On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: > On 01/12/2015 07:29 PM, Rich Freeman wrote: > > On Mon, Jan 12, 2015 at 1:06 PM, Kristian Fiskerstrand > > <k...@gentoo.org> wrote: > >> > >> One issue with DSA/ElGamal is the requirement for a random k > >> value while signing/encrypting, > > > > Thanks - that was very informative. I guess the thing that makes > > me more concerned about RSA is that Shor's algorithm makes it > > quite possible that it will be defeated at some point in the > > future, perhaps without public disclosure. > > Shor's would be effective against discrete logs (including ECC) as > well, so wouldn't be applicable to this selection. For post-quantum > asymmetric crypto we'd likely need e.g a lattice based primitive.
Why not to use post-quantum signing together with a traditional one? app-crypt/codecrypt is already in tree and provides an GnuPG-like solution based on post-quantum cryptography. It would be no harm to use this solution together with GnuPG, e.g. have two detached signatures: a traditional RSA-4096 and a post-quantum one. Best regards, Andrew Savchenko
pgpPekacU63L_.pgp
Description: PGP signature
