Квантовые новости
NIST выпустил отчет по post-quantum crypto (коротенький и без новых откровений)
http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf
TL;DR:
заменить на раз старые алгоритмы на новые заморочно (размер ключа обычно сильно больше), гарантированной устойчивости к квантовым вычислениям нет ни у какого шифрования, прочем, это ничем не лучше сегодняшней ситуации с существующими криптосистемами с открытым ключом. А вот с подписью на основе хэша все ок.
It seems improbable that any of the currently known algorithms can serve as a drop-in replacement for what is in use today. One challenge that will likely need to be overcome is that most of the quantum-resistant algorithms have larger key sizes than the algorithms they will replace. This may result in needing to change various Internet protocols, such as the Transport Layer Security (TLS) protocol, or the Internet Key Exchange (IKE). The ways in which this should be done must be carefully considered.
We note that none of the above proposals have been shown to guarantee security against all quantum attacks. A new quantum algorithm may be discovered which breaks some of these schemes. However, this is similar to the state today. Although most public key cryptosystems come with a security proof, these proofs are based on unproven assumptions. Thus the lack of known attacks is used to justify the security of public key cryptography currently in use. Nonetheless, NIST believes that more research and analysis are needed before any of the above proposed post-quantum algorithms could be recommended for use today. They have not received nearly as much scrutiny from the cryptographic community as the currently deployed algorithms. One exception is hash-based signatures, whose security is well-understood. For certain specific applications, such as digital code signing, hash-based signatures could potentially be standardized in the next few years.
DJB пинает QKD
https://sidechannels.cr.yp.to/qkd/holographic-20160326.pdf
(плюс у него развеселый срачик в твитере)
http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf
TL;DR:
заменить на раз старые алгоритмы на новые заморочно (размер ключа обычно сильно больше), гарантированной устойчивости к квантовым вычислениям нет ни у какого шифрования, прочем, это ничем не лучше сегодняшней ситуации с существующими криптосистемами с открытым ключом. А вот с подписью на основе хэша все ок.
It seems improbable that any of the currently known algorithms can serve as a drop-in replacement for what is in use today. One challenge that will likely need to be overcome is that most of the quantum-resistant algorithms have larger key sizes than the algorithms they will replace. This may result in needing to change various Internet protocols, such as the Transport Layer Security (TLS) protocol, or the Internet Key Exchange (IKE). The ways in which this should be done must be carefully considered.
We note that none of the above proposals have been shown to guarantee security against all quantum attacks. A new quantum algorithm may be discovered which breaks some of these schemes. However, this is similar to the state today. Although most public key cryptosystems come with a security proof, these proofs are based on unproven assumptions. Thus the lack of known attacks is used to justify the security of public key cryptography currently in use. Nonetheless, NIST believes that more research and analysis are needed before any of the above proposed post-quantum algorithms could be recommended for use today. They have not received nearly as much scrutiny from the cryptographic community as the currently deployed algorithms. One exception is hash-based signatures, whose security is well-understood. For certain specific applications, such as digital code signing, hash-based signatures could potentially be standardized in the next few years.
DJB пинает QKD
https://sidechannels.cr.yp.to/qkd/holographic-20160326.pdf
(плюс у него развеселый срачик в твитере)