
The year in post-quantum crypto [video] - ianopolous
https://media.ccc.de/v/35c3-9926-the_year_in_post-quantum_crypto
======
MrXOR
The Slide of this talk:

[https://fahrplan.events.ccc.de/congress/2018/Fahrplan/system...](https://fahrplan.events.ccc.de/congress/2018/Fahrplan/system/event_attachments/attachments/000/003/695/original/slides.pdf)

------
dvh
Last time I asked what is largest integer factorised using quantum computer.
There are multiple answers depending on the algorithm, but for the one that
can scale into cryptographic levels, the answer is 21.

~~~
TrueTom
_High-fidelity adiabatic quantum computation using the intrinsic Hamiltonian
of a spin system: Application to the experimental factorization of 291311_

[https://arxiv.org/abs/1706.08061](https://arxiv.org/abs/1706.08061)

~~~
dvh
This algorithm doesn't scale to crypto levels.

------
analogmind
Terabyte priv/pub keys, "we are the leading pq lattice based implementation",
broken implementations, attack scripts. I have the feeling a lot of
submissions are the result of pressure on academia to publish...

~~~
A2017U1
While likely right, that particular entry was more a comedy submission by djb
himself, no one is taking pqRSA seriously, the merging of the sig/encryption
versions too was itself hilarious and a subtle metajoke about how big the
competition is. There's plenty on the line here and govts know it, there's a
little bit of a lottery feeling associated with it all.

I do like their honesty about people going after easy targets. The real goal
here is breaking some of the big contenders and hopefully more people have a
crack.

SIKE and NTRU needs some serious attention/money/cred associated with breaking
it

~~~
jepler
The danger is that people, like me, will have literally no idea that this is a
"comedy submission". I mean, I know that djb is well-respected in his field
and so as an interested layperson I would tend to assume that anything that
looks serious is serious. In fact, I did just that when I tried to read the
pqRSA paper...

~~~
tptacek
Why is that a danger?

~~~
cyphar
They might decide to use it, or push for its use in some product. Obviously
it's an extreme example, but stuff like that does happen (not that I think
cryptographers shouldn't have fun).

~~~
tptacek
You don't think that anyone who would non-ironically implement this paper
would do just as much damage with every reasonable cryptography paper?

