[146754] in cryptography@c2.net mail archive
Re: [Cryptography] Why prefer symmetric crypto over public key
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Sat Sep 7 16:14:42 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <D64757F5-D269-45AB-9309-23BE06310E7B@cs.ru.nl>
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 7 Sep 2013 13:06:14 -0700
To: Jaap-Henk Hoepman <jhh@cs.ru.nl>
Cc: Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1056982032099962378==
Content-Type: multipart/alternative; boundary=089e0149d0ac1e64e504e5d0b179
--089e0149d0ac1e64e504e5d0b179
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Sep 6, 2013 at 6:13 AM, Jaap-Henk Hoepman <jhh@cs.ru.nl> wrote:
> Bruce Schneier writes: "Prefer symmetric cryptography over public-key
> cryptography." The only reason I can think of is that for public key crypto
> you typically use an American (and thus subverted) CA to get the recipients
> public key.
>
As soon as someone builds a large quantum computer (probably at least 10
years away, even for the NSA) most of the public key cryptosystems we use
today will be easily breakable with e.g. Shor's algorithm. Symmetric
algorithms will take a hit as well, with their keyspace cut in half, but
that's the equivalent of going from 256-bit keys to 255-bit keys, so
symmetric crypto will weather the post-quantum era just fine.
In order to beat quantum computers, we need to use public key systems with
no (known) quantum attacks, such as lattice-based (NTRU) or code-based
(McEliece/McBits) algorithms. ECC and RSA will no longer be useful.
--
Tony Arcieri
--089e0149d0ac1e64e504e5d0b179
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Fri, Sep 6, 2013 at 6:13 AM, Jaap-Henk Hoepman <span di=
r=3D"ltr"><<a href=3D"mailto:jhh@cs.ru.nl" target=3D"_blank" onclick=3D"=
window.open('https://mail.google.com/mail/?view=3Dcm&tf=3D1&to=
=3Djhh@cs.ru.nl&cc=3D&bcc=3D&su=3D&body=3D','_blank=
');return false;">jhh@cs.ru.nl</a>></span> wrote:<br>
<div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex"><div dir=3D"auto"><div><span></span></div><div><div>Bruce Schneie=
r writes:=A0"<span style=3D"background-color:rgba(255,255,255,0)">Pref=
er symmetric cryptography over public-key cryptography." The only reas=
on I can think of is that for public key crypto you typically use an Americ=
an (and thus subverted) CA to get the recipients public key.</span></div>
</div></div></blockquote><div><br></div><div>As soon as someone builds a la=
rge quantum computer (probably at least 10 years away, even for the NSA) mo=
st of the public key cryptosystems we use today will be easily breakable wi=
th e.g. Shor's algorithm. Symmetric algorithms will take a hit as well,=
with their keyspace cut in half, but that's the equivalent of going fr=
om 256-bit keys to 255-bit keys, so symmetric crypto will weather the post-=
quantum era just fine.</div>
<div><br></div><div>In order to beat quantum computers, we need to use publ=
ic key systems with no (known) quantum attacks, such as lattice-based (NTRU=
) or code-based (McEliece/McBits) algorithms. ECC and RSA will no longer be=
useful.</div>
<div><br></div><div>--</div><div>Tony Arcieri</div></div>
</div></div>
--089e0149d0ac1e64e504e5d0b179--
--===============1056982032099962378==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1056982032099962378==--
