From Goya to Grover

 


A Journey Through Madrid’s Art and Quantum Consciousness

Madrid, the city of light and shadow, has long been the stage where Spain’s most profound questions of identity, truth, and time have been painted in oils and etched into stone. From the haunting introspections of Goya to the explosive dreamscapes of Dalí, Madrid’s museums cradle a consciousness so refined it almost feels like entanglement across centuries — a kind of emotional quantum tunneling through the soul of Europe.

And here I was, on an 8-day sojourn in Madrid, weaving through this very consciousness. Four of those days were devoted to an immersive art tour — Prado, Reina Sofia, Thyssen-Bornemisza — each whispering echoes of Spanish genius, myth, and melancholy. It is in these galleries that you begin to realize: just as European art masters confronted the chaos and splendor of their times through canvas, we too are called to confront our digital epoch through a new medium — cryptography.

What Goya did with chiaroscuro, we now must do with quantum. For in our post-digital age, brushstrokes have given way to qubits, and the fragility of civilization is no longer only existential, but computational. The enemies of the state are not invading armies, but algorithms capable of breaking our most sacred digital vaults. And so, I dedicated three of my eight days to the ETSI-IQC Quantum-Safe Cryptography Conference 2025, held fittingly in Madrid, the city where past and future always seem to blur.

Day 1 The Quantum Renaissance: From Keynotes to Critical Infrastructure

08:15 — Morning Check-In

There was a quiet buzz in the air. It wasn’t just the coffee. It was the sense that we were about to witness something epochal — a kind of Council of Trent for the post-quantum age. The ETSI-IQC conference opened with a ceremonial acknowledgment that we are standing on a threshold, where theoretical discussions must give way to interoperable, enforceable, and certifiable action.

09:00 — Opening Remarks

Michele Mosca, quantum evangelist from IQC and evolutionQ, delivered the opening in tones somewhere between urgency and optimism. Jan Ellsberger of ETSI and Yoslan Nur from UNESCO added a geopolitical and philosophical gravitas — emphasizing the global and humanistic mission of securing the future.

It struck me then: this wasn’t just about cryptography. It was about cultural preservation — a digital Sistine Chapel we need to ensure never falls.

09:20 — Keynotes

Fabiana Da Pieve from the European Commission DG CONNECT spoke of the Commission’s strategic embrace of post-quantum cryptography (PQC), calling it not merely a technological pivot but a sovereignty imperative. Michele Mosca returned to lay out a roadmap for executives, making it crystal clear: quantum threats are not abstract. They are imminent, calculable, and quietly approaching financial and national infrastructures like slow-rolling tsunamis.

10:45 — Panel 1: Policy in the Quantum Age

Moderated by Axel Ferrazzini of GovStrat, this panel felt like watching the Council of Europe reforge the Magna Carta for the 21st century. Voices from Canada, France, and the UK debated regulation, governance, and the need for pre-emptive alignment between industry and policy. Colin Whorlow from the UK’s NCSC notably reminded us: “Governments are slow, but quantum doesn’t wait.”

The idea of “quantum diplomacy” was floated — a term that may soon enter common policy parlance.

11:45 — Panel 2: Financial Sector and Global Action

This was perhaps the most visceral panel. Moderated by Santander’s Jaime Gómez García, it dug into the heart of cryptographic fragility in banking. Francisco Tur from the ECB and Suman Ziaullah from the UK’s FCA laid bare the danger: most current cryptographic systems in finance would not survive the cryptanalytic prowess of a mature quantum adversary.

Tong Lee Lim of the Monetary Authority of Singapore emphasized the global nature of the threat and called for “financial NATO” — a collaborative, multinational defense doctrine for post-quantum transition.

14:30 — Panel 3: Quantum-Safe for Service Providers

Martin Charbonneau of Nokia framed this panel like a startup pitch crossed with a telecom operator’s survival strategy. Lory Thorpe of IBM and Rafael Canto Palancar of Telefonica outlined actual deployments, Matt Campagna from AWS evangelized for PQC-first development, and Kenneth Hwang of SingTel reflected Asia’s rising urgency in this domain. This was about transforming fear into engineering patterns — getting from pilot to production.

16:15 — Panel 4: Quantum in Critical Infrastructure (OT vs IT)

This panel moved from the virtual to the visceral. Moderated by Bruno Huttner from ID Quantique, the discussion focused on operational technologies (OT). Julia Dewitz-Würzelberger from Verbund and Rouven Floeter from Hitachi made clear: while OT isn’t as harvest-now-decrypt-later vulnerable, its devices have lifespans of decades. Retrofitting PQC here isn’t optional — it’s existential.

We don’t just need crypto agility. We need quantum foresight baked into the iron veins of civilization.

Day 2 A Global Concert in the Key of Post-Quantum

09:05 — Session 2.1: National and Multinational Initiatives

If Day 1 was about urgency, Day 2 was about coordination. Dustin Moody of NIST reaffirmed the timeline of PQC standardization. China, through Hong Xiang, emphasized national self-sufficiency in PQC. From the Netherlands and Germany, we heard of joint governance efforts that seemed to mirror the EU’s GDPR model, with Laima Jančiūtė of the University of Amsterdam pressing for a “Schengen of crypto standards.”

Younghee Kim from Korea and Ursula V. from Spain added welcome diversity of perspective, revealing how quantum preparedness has become a metric of national competitiveness.

11:15 — Session 2.2: Financial Sector Efforts

Rebecca Gibergues from FS-ISAC chaired this power-packed session. Angela Dupont from BIS emphasized central bank responsibility, and Richard Marty from LGT Banking explained the Swiss approach — precision-driven, compliance-oriented, and ultra-discreet. Jaime Gómez García returned with a technical deep dive into IPSEC VPNs retrofitted with quantum-safe protocols — not a pilot, but a functioning architecture.

It became clear: we are past POCs. PQC is live, tested, and iteratively improving.

14:00 — Session 2.3: Standards and Certification

Sarah McCarthy of Waterloo guided this throughline from ISG QKD and ETSI TC CYBER to IETF and 3GPP. Matt Campagna’s dual role at AWS and ETSI gave us a pragmatic view of cloud-scale PQC rollout. Aritra Banerjee covered telecom layers. Esther Hänggi’s deep dive into classical post-processing made us realize: PQC isn’t just about the math — it’s about the physics of trust.

Peter Pessl of Infineon showed how physical security and PQC need co-design — think smartcards, HSMs, and secure enclaves.

16:00 — Session 2.4 & 2.5: Satellites and Hybrids

Loula Beck of SES introduced EAGLE-1, a QKD satellite initiative aimed at European autonomy. Rafael Canto and Antonio Abad covered terrestrial integration and long-haul experiments.

Then came Christoph Striecks and Bertram Poettering on hybrid key exchange — a vital bridge strategy during the long migration. Juan Carlos from Entrust raised a subtle but essential point: we sign documents for decades. Quantum safety must persist longer than our institutions.

Day 3 Networks, Agility, and the Long Arc of Symmetric Keys

09:00 — Session 3.1: Satellite Networks, Again

This session was a fitting orbital return. Deutsche Telekom’s Oleg Nikiforov explained their long-haul QKD deployment. Honeywell and Airbus spoke to the increasing intersection of aerospace and crypto. Verónica Fernández offered Spain’s vision of a “ground-to-satellite PQC stack.”

It was ambitious. It was audacious. It was very, very real.

10:45 — Session 3.2: Cryptographic Agility and Migration

Vicente Martin led this session with a pragmatic angle. Jihoon Cho of Samsung SDS introduced the idea of “software-defined cryptography” — modular, hot-swappable crypto modules within an enterprise IT backbone.

Skip Sanzeri of QuSecure emphasized field experience. Michael Osborne from IBM reminded us that agility isn’t a feature — it’s a strategy. Wei Wen Ching and Lim Hoon Wei from Singapore tied it all together with a powerful case study on inventory discovery and legacy mapping.

This session painted the roadmap not just of where to go, but how to move.

14:00 — Symmetric Key Solutions

Symmetric crypto? Still alive and kicking.

Thorsten Groetker from evolutionQ reminded us of Grover’s algorithm and its limitations. Ettore Pulieri from Sparkle presented advancements in symmetric key agreements that may become the bedrock of future high-throughput secure networks.

14:30 — Transitioning to PQC

The final technical panel: practical, potent, and revealing.

Emmanuelle Dottax explored eSIM transitions. Tony Rosati from evolutionQ gave a clinic on hybrid KEMs. Gamze Tillem of ING Bank offered a refreshingly honest account of pain points in migrating PKI systems. Wei Wen Ching returned to close the loop with a government-backed cryptographic discovery project.

15:45 — Wrap-Up & Reflections

Michele Mosca returned like a maestro conducting a final chord. The message was clear: we are not waiting for the future. We are building it — line by line, protocol by protocol.

Quantum Brushstrokes on the Canvas of Civilization

As I strolled back from the conference, through the familiar plazas where Velázquez once walked and Picasso once painted, I realized: what quantum cryptographers are doing now is no less artistic than what those great masters once did. They are painting with uncertainty, layering trust on the invisible scaffold of mathematics, and rendering security in dimensions we are only beginning to grasp.

This conference — a symphony of science, governance, and engineering — was nothing short of a declaration. Not of war, but of readiness. The future isn’t an abstraction. It’s a negotiation. One that requires our best minds, open standards, and — like any good art — a willingness to confront the unknown. As I now prepare to return home, I carry with me not just brochures and whitepapers, but a new kind of awareness — that we are not merely users of technology, but custodians of civilization’s most precious data.

And like the great curators of art, we too must protect what matters.

Comments

Post a Comment

Popular posts from this blog

Digital Selfhood

Image
  Copyright: Sanjay Basu I was thrilled to be busy supporting our incredible team as we celebrated yet another phenomenal and successful third quarter! #oraclecloudinfrastructure This is quite evident from the following —  https://investor.oracle.com/investor-news/news-details/2025/Oracle-Announces-Fiscal-2025-Third-Quarter-Financial-Results/default.aspx I was immersed in collaborating with our events, partner relations, product marketing, and cloud engineering teams to gear up for the highly anticipated NVIDIA GTC #nvidia #gtc conference this week. The innovations and insights set to be unveiled are going to be game-changing! I apologize for the delay in publishing my monthly philosophy newsletter. This month, I’ll be focusing on the philosophy of digital personhood, especially in light of recent advances in AI and the GTC conference. I was preparing this article for over a month. Now I am pretty happy to publish it. These are my Philosophical Musings in a Pixelated World . ...
Read more

Axiomatic Thinking

Image
  Copyright: Sanjay Basu Building Knowledge from First Principles Axiomatic thinking represents one of humanity’s most influential intellectual tools — a systematic approach to building knowledge that has revolutionized mathematics, computer science, physics, and beyond. At its core, axiomatic thinking is deceptively simple: start with a minimal set of self-evident truths (axioms), and derive everything else through rigorous logical deduction. This approach has enabled us to construct elaborate theoretical frameworks with absolute certainty, from Euclidean geometry to modern cryptography. For tech professionals, understanding axiomatic thinking offers more than academic curiosity — it provides a mental model for solving complex problems, designing robust systems, and reasoning about the digital world we inhabit. This article explores the foundations, applications, and limitations of axiomatic thinking, with concrete examples from mathematics and computer science that demonstrate it...
Read more

How MSPs Can Deliver IT-as-a-Service with Better Governance

Image
 Sanjay Basu As a solutions architect, I often support partners who deliver managed IT services to their end customers. Similarly, I work with large enterprises who manage IT for multiple business units. One of the most frequent requests I get is for best practices on how to align Oracle Cloud Infrastructure solutions and Identity and Access Management (IAM) policies with business-specific governance use cases. For enterprise customers, this means having better control over usage costs across multiple business units. For managed service providers (MSPs), this involves having better cost governance over the IT environments that they manage for end customers in their Oracle Cloud Infrastructure tenancy. This post is structured like a case study, in which an example enterprise customer, ACME CORP's Central IT team, faces the following business challenge: How do they enable their departmental IT stakeholders, and the operators within those departments, to have the aut...
Read more