[messaging] Do quantum attacks/algos also lead to compromise of PFS?

Hanno Böck hanno at hboeck.de
Sun Jan 25 17:37:57 PST 2015

On Sat, 24 Jan 2015 23:02:50 -0800
Tao Effect <contact at taoeffect.com> wrote:

> Does SPHINCS also allow for encryption, or is it for generating
> secure signatures only?

SPHINCS is signatures only.

When you're looking for post quantum encryption you may want to have a
look at ring learning with errors. It's one of the more practical pq
encryption schemes out there. There was a talk at rwc recently:

And they even have some TLS cipher suites and code:

However it should be considered that they choose pre-quantum security
levels. That means their 128 bit security can not be compared to the
128 bit security of sphincs. It's only 64 bit post-quantum security
taking grovers algorithm into account.

Also: Don't trust it too much. This is an area where the only safe
advice is: more research is needed to know what's secure.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150126/eac9d617/attachment.sig>

More information about the Messaging mailing list