Ask Slashdot: Post-Quantum Asymmetric Key Exchange?

First time accepted submitter LeDopore writes "Quantum computers might be coming. I'd estimate that there's a 10% chance RSA will be useless within 20 years. Whatever the odds, some of the data we send over ssh and ssl today should remain private for a century, and we simply can't guarantee secrecy anymore using the algorithms with which we have become complacent. Are there any alternatives to RSA and ECC that are trustworthy and properly implemented? Why is everyone still happy with SSH and RSA with the specter of a quantum menace lurking just around the corner?"

Re:Fine. You find an asymmetric primitive

ECC is AFAIK theoretically vulnerable (i.e. while there aren't KNOWN quantum gate implementations of ECC, there are no good reasons to think it is unfeasible).

McEliece and the Lattice-based stuff are promising, they just hadn't be as inspected as RSA yet...

Re:Fine. You find an asymmetric primitive

[ewanm89]

Different sort of quantum computer, it can't do general computing or schors algorithm, it's more like a quantum calculator, relegated to very specific statistical calculations rather than generic 3 bit computing.

Re:ECC is not voulerable

[CuBr]

There is no known attack on ECC using quantum computers.

This should not have been modded up, because it is blatantly false. The security of ECC relies on the presumed hardness of the discrete logarithm problem (in elliptic curves over finite fields). But Shor's algorithm can solve the discrete logarithm problem in ANY finite group (assuming you have an efficient way of operating on the group elements).