[Cryptography] Opinions on signatures algorithms for post-quantum crypto?

Bill Cox waywardgeek at gmail.com
Tue Dec 8 00:57:44 EST 2015


On Mon, Dec 7, 2015 at 10:00 AM, David Wong <David.Wong at nccgroup.trust>
wrote:

> Thoughts? Isn't that weird?
> David
>

OK, since you're asking the high-noise crypto list for opinions, I'll offer
my high-noise $0.02.

I read the pseudo-code for NTRU.  I have not attacked this problem enough
to get a feel for it, but my dumb arm-chair crypto knee-jerk reaction is
that it is a bit scary.  There are plenty of NP-complete problems where it
is difficult to state an instance that is hard to solve, such as graph
isomorphism.  This particular NP-complete problem looks harder, but I am
concerned...

Multi-variate quadratics worry me even more.  Also, the mqqsig256 algorithm
needs 789552 bytes for it's public key, which seems like a non-starter.

So, I'm back to hoping that NTRU or a similar algorithm will pan out.  At
some point I need to waste a few weeks attacking it to convince myself that
it's core problem is likely difficult enough.  I'm not nearly as good at
this as a bunch of skilled cryptographers, but a person flaw I have is that
I don't trust anyone else to do the analysis.  I see security flaws
everywhere I look.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151207/ee6457f8/attachment.html>


More information about the cryptography mailing list