1 |
Andrew Savchenko schrieb: |
2 |
> On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: |
3 |
>> Shor's would be effective against discrete logs (including ECC) as |
4 |
>> well, so wouldn't be applicable to this selection. For post-quantum |
5 |
>> asymmetric crypto we'd likely need e.g a lattice based primitive. |
6 |
> Why not to use post-quantum signing together with a traditional one? |
7 |
|
8 |
Indeed. Problem is that so-called post-quantum cryptosystems are |
9 |
sometimes not even secure against non-quantum computers. I remember back |
10 |
when NTRU was the latest hotness, and the breaking and fixing ping-pong |
11 |
that security researchers played between conferences with it, |
12 |
particularly with the signature part. |
13 |
|
14 |
None of these has stood the test of time like RSA or DLP-based crypto. |
15 |
If post-quantum signing is desired, I agree that it should be strongly |
16 |
considered using it in addition to traditional signing. |
17 |
|
18 |
|
19 |
Best regards, |
20 |
Chí-Thanh Christopher Nguyễn |