[Cryptography] SPHINCS: practical hash-based digital signatures
benl at google.com
Wed Oct 8 11:03:17 EDT 2014
On Tue Oct 07 2014 at 10:51:21 PM Hanno Böck <hanno at hboeck.de> wrote:
> I like it that the whole area of post-quantum-crypto is getting more
> attention lately.
> However what immediately catched my attention: The webpage says
> "Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB"
> The signature size is a problem. It makes the claim that it's a
> "drop-in replacement" for current signature schemes somewhat
> 41 kb may not seem much, but consider a normal TLS handshake. It
> usually already contains three signatures (2 for the certificate chain
> and one for the handshake itself). That already makes 120 kb.
> It may not seem that much, but it definitely is an obstacle because this
> would significantly impact your loading time.
Definitely a deal breaker for HTTPS.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography