[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4

File: 1492336369054.png (62.55 KB, 300x169, 48ab9a77gy1fcv5321i9wj20qt0ax0tc.jpg)


Hi lainons, this is the Post-Quantum Cryptography thread!

Although the threat of quantum computers is currently not a concern, but any individual who cares about privacy, cryptography or security needs to learn more about PQC right now, before the quantum apocalypse.

Feel free discuss anything relevant, e.g. practical software solutions that utilize PQC, theoretical development.

As a starter, here's a list of recommendations. If you know more, share it!



i2p-bote, decentralized email, NTRU encryption.


Goldbug, instant messaging, NTRU and McEliece.


C Implementation of NTRUEncrypt.



Daniel Bernstein - The Post-Quantum Internet


Phong Nguyen - Lattice-Based Cryptography


Tanja Lange - Code-Based Cryptography


Jintai Ding - State of Art of MPKC


Dustin Moody - Post-Quantum Cryptography: NIST's Plan for the Future


>Codecrypt, a GnuPG-lie unix program for encryption and signing that uses only quantum-computer-resistant algorithms:



The definitive website for theoretical PQC, made by Daniel Bernstein himself.



Why won't normal cryptology work on the quantum computing networks ?


A lot of modern cryptography is based on the difficulty of the discrete log problem, but Shor's algorithm can crack that in polynomial-time on a large enough quantum computer.


Symmetric ciphers are still defending you against quantum computers, but all security bits will be square-rooted, 128-bit is 64-bit. If you encrypt your data with a passphrase and AES-256 (SHA-384 for HMAC) you have already defeated the quantum computers anyway.

Public key cryptography will be another story... I wonder should I write a FAQ for people who have never heard of PQC.



Why SHA-384 for HMAC? HMAC-SHA-256 will still give you 128-bits of security, no?


yes, but in the worst case the security bit of hash functions can be cube-rooted, this attack is unlikely according to a DJB paper, but for some reasons from one of NIST documents, NIST P-256, RSA-2048 and SHA-256 are all derezzed for encrypting secret government documents, apparently the NIST/NSA is worrying about quantum computers and they want to extend the length to gain some extra time.

I cannot find that document, but I'll post it later after I find it, but ironically I remembered the NIST server that hosted that PDF was using a SHA-1 certificate.


oh the word filter... It's amusing given the correct context, but this time is not the case.


> Public key cryptography will be another story... I wonder should I write a FAQ for people who have never heard of PQC.

please do, beginner level too if possible


idea: write it for next edition of lainzine


The math of PQC is far-beyond my ability. I think I could write it from a user's point of view.

good idea. btw does the recent disruption affect lainzine?


File: 1492501677878-0.png (219.42 KB, 212x300, jcssp.2015.64.70-1.pdf)

File: 1492501677878-1.png (451.25 KB, 232x300, LOW-RES-GPAA-21-1-135550-1-59-1.pdf)

>>73 >>79

I came into these papers a while ago. the reading is dense but it's mostly just lin alg


>the reading is dense but it's mostly just lin alg

That sounds like physics alright.


I'n studying Quantum Mechanics atm actually.

And all of those pop-sci explanations of quantum computing letting you have 'not just 1s and 0s but also a third bit that is both at the same time!' make my blood boil. If you ever read an explanation of quantum computing that describes it using Schrodinger's Cat, stop reading and close the tab.

Quantum computing is about using overlapping probability waveforms that can interfere and cancel each other out at certain places. The idea is that by setting up the right waveforms, you can use their interference to find that the probabilities of the wrong answer cancels out to zero, and the probability of the right answer is the only one left.

All this gumpf about 'parallel processing' is complete soykafe, or at least not related to quantum computing in the core sense.


doesn't really affect lainzine, it was hosted on gitla.in
issue 4 was done but is getting reformatted due to some issues
can you also tell us how it's going to be used in the future? (in the correct, non-schroedingers cat way)



The main thing about quantum computing as I understand it, is that it will never be useful for new problems - it requires a very specific and fiddly setup to get the appropriate waveforms for a problem.

At the moment we can only use quantum computing for a select few simple problems, and while it seems likely in the future we'll be able to use it for more and more problems, I don't think its a generic one-size-fits-all solution to every single computing problem.


That was the take-away line from this blog which you might enjoy: http://www.scottaaronson.com/blog/


lainzine is moderated by Junk though, probably moving over to .jp if he's that arrogant :/


I worried about that too, asked him but he said he's probably going to change it too just lainchan's lainzine, without a specific domain



abstracted from the physics. it's more computational, you won't need a phys background to get it


a vector of qbits each has a probability of being in one of two given states on observation, that looks like a probability distribution. great. now you can operate on bit vectors to change the distributions. build a circuit with gates that operate on probability distributions of qbit vectors. check the value of the output. check the value a few times. you can induce the distribution of outputs from a relatively small number of values.

good for finding collisions, not a nondeterministic turing machine, can't represent extra bits with two bits, no time travel, no infinite resources, no virtual infinite parallelism. you can solve certain probability problems in fewer cycles. algorithms will precede hardware as people do stuff with math.

so far as I understand anyway.