes intuitive sense to me but what actually broke RSA/ECC wasn’t “faster searching” it was Shor discovering hidden structures that quantum interference could exploit. RSA/ECC turned out to contain periodic structure, fourier exploitable structure and clean algebraic order. Shor effectively changed the representation of the problem into something naturally solvable by a quantum system. What’s been bothering me is how confident can we be that lattice cryptography is truly resistant to Shor like structural attacks…

Are we confident lattice cryptography is fundamentally resistant to Shor like attacks or are we mainly confident because no one has discovered the right mathematical representation yet? Lattice problems feel very different to RSA/ECC. They’re noisy, geometric and massively high dimensional rather than cleanly algebraic so they seem much harder for quantum systems to exploit structurally.

But before Shor people also thought factoring had no meaningful shortcut beyond brute force.

That’s what’s been stuck in my head lately. I’m less concerned about Grover brute forcing lattices and more wondering whether some future representation shift could expose hidden structure we currently don’t know how to see? (transform domain structure, spectral sigs, approximate periodicity or interference friendly symmetries that make the problem look “natural” to a quantum system in the same way factoring eventually did)

Basically:

Are lattices fundamentally hard?

Or merely currently unrecognised?

I’m not claiming lattice crypto is weak as everything I’ve read suggests it’s currently our best post quantum direction, i just think the real uncertainty is much more epistemological than people sometimes admit?

Curious what people deeper in quantum algorithms / complexity theory / lattice cryptography think about this framing...

Yesterday I was here asking whether lattice cryptography is genuinely quantum resistant or whether we're simply in a pre-Shor era where nobody has discovered the right representation yet. Rather than arguing about it theoretically I decided to spend some time building a small research framework to search for what I started calling a "bridge":

an efficiently accessible representation that could transform ordinary classical LWE samples into something carrying exploitable coherent quantum structure.

The core question was:

If RSA/ECC eventually fell because quantum algorithms found a representation exposing hidden periodic structure could something similar exist for lattice problems?

I've run a series of experiments exploring different candidate bridge mechanisms. These included:

- dual-frequency packet representations,
- compressed-coset constructions,
- coherent-lift attempts,
- moment-operator methods,
- operator composition,
- rank compression,
- multi-view fusion,
- access-model experiments.

The interesting part is that several candidate representations retained measurable structure beyond what I initially expected. In many representations there were measurable spectral, operator, or distinguishability signals that survived various transforms. So the story doesn't seem to be simply "LWE is hard because everything instantly becomes pure randomness."

However every attempt to turn those surviving signals into an attacker-accessible secret recovery mechanism failed. The pattern was surprisingly consistent:

- Weak structure survives
- The structure can often be measured
- The structure refuses to localise into a stable secret-bearing sector
- Recovery performance collapses as dimension scales

One of the most interesting experiments tested a hypothesis that the real issue might be access model rather than signal detection. In other words maybe the structure exists but we're seeing it only after the information has already been averaged or compressed away. So I emulated stronger forms of access and asked whether coherent-style access would rescue the candidate bridge.

The answer (at least for the branch I tested) was no.

The representation still died under scaling even when I emulated stronger access models, and the candidate failed to become a viable selector and the apparent gains collapsed with dimension.

At this point I have not found any attack, any coherent-state bridge, or any evidence that standard lattice cryptography is broken. I also haven't proven it is secure (as expected). What I think I've learned is more subtle:

Several derived representations retained detectable signal but that same signal repeatedly failed to become an extraction mechanism or attacker-accessible secret recovery path.

The strongest conclusion I can currently defend is that I found weak signals repeatedly but I did not find a bridge. The next logical step is no longer searching for more weak signals. The next step is understanding why the surviving structure refuses to become exploitable.

I'm no longer interested in whether weak structure exists. It clearly does in several representations. The question is why that structure repeatedly fails to localise into an attacker-accessible secret sector. Is this a manifestation of known barriers, or evidence that I'm searching in the wrong representation class entirely?

I'm curious how researchers in quantum algorithms, lattice cryptography, information theory, or complexity theory would interpret these results. Am I slowly rediscovering known barriers, or does this line of investigation point toward something genuinely interesting?

Hi first post here, this is a "tutorial" of of schnorr's interactive ZKP protocol. Using a Trace all mathematical equations are showcased in the a console.

Any feedback is welcome !