On Thu, Sep 29, 2016 at 12:16:40PM -0700, Ray Dillinger wrote: > Post-Quantum security recommendations for symmetric ciphers (the keys to > which are the material that are most of what public-key algorithms are > used to encrypt) recommend 256-bit keys and recommend NOT using AES-256 > in particular.
Hi Ray, Do you have a citation for this claim? I have a counter-citation: Section 2, "Symmetric Encryption" recommends AES-256 and Salsa20 with a 256-bit key: https://pqcrypto.eu.org/docs/initial-recommendations.pdf Though it's not an ECC issue, and maybe I misunderstood what you wrote. Nicolai _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves