[ / / / / / / / / / / / / / ] [ dir / 1cc / had / lewd / s / yuuka ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Name
Email
Subject
Comment *
File
Select/drop/paste files here
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

Merry Christmas!

File (hide): 0112871a04f6da2⋯.jpg (26.12 KB, 638x479, 638:479, modern-cryptography-51-638.jpg) (h) (u)

[–]

 No.842300>>842329 [Watch Thread][Show All Posts]

Post-Quantum Cryptography

NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. Currently, public-key cryptographic algorithms are specified in FIPS 186-4, Digital Signature Standard, as well as special publications SP 800-56A Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography and SP 800-56B Revision 1, Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography. However, these algorithms are vulnerable to attacks from large-scale quantum computers (see NISTIR 8105, Report on Post Quantum Cryptography).

It is intended that the new public-key cryptography standards will specify one or more additional unclassified, publicly disclosed digital signature, public-key encryption, and key-establishment algorithms that are available worldwide, and are capable of protecting sensitive government information well into the foreseeable future, including after the advent of quantum computers.

As a first step in this process, NIST solicited public comment on draft minimum acceptability requirements, submission requirements, and evaluation criteria for candidate algorithms. The comments received are posted, along with a summary of the changes made as a result of these comments.

The final submission requirements and the minimum acceptability requirements of a "complete and proper" candidate algorithm submission, as well as the evaluation criteria that will be used to appraise the candidate algorithms, can be found in section 4 of the Call for Proposals.

Nominations for post-quantum candidate algorithms may now be submitted, up until the final deadline of November 30, 2017. Complete instructions on how to submit a candidate package are posted in the Call for Proposals.

discuss

 No.842301>>842303 >>842326 >>842447

Post-quantum RSA

>Daniel J. Bernstein, Nadia Heninger, Paul Lou, and Luke Valenta

>This paper proposes RSA parameters for which (1) key generation, encryption, decryption, signing, and verification are feasible on today’s computers while all known attacks are infeasible, even assuming highly scalable quantum computers. As part of the performance analysis, this paper introduces a new algorithm to generate a batch of primes. As part of the attack analysis, this paper introduces a new quantum factorization algorithm that is often much faster than Shor’s algorithm and much faster than pre-quantum factorization algorithms. Initial pqRSA implementation results are provided.

>Section 4 reports initial implementation results for RSA parameters large enough to push all known quantum attacks above 2^100 qubit operations. These results include successful completion of the most expensive operation in post-quantum RSA, namely generating a 1-terabyte public key.

>1-terabyte public key.

epic troll


 No.842303

File (hide): 3f8af8ed97f7d30⋯.pdf (355.15 KB, 351.pdf) (h) (u)


 No.842306>>842307 >>842340

One time pads are completely invulnerable to quantum cracking.


 No.842307>>842319

>>842306

But they are also completely unpractical.


 No.842319

>>842307

Sad but true.


 No.842326

>>842301

>Daniel J. Bernstein

He's always right.


 No.842329>>842337

>>842300 (OP)

What about stream ciphers, are there any that are afraid of QC?


 No.842337>>842340 >>842451

>>842329

As far as I know symmetric crypto is safe.


 No.842340>>842366

>>842306

>>842337

then one time pads are still not needed at all --- a fixed size pre-shared key can be extended to any size if used as seed for a CSPRNG.


 No.842366>>842368

>>842340

>pre-shared key

Not practical.


 No.842368>>842370

>>842366

more practical than one time pad


 No.842370

>>842368

Not really.


 No.842447

>>842301

>1-terabyte public key

nigga, wtf


 No.842451

>>842337

>As far as I know symmetric crypto is safe.

Your understanding is dangerously imprecise. Grover's algorithm, if implemented in a sufficiently large quantum computer, provides a square-root speedup in searching for the key used for encryption with symmetric ciphers like AES. That would weaken AES-128 to AES-64 (which doesn't exist, but you get the point), and would make AES-256 the equivalent of AES-128.

Last I read, AES-256 is still considered to be post-quantum secure, but AES-128 is not.




[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
14 replies | 1 images | Page ???
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / 1cc / had / lewd / s / yuuka ][ watchlist ]