Wishlist: Post-Quantum Cryptography #461
Comments
|
What about hash-based signatures?
If I were to work on such a codebase, what would the preference be for integration into LTC? Or something else? Suggestions/direction being solicited. Thanks. |
|
@dmwheel1 @sjaeckel I think the priorities are : complete cryptosystems with low footprint > complete cryptosystems with high footprints > pure signature schemes, also those who are being standardized > those made by others |
|
@DonaldTsang XMSS and LMS actually ARE part of the NIST PQC set, but are not experimental, so they do not fall into the Round Two set - their security is not in question, since they are based on solid cryptographic techniques going back to the mid-1970's. See https://csrc.nist.gov/Projects/stateful-hash-based-signatures/news and the draft standard here https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208-draft.pdf BTW, one of my team members is working on BIKE and Classic McEliece, so a future contribution in this area would be possible. |
|
@dmwheel1 in that case are there any documents that give info into which current cryptographic algorithms is based on what other algorithms/principles? Good to have BIKE people here tho. |
|
@DonaldTsang I am not aware of a specific documentation that lists the relations among the PQC candidates, though I have seen some categorizations in various papers and presentations. My comment regarding SPINCS+ is based on my personal analysis reading the HBS academic papers and standards. |
|
I think it makes sense to go with standardized solutions for now instead of spending effort on proposals. If it doesn't have an RFC or other freely available specification (i.e. IETF, NIST or some other standards body published it) it doesn't make sense to be included IMO. Regarding the integration, I like the proposal of going with b) and putting them in If we'll ever go and add "draft" algorithms (which I doubt since the issue with #256) I'd propose to add new |
|
The problem is that nothing Post-Quantum related are standardized yet, all the citations made are proposals that are so close of being standardized. |
|
@DonaldTsang Respectfully, I believe you are mistaken regarding HBS algorithms not being standardized (or we have different views of that definition). Both XMSS and LMS are published standards out of the IETF Crypto Research Group (link above). NIST has published their DRAFT standard and the public comment period is over (link above), meaning that publication of the final standard is imminent (definition of imminent with a government involved and in these COVID-19 challenging times is up for debate ;-) ). If NIST publishes their specification, would that meet your definition of a standardized algorithm, or would you look for other criteria? |
|
They have an RFC -- yes I'm aware the RFC's are only informational and from the IRTF/CFRG, not IETF -- but I call this usually standardized. Or am I wrong there? |
|
The CFRG (Crypto Forum Research Group) - the crypto group at IETF - only publishes informational RFCs. Until I started regularly attending IETF meetings, I was unaware of this fact. The CFRG actually is organized in the research side of the group (the IRTF) not the engineering side (the IETF). |
|
OpenSSH ships with a post quantum algorithm enabled by default. OpenSSH 9.0/9.0p1 (2022-04-08)
|
|
SIDH/SIKE are proven "insecurable" & the authors have posted such @ NIST. Could the top post be updated? |
Proven insecure and therefore removed from the list
SIDH https://github.com/Microsoft/PQCrypto-SIDH and https://github.com/sidh-crypto/sidh-c-reference and https://github.com/tigusoft/libsidhms, c.f. Wishlist: Post-Quantum Cryptography #461 (comment)The text was updated successfully, but these errors were encountered: