[messaging] Post-quantum forward-secrecy

Martin Albrecht martinralbrecht at googlemail.com
Wed Aug 5 13:48:21 PDT 2015

On Wednesday 05 Aug 2015 16:35:29 Jeff Burdges wrote:
> As I understand it, there are no mature post-quantum Diffie-Hellman
> alternatives, but NTRU is a relatively mature post-quantum public key
> system.  Any attempt to use NTRU thus requires three steps.

You might find

   Post-quantum key exchange for the TLS protocol from the ring learning with 
   errors problem
   Joppe W. Bos and Craig Costello and Michael Naehrig and Douglas Stebila

and the works reference therein interesting. 

The status of Ring-LWE is that we have reasonable asymptotic hardness 
guarantees (i.e. you can solve GapSVP on ideal lattices if you can solve Ring-
LWE) but how to pick parameters is perhaps a little bit less mature: we 
essentially pick parameters for LWE and then use Ring-LWE with those 
parameters, because we don't know how to exploit the additional ring structure 
to make attacks go faster.


.www: https://martinralbrecht.wordpress.com
.pgp: 40BC 7F0D 724B 4AB1 CC98 4014 A040 043C 6532 AFB4
.xmpp: martinralbrecht at jabber.ccc.de
.twitter: https://twitter.com/martinralbrecht
.keybase: https://keybase.io/martinralbrecht
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150805/1858c38f/attachment.sig>

More information about the Messaging mailing list