Hacker News new | past | comments | ask | show | jobs | submit login

You would need an obscenely large key size to make RSA post-quantum secure. The speedup a quantum computer gives you isn't some linear factor. People have explored what that would look like: https://cr.yp.to/papers/pqrsa-20170419.pdf

But more importantly:

1. No, quantum computers that big don't exist.

2. If they are somewhat practical, you really want perfect forward secrecy so they at least have to break a classically hard problem _every time_, which is unlikely with home-rolled RSA systems.

3. If you do care about post-quantum KEX (because your information needs to be secret for longer than you can count on quantum computers not being practical), we have faster alternatives, like SIDH.






3a. Doing ECDH (e.g. over Curve25519) and SIDH (or SIKE, the NIST flavor of SIDH) and hashing both together (e.g. with BLAKE2) is a sensible insurance policy against breakthrough attacks against SIDH.



Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: