[messaging] Post-quantum forward-secrecy
martinralbrecht at googlemail.com
Wed Aug 5 13:48:21 PDT 2015
On Wednesday 05 Aug 2015 16:35:29 Jeff Burdges wrote:
> As I understand it, there are no mature post-quantum Diffie-Hellman
> alternatives, but NTRU is a relatively mature post-quantum public key
> system. Any attempt to use NTRU thus requires three steps.
You might find
Post-quantum key exchange for the TLS protocol from the ring learning with
Joppe W. Bos and Craig Costello and Michael Naehrig and Douglas Stebila
and the works reference therein interesting.
The status of Ring-LWE is that we have reasonable asymptotic hardness
guarantees (i.e. you can solve GapSVP on ideal lattices if you can solve Ring-
LWE) but how to pick parameters is perhaps a little bit less mature: we
essentially pick parameters for LWE and then use Ring-LWE with those
parameters, because we don't know how to exploit the additional ring structure
to make attacks go faster.
.pgp: 40BC 7F0D 724B 4AB1 CC98 4014 A040 043C 6532 AFB4
.xmpp: martinralbrecht at jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part.
More information about the Messaging