[Cryptography] What standards are there for post-quantum certificates?
Tony Arcieri
bascule at gmail.com
Sat Apr 9 16:07:39 EDT 2016
When you say for "certificates", do you mean for use in TLS? If that's the
case, there aren't many good options right now: the ones with relatively
short signatures are shaky, and the ones that are actually solid have
relatively large signatures.
SPHINCS is a nice option aside from the fact signatures are 41kB:
https://sphincs.cr.yp.to/
I think post-quantum signatures are a bit less pressing than post quantum
encryption/key exchange though. We can always go back and resign things.
Once a ciphertext hits a wire though, anyone who observed it can keep it
around and decrypt it retroactively.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160409/3be20118/attachment.html>
More information about the cryptography
mailing list