On Fri, Sep 6, 2013 at 6:13 AM, Jaap-Henk Hoepman <j...@cs.ru.nl> wrote:

> Bruce Schneier writes: "Prefer symmetric cryptography over public-key
> cryptography." The only reason I can think of is that for public key crypto
> you typically use an American (and thus subverted) CA to get the recipients
> public key.

As soon as someone builds a large quantum computer (probably at least 10
years away, even for the NSA) most of the public key cryptosystems we use
today will be easily breakable with e.g. Shor's algorithm. Symmetric
algorithms will take a hit as well, with their keyspace cut in half, but
that's the equivalent of going from 256-bit keys to 255-bit keys, so
symmetric crypto will weather the post-quantum era just fine.

In order to beat quantum computers, we need to use public key systems with
no (known) quantum attacks, such as lattice-based (NTRU) or code-based
(McEliece/McBits) algorithms. ECC and RSA will no longer be useful.

Tony Arcieri
The cryptography mailing list

Reply via email to