Any thoughts on doing public-key crypto with a memory hard group operation so as to limit the effectiveness of Shor's algorithm?
I know calculations on some elliptic curve types can become more efficiently with a few extra coordinates. Any idea if one can choose the curve to blow that up so that doing operations fast needs many thousands of coordinates? And still keep the compressed point small? Thanks, Jeff p.s. As I understand it, nilpotent groups are still vulnerable to Shor's algorithm : http://arxiv.org/pdf/1509.05806.pdf There are tricks for embedding complex objects into commutators of nilpotent groups, but I donno any believable crypto that uses nilpotent groups.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves