Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Post-Quantum Asymmetric Key Exchange?

Posted by timothy on from the tin-can-no-string dept.

First time accepted submitter LeDopore writes "Quantum computers might be coming. I'd estimate that there's a 10% chance RSA will be useless within 20 years. Whatever the odds, some of the data we send over ssh and ssl today should remain private for a century, and we simply can't guarantee secrecy anymore using the algorithms with which we have become complacent. Are there any alternatives to RSA and ECC that are trustworthy and properly implemented? Why is everyone still happy with SSH and RSA with the specter of a quantum menace lurking just around the corner?"

5 of 262 comments (clear)

  1. Re:Fine. You find an asymmetric primitive by Anonymous Coward · · Score: 5, Informative

    ECC is AFAIK theoretically vulnerable (i.e. while there aren't KNOWN quantum gate implementations of ECC, there are no good reasons to think it is unfeasible).

    McEliece and the Lattice-based stuff are promising, they just hadn't be as inspected as RSA yet...

  2. Re:Vulnerable in 20 years by steevven1 · · Score: 4, Informative

    I think the author's point is that data sent today could be sniffed, stored, and cracked in 20 years. Some of that data may still be sensitive in 20 years, so we need to switch now.

  3. what's old is new again by Nightshade · · Score: 4, Informative

    This 1978 crypto is supposed to be safe against quantum computers: http://www.technologyreview.com/blog/arxiv/25629/ (if that's the specific angle you're worried about). The downside is the key management because the keys have to be really really long (i.e. 20,000+ characters vs having a memorable passowrd or passphrase that you'd be able to use today).

  4. Re:Fine. You find an asymmetric primitive by ewanm89 · · Score: 5, Informative

    Different sort of quantum computer, it can't do general computing or schors algorithm, it's more like a quantum calculator, relegated to very specific statistical calculations rather than generic 3 bit computing.

  5. Re:ECC is not voulerable by CuBr · · Score: 5, Informative

    There is no known attack on ECC using quantum computers.

    This should not have been modded up, because it is blatantly false. The security of ECC relies on the presumed hardness of the discrete logarithm problem (in elliptic curves over finite fields). But Shor's algorithm can solve the discrete logarithm problem in ANY finite group (assuming you have an efficient way of operating on the group elements).