Hi Viktor, Viktor Dukhovni wrote: > On Wed, Nov 19, 2014 at 11:37:39PM +0100, Aaron Zauner wrote: > >> Yup, I meant the post-quantum stuff w.r.t. asking CFRG. I'm >> subscribed there, and some people working on exactly that topic >> are as well. But to be honest I don't see a pressing reason to >> do so right now. > > You'll likely get a simple answer. The quantum attack on block > ciphers, were it to become practical, is IIRC a generic O(N)->O(sqrt(N)) > search speedup. This is very much unlike the situation with RSA > or ECDH where the Shor attack is far more devastating. > > There are IIRC no published quantum speedups against block ciphers > except for the generic one.
Thanks for your insight. Yes I'm aware that Grover's algorithm is the best speedup for symmetric crypto. That was more of a general question on pqcrypto algorithm guidance, but as far as I know none of them are suitable for use in TLS /right now/. But I'm also not an expert on that subject. > I don't know whether the CFRG can answer either question, but I'd > guess that Scott Aaronson is not yet saving up to buy his first QC > PC on Amazon. > Heh. :) Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
