5

I see that a couple of years ago, post-quantum was a "5+ year horizon" project. Is that still the case?

NTRUEncrypt in SSL and GPG encryption

As the final comment on that thread said, a two-layer approach, with something currently trusted like RSA, plus a (less-than-completely-proven) quantum safe layer, should be a safe transition: at least as secure as RSA, and as quantum safe as we can guess anything to be at this point.

MangoCat
  • 53
  • 2

1 Answers1

2

The NIST post-quantum crypto competition is currently underway. When it is completed, NIST will be ready to issue a new standard for post-quantum cryptography. Until this happens, many people are reluctant to roll out their own favorite PQ scheme. There are three specific projects which are working on post-quantum cryptography (specifically PQ key exchange) that I can think of:

Many post-quantum designs are actually hybrid designs. Both Tor Project's and Google's designs combine x25519 with NewHope so that, if a classical algorithm is found that can break the relatively new lattice-based crypto, the handshake is still at least as secure as x25519.

forest
  • 64,616
  • 20
  • 206
  • 257