[Cryptography] Shouldn’t root certificates switch to McEliece?

[Tom Mitchell]

On Sun, Sep 8, 2019 at 2:55 PM Ryan Carboni via cryptography <
cryptography at metzdowd.com> wrote:

> Shouldn’t root certificates switch to McEliece?
>

I had to look this up and found:
......
https://arxiv.org/pdf/1902.10313.pdf

"These algorithms have appropriate efficiency and security for these
environments. Constrained resource environments..."


My first thought... The root of a CA system should likely not run on a
constrained system as a criteria.

"7. Conclusion and Future Work
"In this paper, we made a detailed study of the security and efficiency of
the ECDSA algorithm. This study enabled us to see the recent improvements
for ECDSA in terms of security, efficiency, and application. This updated
improvement may possibly inspire some ideas to improve some of the methods
in the security and efficiency of the ECDSA."

The paper was dated 2019, who is working on the improvements?<-- my thought.


......
www.math.unl.edu/~s-jeverso2/McElieceProject.pdf

"7 Conclusion
"The McEliece cryptosystem is secure, but it is not currently employed due
to the size of the publickey and the approximate 50% data rate. Some
methods have been found which increase the data rate up to 80% and compress
the size of the private key [9]. However, we do not know how these methods
would work...."

How many keys are chained and followed, cached, distributed with systems
and refreshed from time to time?
Can a system be developed where both the existing and the new system can
coexist for a transition period?
Transition periods could be decades.


Are there additional references read on this research?








-- 
          T o m    M i t c h e l l ( o n   N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190909/fbdf57b1/attachment.htm>