-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/13/2015 05:58 AM, Andrew Savchenko wrote: > On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote: >> On 01/12/2015 07:29 PM, Rich Freeman wrote: >>> On Mon, Jan 12, 2015 at 1:06 PM, Kristian Fiskerstrand >>> <k...@gentoo.org> wrote: >>>> >>>> One issue with DSA/ElGamal is the requirement for a random k >>>> value while signing/encrypting, >>> >>> Thanks - that was very informative. I guess the thing that >>> makes me more concerned about RSA is that Shor's algorithm >>> makes it quite possible that it will be defeated at some point >>> in the future, perhaps without public disclosure. >> >> Shor's would be effective against discrete logs (including ECC) >> as well, so wouldn't be applicable to this selection. For >> post-quantum asymmetric crypto we'd likely need e.g a lattice >> based primitive. > > Why not to use post-quantum signing together with a traditional > one? app-crypt/codecrypt is already in tree and provides an > GnuPG-like solution based on post-quantum cryptography.
My opinion is that it would only increase the complexity of things, in particular requiring a double set of trust paths / WoT. When such a shift becomes a prudent move (my interpretation of that is that it is advocated by people far more knowledgeable about crypto than I am) a lattice-based primitive (McEliece as used by this tool is part of this class) is likely to be brought into OpenPGP as an encryption algorithm by form of extension to RFC4880 (or part of an updated V5 key format). > > It would be no harm to use this solution together with GnuPG, e.g. > have two detached signatures: a traditional RSA-4096 and a > post-quantum one. The harm would be overhead, both computationally and not the least operationally to establish valid trust paths. Keep in mind that if it is to be any use, several steps would need to be fulfilled including that operational security perimeters would need to match the requirements, so all devs would need lattice-based keys in additional to classical keys, and probably make adjustments to their overall life to match such a key requirement. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUtNt/AAoJEPw7F94F4Tag2HcP+wZTK1vLR1q0fYlGTAUi7I8G 3cWMrSAAVXqpfzezb7x/PYUm99y0G6gE9lmfkKQNG9sX6u/LsJDd7x6t92w99nI/ aJzYZi6WX5LKX7o22mFsSp8CjzJJwoNpdngKySjiTnFkMcsRmBANZnktsvxjKTS3 bgusId9LsT1w/hcXmIxmBUaM7hudffrV53XYdJtnlFPCCx6iLM4vQcjKxCQ60v67 LU11PWNw3Z7/M2UFHkWULMPYfezAUclTqdcMLTWNlWHugF2GJ8CTyrCTErV+ABKA f3awAB2rga2+gIwHiBtqPcepw8e0iFfzG3/NmQh2Q3+q6FwAgUyQL5NUzZI9GBqX xcwFJ2Y1OtMKvlJapHntZSXrwcj8uZvGC1DG+Srf0b+LF5JZUslp1F/aNPwHgpq/ GxM32EXtCHCN9w1BMlqrQSr1RE9NVKdcy43XEYSMA8D865+YqkHBnjylPrz5o+Q3 +r4iumNTBeyts7m4wWCcBHaFQCJJGsuy/JLcWQVTmq2zX3Y17atQh5UX83dzphP+ L8t3A0DXKdpJrbt0TcaxaYOaMcSp6eP+Two9UBRH3lJQzjydO70s2+YzyO55buJJ pjMZ1OAX/VH5NpNPWQlLUPWuZO9FlOarjYbg91DZtIEXf1d1/rTQ8edM/tbtq75Q pUPjmePbp6rw3y2AI4WF =MLZo -----END PGP SIGNATURE-----
