[Cryptography] NSA looking for quantum-computing resistant encryption. How will encryption be affected by quantum computing

[Jon Callas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


> On Sep 2, 2015, at 10:26 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> 
> The truth is that we really have no idea.  Since the NSA never makes any of
> its procedures or reasoning public, it could be absolutely anything.  The
> principle of least surprise says it's 2-alt (based on a combination of the
> unlikelihood of the NSA knowing something about QC that the entire rest of the
> world doesn't, and having worked with government departments and seen how a
> single manager with a fixation on something can skew how its treated), but in
> practice who knows...

Another option, which I believe when I’m grumpy is that after years of pushing us to ECC over RSA, they’ve decided that the NIST curves have problems. Maybe the math crowd fessed up to the IA people about the break they’ve been sitting on. Maybe some other issue.

And so at this point, they’re saying, "Look, over there, it’s Halley’s Comet!" and getting us distracted from the real point, which is that maybe RSA 3K is okay, or get a new curve.

But yes, we have no idea. But I have a raised eyebrow.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: utf-8

wsBVAwUBVevSdPD9H+HfsTZWAQjACwgAnIf/Oosn/y+QDOiZWgWo9hVjh5BsMQf5
RNIEpHS9Ek4d5I2FntefJ4xgM8ZCtwtVVR+UAhf8TQvbMcFQTdpfURztJM6OkUZs
OrzKCje3admSNhmdG0YTLKhFI7Gkejty2ixVAXzYQPOD6HIXMvqDhNkipHG1iPSx
m+ChNEjqPUwYPy6x0xlJ+41XFLprS7aOUN2LtzbW4Jnz1cfOKqVvOBD0UhbdhOpR
3PDqZEMhBvXQSKo1pmdXiivbnrxxdov0FdrGkBs+5NumT6DoJJLXKyuvweA3yHA0
5tC75tVqagJJkhGyOY+jBWE07SXVi6Y0rdM3wxhV0dB/ZTLNAqkoHA==
=7NBf
-----END PGP SIGNATURE-----