There are no post-quantum proposals from the NSA anywhere in sight however, right?
Is it possible they have post-quantum algorithms they wish to remain classified, like particular arguments for choosing key sizes for just Ring-LWE DH? Yet, they need a public announcement like this to shut down government contractors currently building products based upon ECC. In that scenario, they do not really need any attacks on ECC beyond Shor's algorithm. There might even be money to be made choosing what contractors get to use the post-quantum algorithms. On Fri, 2015-10-23 at 16:08 -0700, Ray Dillinger wrote: > Which IMO leaves non-technical reasons. It could be a subterfuge > to try to hinder crypto adoption, or to get that focused analytical > attention on ECC, or an attempt to get people to stop using something > they don't know how to break. Heck, it could even be a legitimate > attempt to protect the security of the nation's infrastructure; you > just never know with these guys. Just another fun conspiracy theory : They dislike that small key sizes encourage people to use a *lot* of crypto, maybe including the long -term forward-secrecy found in Axolotl based system. Axolotl becomes as strong as a deterministic one-time pad if they miss the wrong message. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves