[Cryptography] quantum computers & crypto

Ron Garret ron at flownet.com
Mon Nov 1 16:18:30 EDT 2021

On Nov 1, 2021, at 2:11 AM, Stephan Neuhaus <stephan.neuhaus at zhaw.ch> wrote:

> On 10/29/21 6:42 AM, Peter Gutmann wrote:
>> Joshua Marpet <Joshua.Marpet at guardedrisk.com> writes:
>>> I literally just (yesterday) had a conversation with a financial institution
>>> about this. They have a firm that does periodical updates to them of "what's
>>> coming", and they were told that in 2022, they better have budget for quantum
>>> decryption defense. Otherwise, they're behind the curve!!
>> Banking is a bit special, 
> Not just banking. I'm currently watching, from a distance, a standardisation group that is standardising crypto algorithms for use in a branch of IoT, and it's all FULL KEY LENGTH AHEAD! with AES-256, SHA3-512 etc, because of QUANTUM! (There are other reasons why these key sizes are recommended, but QUANTUM! is the one given in the materials.)

This is a case of doing the right thing for the wrong reasons.  QC is only a threat to public-key encryption (and specifically, only to PKE based on group exponentiation and discrete logarithms, which in practical terms means elliptic curves and RSA), not hashes or symmetric encryption.  Of course, there are weak hashes (MD5, SHA1) and weak symmetric encryption schemes (RC4) and modes (ECB) but these have nothing to do with QC.


More information about the cryptography mailing list