Andrew Savchenko schrieb:
On Mon, 12 Jan 2015 19:44:46 +0100 Kristian Fiskerstrand wrote:
Shor's would be effective against discrete logs (including ECC) as
well, so wouldn't be applicable to this selection. For post-quantum
asymmetric crypto we'd likely need e.g a lattice based primitive.
Why not to use post-quantum signing together with a traditional one?
Indeed. Problem is that so-called post-quantum cryptosystems are
sometimes not even secure against non-quantum computers. I remember back
when NTRU was the latest hotness, and the breaking and fixing ping-pong
that security researchers played between conferences with it,
particularly with the signature part.
None of these has stood the test of time like RSA or DLP-based crypto.
If post-quantum signing is desired, I agree that it should be strongly
considered using it in addition to traditional signing.
Best regards,
Chí-Thanh Christopher Nguyễn
