On 2016-02-01 10:27, Antonio Sanso wrote:
hi *,
I know that this might sounds a bit crazy but I think that is time to kind of
think about Post Quantum Cryptography (and JOSE should not be left out).
But let me rewind a bit.
According to the last research (done from IBM et al) and NSA suggestions,
having a quantum computer is “only” 8/15 years from now (maybe earlier)
Taking as example JWS it support RSA signature. A quantum computer will break
computer will break totally this (thanks to Show algorithms).
Thinking about start to expand JWS specification to use some of the PQC is not
so inimmaginable IMHO.
For example having JWS supporting Hash based signatures would be a great move
(always IMHO :)) for JOSE and JWS.
WDYT?
I'm a complete n00b when it comes to PQC but if the scheme you suggested
https://en.wikipedia.org/wiki/Merkle_signature_scheme
is considered useful, it shouldn't be particularly difficult to implement.
If I interpret this correctly, you would have to regenerate signature keys
quite frequently which requires a specific infrastructure to work. OTOH,
short-lived keys are actually quite handy in more traditional systems as well
so this is definitely worth investigating.
Clear text signature schemes like JCS should be ideally suited for PQC since
signature data seems to become the major part of a signed object.
Anders
antonio
P.S. a great post about Hash based signatures and Merkle tree is at
https://www.imperialviolet.org/2013/07/18/hashsig.html
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
