| 1 |
Andrew Savchenko schrieb: |
| 2 |
> On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: |
| 3 |
>> Shor's would be effective against discrete logs (including ECC) as |
| 4 |
>> well, so wouldn't be applicable to this selection. For post-quantum |
| 5 |
>> asymmetric crypto we'd likely need e.g a lattice based primitive. |
| 6 |
> Why not to use post-quantum signing together with a traditional one? |
| 7 |
|
| 8 |
Indeed. Problem is that so-called post-quantum cryptosystems are |
| 9 |
sometimes not even secure against non-quantum computers. I remember back |
| 10 |
when NTRU was the latest hotness, and the breaking and fixing ping-pong |
| 11 |
that security researchers played between conferences with it, |
| 12 |
particularly with the signature part. |
| 13 |
|
| 14 |
None of these has stood the test of time like RSA or DLP-based crypto. |
| 15 |
If post-quantum signing is desired, I agree that it should be strongly |
| 16 |
considered using it in addition to traditional signing. |
| 17 |
|
| 18 |
|
| 19 |
Best regards, |
| 20 |
Chí-Thanh Christopher Nguyễn |
Archives