[messaging] Post-quantum forward-secrecy
Martin Albrecht
martinralbrecht at googlemail.com
Wed Aug 5 13:48:21 PDT 2015
On Wednesday 05 Aug 2015 16:35:29 Jeff Burdges wrote:
> As I understand it, there are no mature post-quantum Diffie-Hellman
> alternatives, but NTRU is a relatively mature post-quantum public key
> system. Any attempt to use NTRU thus requires three steps.
You might find
Post-quantum key exchange for the TLS protocol from the ring learning with
errors problem
Joppe W. Bos and Craig Costello and Michael Naehrig and Douglas Stebila
https://eprint.iacr.org/2014/599
and the works reference therein interesting.
The status of Ring-LWE is that we have reasonable asymptotic hardness
guarantees (i.e. you can solve GapSVP on ideal lattices if you can solve Ring-
LWE) but how to pick parameters is perhaps a little bit less mature: we
essentially pick parameters for LWE and then use Ring-LWE with those
parameters, because we don't know how to exploit the additional ring structure
to make attacks go faster.
Cheers,
Martin
--
.www: https://martinralbrecht.wordpress.com
.pgp: 40BC 7F0D 724B 4AB1 CC98 4014 A040 043C 6532 AFB4
.xmpp: martinralbrecht at jabber.ccc.de
.twitter: https://twitter.com/martinralbrecht
.keybase: https://keybase.io/martinralbrecht
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150805/1858c38f/attachment.sig>
More information about the Messaging
mailing list