| 1 |
On Mon, 12 Jan 2015 18:48:41 +0000 Ciaran McCreesh wrote: |
| 2 |
> On Mon, 12 Jan 2015 19:44:46 +0100 |
| 3 |
> Kristian Fiskerstrand <k_f@g.o> wrote: |
| 4 |
> > Shor's would be effective against discrete logs (including ECC) as |
| 5 |
> > well, so wouldn't be applicable to this selection. For post-quantum |
| 6 |
> > asymmetric crypto we'd likely need e.g a lattice based primitive. |
| 7 |
> |
| 8 |
> We're not post-quantum, |
| 9 |
|
| 10 |
Are you sure? The simplest Shor's factorisation machine was already |
| 11 |
built and published in open press: |
| 12 |
http://arxiv.org/abs/quant-ph/0112176 |
| 13 |
This was done 14(!!) years ago. I don't doubt there was a |
| 14 |
significant progress in this field thereafter. But it is likely |
| 15 |
that results are classified. |
| 16 |
|
| 17 |
And Yale university have annonced a serious progress in errors |
| 18 |
correction recently: |
| 19 |
http://news.yale.edu/2013/01/11/new-qubit-control-bodes-well-future-quantum-computing |
| 20 |
|
| 21 |
> and if we were no-one knows how anything would |
| 22 |
> do anyway... Why not stick to threats that actually exist? |
| 23 |
|
| 24 |
They are exist. No agency will announce that they broke RSA |
| 25 |
regardless of the key length. This information will be kept |
| 26 |
top secret as long as possible, so one should prepare today and |
| 27 |
beforehand. |
| 28 |
|
| 29 |
There are post-quantum solutions and implementations, see |
| 30 |
app-crypt/codecrypt. |
| 31 |
|
| 32 |
Best regards, |
| 33 |
Andrew Savchenko |
Archives