
Post-quantum cryptography - krzysiek
https://en.wikipedia.org/wiki/Post-quantum_cryptography
======
foldor
You know, I'm actually looking forward to the day that we can break existing
cryptography. There's a lot of devices that are consumer unfriendly due to
their security. Most famously, video game consoles. If we could break their
security, it would open them wide to running custom code without tricky hacks
that are inaccessible to the average end user. It would also allow enthusiast
devs to release new games on disc and have them just boot on an unmodified
console. This is something that happens already on older retro consoles like
the NES where there security has already been broken.

~~~
thfuran
But the next generation will then switch to state of the art encryption that
isn't readily broken. Unless we end up breaking all known encryption before
coming up with viable replacements. Which I think would be far worse than any
gains in console hacking could possibly offset.

------
dvh
What is the largest integer factorized on quantum computer to this day?

~~~
detaro
I assume you mean the largest integer factorized: factorizing a prime is
pretty pointless.

376289 per
[https://crypto.stackexchange.com/a/59796](https://crypto.stackexchange.com/a/59796),
depending what you count and don't count.

~~~
Aardwolf
Even better would be to ask what is the largest integer that has two large
prime factors that was factored, since factoring e.g. a large power of 2 is
easy

------
EGreg
I saw that NIST was considering a new breed of post-quantum PKI functions.
Which would you recommend to use, if we wanted to make quantum resistant
private key signing and encryption today?

~~~
buu700
For Cyph[1], we went with SPHINCS[2] for signing and a combination of McEliece
(specifically McBits[3]), NTRU[4], and SIDH[5] for public key encryption.

We also considered QcBits[6] as a more space-efficient alternative to
McEliece, but it just seemed too new / not well understood for our tastes, and
last I saw there was a recent attack on it that hadn't been mitigated yet.
Definitely keeping an eye on it for the future though.

\---

1: [https://www.cyph.com/castle](https://www.cyph.com/castle)

2: [https://sphincs.cr.yp.to](https://sphincs.cr.yp.to)

3: [https://tungchou.github.io/mcbits](https://tungchou.github.io/mcbits)

4: [https://github.com/NTRUOpenSourceProject/ntru-
crypto](https://github.com/NTRUOpenSourceProject/ntru-crypto)

5: [https://github.com/Microsoft/PQCrypto-
SIDH](https://github.com/Microsoft/PQCrypto-SIDH)

6: [https://tungchou.github.io/qcbits](https://tungchou.github.io/qcbits)

~~~
A2017U1
Note: there's a few dozen NTRU entries in the post quantum comp.

~~~
buu700
We're using the implementation I linked with parameter set EES743EP1.

------
octosphere
Is Bitcoin quantum resistant? Just asking for a friend. It would be
embarrassing if Bitcoin's crypto was undermined in the near future.

~~~
Cobord
[https://arxiv.org/ftp/arxiv/papers/1711/1711.04235.pdf](https://arxiv.org/ftp/arxiv/papers/1711/1711.04235.pdf)

