If I understand your point correctly, QC doesn't improve the rate at which hash collisions may be found, at least not by any currently known (to me) algorithm. In the case of the asymmetric algorithms, Shor's algorithm and close variants make an attack on the keyspace more practical. (When sufficiently capable QCs are practical). There are published results that support those statements. For similar reasons, symmetric cryptography loses strength to N/2 bits for N bits keys. So e.g. AES-256 will have 128 bits of security in a post-QC world.
Mike -----Original Message----- From: m...@sandelman.ca [mailto:m...@sandelman.ca] On Behalf Of Michael Richardson Sent: Wednesday, August 19, 2015 22:05 To: Mike Borza <mbo...@elliptictech.com> Cc: Dan Harkins <dhark...@lounge.org>; IPsecME WG <ipsec@ietf.org> Subject: Re: [IPsec] PSK mode Mike Borza <mbo...@elliptictech.com> wrote: > They don't mention IKEv2. I don't know IKEv2 well enough to know > whether there are any symmetric PSK authentication schemes, but if not, > perhaps there should be. The point they're making is that the There are PSK methods. But, all the methods also use traditional DH, and IKEv2 defines ECDH methods (AFAIK, haven't implemented yet). I wonder if QC factoring of ECC easier than finding SHA1/SHA2/etc. collisions, or if there is less effort being spent on the secure hashes. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
