Re: State of Post Quantum Cryptography?

On 2024-05-02 10:20, The Running Man wrote:

What is you guys take on PQC (Post Quantum Cryptography) algorithms? I know the NIST has held a contest and that there are winners, but do you guys think they're safe to use?
 I fear they may be broken in the future thereby destroying the security and privacy of millions of unsuspecting users. Current cryptographic algorithms are known to be safe and will be for at least the coming decades. OTOH these new PQC ciphers hold the promise of eternal confidentiality which current ciphers cannot guarantee.

If any bad actor has a quantum computer with just a few more Qubits
than the ones demonstrated in public, they can break most current public key algorithms using known attack algorithms written a long time ago for
such (then hypothetical) computers.  They can also break symmetric
encryption at the same difficulty as if the key length was half as many
bits (thus AES 128 would be as weak as IDEA, AES 256 as weak as AES
128).

 I myself am very much in doubt whether to use PQC or stick with known ciphers.
 

 From what I read so far, the most promising PQC signature algorithm is the Merkle scheme in RFC8554 and RFC8391, though a secure implementation will take serious work.
Key exchange will be harder, though the DJB-sponsored proposal for a "Classic McElice" variant may be solid.
Any PQC public key algorithm will need to be combined with double strength symmetric algorithms.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded