| 1 |
On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: |
| 2 |
> On 01/12/2015 07:29 PM, Rich Freeman wrote: |
| 3 |
> > On Mon, Jan 12, 2015 at 1:06 PM, Kristian Fiskerstrand |
| 4 |
> > <k_f@g.o> wrote: |
| 5 |
> >> |
| 6 |
> >> One issue with DSA/ElGamal is the requirement for a random k |
| 7 |
> >> value while signing/encrypting, |
| 8 |
> > |
| 9 |
> > Thanks - that was very informative. I guess the thing that makes |
| 10 |
> > me more concerned about RSA is that Shor's algorithm makes it |
| 11 |
> > quite possible that it will be defeated at some point in the |
| 12 |
> > future, perhaps without public disclosure. |
| 13 |
> |
| 14 |
> Shor's would be effective against discrete logs (including ECC) as |
| 15 |
> well, so wouldn't be applicable to this selection. For post-quantum |
| 16 |
> asymmetric crypto we'd likely need e.g a lattice based primitive. |
| 17 |
|
| 18 |
Why not to use post-quantum signing together with a traditional one? |
| 19 |
app-crypt/codecrypt is already in tree and provides an GnuPG-like |
| 20 |
solution based on post-quantum cryptography. |
| 21 |
|
| 22 |
It would be no harm to use this solution together with GnuPG, e.g. |
| 23 |
have two detached signatures: a traditional RSA-4096 and a |
| 24 |
post-quantum one. |
| 25 |
|
| 26 |
Best regards, |
| 27 |
Andrew Savchenko |
Archives