A unscientific guide to the security of various PQC algorithms
2 days ago
- #Quantum Computing
- #Post-Quantum Cryptography
- #Cryptographic Security
- The author discusses their subjective and biased guesstimates on the security of various post-quantum cryptography (PQC) approaches.
- Attacks on cryptographic schemes do not improve continuously but in spurts, often following the introduction of new mathematical techniques.
- RSA and elliptic curves have seen diminishing returns in attack improvements, with RSA's best attack being the general number field sieve from the 90s.
- Hash-based signatures are considered the most secure, as their security reduces to the underlying hash function's security.
- Lattice-based cryptography is highly trusted due to its deep roots in mathematics and resistance to quantum attacks.
- Code-based cryptography is less understood than lattice-based but is still considered secure, though less efficient.
- Isogeny-based cryptography, despite the break of SIKE, is placed above multivariate due to its beautiful mathematics, though it's currently impractical.
- Multivariate cryptography is less trusted due to frequent breaks in variations aimed at reducing public key size.
- RSA and elliptic curves are both susceptible to Shor's algorithm because they can be framed as Abelian hidden subgroup problems.
- Quantum computers excel at solving problems on Abelian groups but have not shown success with non-Abelian groups, explaining lattice-based cryptography's resistance.