On Wednesday 05 Aug 2015 16:35:29 Jeff Burdges wrote: > As I understand it, there are no mature post-quantum Diffie-Hellman > alternatives, but NTRU is a relatively mature post-quantum public key > system. Any attempt to use NTRU thus requires three steps.
You might find Post-quantum key exchange for the TLS protocol from the ring learning with errors problem Joppe W. Bos and Craig Costello and Michael Naehrig and Douglas Stebila https://eprint.iacr.org/2014/599 and the works reference therein interesting. The status of Ring-LWE is that we have reasonable asymptotic hardness guarantees (i.e. you can solve GapSVP on ideal lattices if you can solve Ring- LWE) but how to pick parameters is perhaps a little bit less mature: we essentially pick parameters for LWE and then use Ring-LWE with those parameters, because we don't know how to exploit the additional ring structure to make attacks go faster. Cheers, Martin -- .www: https://martinralbrecht.wordpress.com .pgp: 40BC 7F0D 724B 4AB1 CC98 4014 A040 043C 6532 AFB4 .xmpp: [email protected] .twitter: https://twitter.com/martinralbrecht .keybase: https://keybase.io/martinralbrecht
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
