[ art /
civ /
cult /
cyb /
diy /
drg /
feels /
layer /
lit /
λ /
q /
r /
sci /
sec /
tech /
w /
zzz ]
archive provided by **lainchan.jp**

[ Return /
Go to bottom ]

File: 1492336369054.png (62.55 KB, 300x169, 48ab9a77gy1fcv5321i9wj20qt0ax0tc.jpg)

Hi lainons, this is the Post-Quantum Cryptography thread!

Although the threat of quantum computers is currently not a concern, but any individual who cares about privacy, cryptography or security needs to learn more about PQC right now, before the quantum apocalypse.

Feel free discuss anything relevant, e.g. practical software solutions that utilize PQC, theoretical development.

As a starter, here's a list of recommendations. If you know more, share it!

Software

>https://github.com/i2p/i2p.i2p-bote

i2p-bote, decentralized email, NTRU encryption.

>http://goldbug.sourceforge.net/

Goldbug, instant messaging, NTRU and McEliece.

>https://github.com/tbuktu/libntru

C Implementation of NTRUEncrypt.

Lectures

>https://www.youtube.com/watch?v=bbkCBlWfwaQ

Daniel Bernstein - The Post-Quantum Internet

>https://www.youtube.com/watch?v=MG6g04R_Ims

Phong Nguyen - Lattice-Based Cryptography

>https://www.youtube.com/watch?v=EqRsel-rXac

Tanja Lange - Code-Based Cryptography

>https://www.youtube.com/watch?v=FrM6zAuI7-4

Jintai Ding - State of Art of MPKC

>https://www.youtube.com/watch?v=nfLAVybabMs

Dustin Moody - Post-Quantum Cryptography: NIST's Plan for the Future

Although the threat of quantum computers is currently not a concern, but any individual who cares about privacy, cryptography or security needs to learn more about PQC right now, before the quantum apocalypse.

Feel free discuss anything relevant, e.g. practical software solutions that utilize PQC, theoretical development.

As a starter, here's a list of recommendations. If you know more, share it!

Software

>https://github.com/i2p/i2p.i2p-bote

i2p-bote, decentralized email, NTRU encryption.

>http://goldbug.sourceforge.net/

Goldbug, instant messaging, NTRU and McEliece.

>https://github.com/tbuktu/libntru

C Implementation of NTRUEncrypt.

Lectures

>https://www.youtube.com/watch?v=bbkCBlWfwaQ

Daniel Bernstein - The Post-Quantum Internet

>https://www.youtube.com/watch?v=MG6g04R_Ims

Phong Nguyen - Lattice-Based Cryptography

>https://www.youtube.com/watch?v=EqRsel-rXac

Tanja Lange - Code-Based Cryptography

>https://www.youtube.com/watch?v=FrM6zAuI7-4

Jintai Ding - State of Art of MPKC

>https://www.youtube.com/watch?v=nfLAVybabMs

Dustin Moody - Post-Quantum Cryptography: NIST's Plan for the Future

>Codecrypt, a GnuPG-lie unix program for encryption and signing that uses only quantum-computer-resistant algorithms:

https://github.com/exaexa/codecrypt

https://github.com/exaexa/codecrypt

Why won't normal cryptology work on the quantum computing networks ?

>>33

Symmetric ciphers are still defending you against quantum computers, but all security bits will be square-rooted, 128-bit is 64-bit. If you encrypt your data with a passphrase and AES-256 (SHA-384 for HMAC) you have already defeated the quantum computers anyway.

Public key cryptography will be another story... I wonder should I write a FAQ for people who have never heard of PQC.

Symmetric ciphers are still defending you against quantum computers, but all security bits will be square-rooted, 128-bit is 64-bit. If you encrypt your data with a passphrase and AES-256 (SHA-384 for HMAC) you have already defeated the quantum computers anyway.

Public key cryptography will be another story... I wonder should I write a FAQ for people who have never heard of PQC.

>>61

yes, but in the worst case the security bit of hash functions can be cube-rooted, this attack is unlikely according to a DJB paper, but for some reasons from one of NIST documents, NIST P-256, RSA-2048 and SHA-256 are all derezzed for encrypting secret government documents, apparently the NIST/NSA is worrying about quantum computers and they want to extend the length to gain some extra time.

I cannot find that document, but I'll post it later after I find it, but ironically I remembered the NIST server that hosted that PDF was using a SHA-1 certificate.

yes, but in the worst case the security bit of hash functions can be cube-rooted, this attack is unlikely according to a DJB paper, but for some reasons from one of NIST documents, NIST P-256, RSA-2048 and SHA-256 are all derezzed for encrypting secret government documents, apparently the NIST/NSA is worrying about quantum computers and they want to extend the length to gain some extra time.

I cannot find that document, but I'll post it later after I find it, but ironically I remembered the NIST server that hosted that PDF was using a SHA-1 certificate.

File: 1492501677878-0.png (219.42 KB, 212x300, jcssp.2015.64.70-1.pdf)

File: 1492501677878-1.png (451.25 KB, 232x300, LOW-RES-GPAA-21-1-135550-1-59-1.pdf)

I'n studying Quantum Mechanics atm actually.

And all of those pop-sci explanations of quantum computing letting you have 'not just 1s and 0s but also a third bit that is both at the same time!' make my blood boil. If you ever read an explanation of quantum computing that describes it using Schrodinger's Cat, stop reading and close the tab.

Quantum computing is about using overlapping probability waveforms that can interfere and cancel each other out at certain places. The idea is that by setting up the right waveforms, you can use their interference to find that the probabilities of the wrong answer cancels out to zero, and the probability of the right answer is the only one left.

All this gumpf about 'parallel processing' is complete soykafe, or at least not related to quantum computing in the core sense.

And all of those pop-sci explanations of quantum computing letting you have 'not just 1s and 0s but also a third bit that is both at the same time!' make my blood boil. If you ever read an explanation of quantum computing that describes it using Schrodinger's Cat, stop reading and close the tab.

Quantum computing is about using overlapping probability waveforms that can interfere and cancel each other out at certain places. The idea is that by setting up the right waveforms, you can use their interference to find that the probabilities of the wrong answer cancels out to zero, and the probability of the right answer is the only one left.

All this gumpf about 'parallel processing' is complete soykafe, or at least not related to quantum computing in the core sense.

>>97

The main thing about quantum computing as I understand it, is that it will never be useful for new problems - it requires a very specific and fiddly setup to get the appropriate waveforms for a problem.

At the moment we can only use quantum computing for a select few simple problems, and while it seems likely in the future we'll be able to use it for more and more problems, I don't think its a generic one-size-fits-all solution to every single computing problem.

The main thing about quantum computing as I understand it, is that it will never be useful for new problems - it requires a very specific and fiddly setup to get the appropriate waveforms for a problem.

At the moment we can only use quantum computing for a select few simple problems, and while it seems likely in the future we'll be able to use it for more and more problems, I don't think its a generic one-size-fits-all solution to every single computing problem.

>>103

That was the take-away line from this blog which you might enjoy: http://www.scottaaronson.com/blog/

That was the take-away line from this blog which you might enjoy: http://www.scottaaronson.com/blog/

>>94

abstracted from the physics. it's more computational, you won't need a phys background to get it

>>97

a vector of qbits each has a probability of being in one of two given states on observation, that looks like a probability distribution. great. now you can operate on bit vectors to change the distributions. build a circuit with gates that operate on probability distributions of qbit vectors. check the value of the output. check the value a few times. you can induce the distribution of outputs from a relatively small number of values.

good for finding collisions, not a nondeterministic turing machine, can't represent extra bits with two bits, no time travel, no infinite resources, no virtual infinite parallelism. you can solve certain probability problems in fewer cycles. algorithms will precede hardware as people do stuff with math.

so far as I understand anyway.

abstracted from the physics. it's more computational, you won't need a phys background to get it

>>97

a vector of qbits each has a probability of being in one of two given states on observation, that looks like a probability distribution. great. now you can operate on bit vectors to change the distributions. build a circuit with gates that operate on probability distributions of qbit vectors. check the value of the output. check the value a few times. you can induce the distribution of outputs from a relatively small number of values.

good for finding collisions, not a nondeterministic turing machine, can't represent extra bits with two bits, no time travel, no infinite resources, no virtual infinite parallelism. you can solve certain probability problems in fewer cycles. algorithms will precede hardware as people do stuff with math.

so far as I understand anyway.