## Ask Slashdot: Post-Quantum Asymmetric Key Exchange? 262 262

First time accepted submitter LeDopore writes

*"Quantum computers might be coming. I'd estimate that there's a 10% chance RSA will be useless within 20 years. Whatever the odds, some of the data we send over ssh and ssl today should remain private for a century, and we simply can't guarantee secrecy anymore using the algorithms with which we have become complacent. Are there any alternatives to RSA and ECC that are trustworthy and properly implemented? Why is everyone still happy with SSH and RSA with the specter of a quantum menace lurking just around the corner?"*
## Re:Fine. You find an asymmetric primitive (Score:5, Informative)

ECC is AFAIK theoretically vulnerable (i.e. while there aren't KNOWN quantum gate implementations of ECC, there are no good reasons to think it is unfeasible).

McEliece and the Lattice-based stuff are promising, they just hadn't be as inspected as RSA yet...

## Re:Vulnerable in 20 years (Score:4, Informative)

## ECC is not voulerable (Score:1, Informative)

There is no known attack on ECC using quantum computers.

If you assume it might be broken because there is no proove that it's secure, you might assume the same fron any other method - there is no known method to proove that some algorithm is _not_ attackable by quantum computers.

(Of course, knowing the "new" slashdot, AC comments are never moderated +1, so noone will read this).

(And, hey, my captcha is 'druggist'...)

## what's old is new again (Score:4, Informative)

## No expert but... (Score:4, Informative)

In previous discussions it has been pointed out that not all encryption algorithms are susceptible to quantum computers. If I remember right (I am sure someone has a reference that I don't) it only effects RSA and others that rely on the hardness of factoring discrete logarithms.

Anyway...only reference I can find, from wikipedia (http://en.wikipedia.org/wiki/Quantum_computers#Potential ):

## 20 years is extremely unlikely (Score:4, Informative)

## What world do you live in? (Score:4, Informative)

Maybe I'm just paranoid, but I pretty much assume that every algorithm that we have now could well be effectively useless in 20 years. And I would never presume to think any of them even has a chance of lasting 100 years, or even close to that.

Computers will get faster. Weakness will be found in algorithms. Any other number of things that no can predict might happen. It would be silly to assume things encrypted today, left untouched, would be safe in 20 years and completely naive to have even a sliver of hope they'd be safe in 100, quantum computers or not.

## Re:Fine. You find an asymmetric primitive (Score:5, Informative)

## Re:ECC is not voulerable (Score:5, Informative)

There is no known attack on ECC using quantum computers.

This should not have been modded up, because it is blatantly false. The security of ECC relies on the presumed hardness of the discrete logarithm problem (in elliptic curves over finite fields). But Shor's algorithm can solve the discrete logarithm problem in ANY finite group (assuming you have an efficient way of operating on the group elements).