Questions tagged [post-quantum-cryptography]
This tag refers to public-key algorithms based on problems that quantum computers can't solve efficiently. Existing algorithms such as RSA, Diffie-Hellman, and ECDSA are known to be breakable using Shor's algorithm on quantum computers. Symmetric-key algorithms generally don't fall under this category.
838 questions
1
vote
0
answers
36
views
Are there lattice-based or post-quantum secure constructions of updatable SNARKs?
Updatable SNARKs allow anyone to update the structured reference string (SRS), providing security as long as at least one party in the update chain is honest. However, all current known constructions ...
- 11
5
votes
1
answer
563
views
Transitioning a file encryption application to Post Quantum Cryptography
I have a file encryption application, that currently is using AES-256 in CTR mode, NIST Key Wrap and HMAC-SHA-512 for bulk encryption, session key encryption and integrity. The cryptography is open ...
- 53
0
votes
0
answers
24
views
Are unique identifiers acceptable salts for client-side key stretching?
Background: The OPAQUE aPAKE scheme is vulnerable to quantum computing shenanigans. If we directly blind the user's password using the scheme, then we give attackers the opportunity to "harvest ...
- 349
3
votes
2
answers
142
views
Deuring correspondence in SQIsign
I have some questions to clarify my understanding about Deuring correspondence between quaternions and isogenies in SQIsign(2D) version 2.0.1 https://sqisign.org/
Let $E_0$ be an elliptic curve with ...
- 934
3
votes
1
answer
298
views
Why isn't there a 2nth root of unity for n =256 (Kyber specifications)
Currently I am working on implementing a radix-4 NTT algorithm, but most of the research papers use a $2n$th root of unity as an input. However, in the Kyber specification, for $n = 256$ we don't ...
5
votes
1
answer
95
views
How to calculate log₂ of classical gates for ML-KEM FIPS 203, Categories 1, 3, and 5?
In the "CRYSTALS-Kyber Algorithm Specifications and Supporting Documentation (version 3.01)" paper, the values of $\log_{2}(G)$ are given for the classical gate counts in Categories 1 (...
- 157
1
vote
0
answers
35
views
Vector-Based Invertible Neural Networks for Experimental PQC [closed]
Summary
This is an experimental exploration of using high-dimensional vector spaces and invertible neural networks (INNs) to harden classical encryption against potential post-quantum attacks. The ...
- 11
3
votes
0
answers
47
views
Given a basis for a lattice A of order $n\times n$ and a trapdoor $T_A$. Can i generate another independent trapdoor for $A'=AU$, $U$ is unimodular
Given a lattice $\Lambda(A)$ and we know the trapdoor for this, say $T_A$. Now can we generate another independent trapdoor $T_{A'}$ for $A'=AU$, for a unimodular matrix $U$?
Also I want to ask, is ...
0
votes
1
answer
135
views
Why Titanium has not been selected for pqc kem standardization, and even has not been selected for the second round?
I wonder why Titanium post-quantum public-key scheme has not been selected for standardization? Specially when I read the following from their web page.
Is it because of its performance? (So maybe ...
- 675
1
vote
2
answers
231
views
What would be the most secure encryption system possible to protect “top-level international data”, even against quantum computers?
I'm writing a science fiction story involving highly classified data, stored and transmitted under extreme security constraints.
I’d like to know what would be considered the most secure encryption ...
- 11
3
votes
1
answer
157
views
Calculating the probability of decryption failure in the SABER KEM algorithm
Consider the SABER key encapsulation mechanism. On page 7 of the document
https://eprint.iacr.org/2018/230.pdf ,
a formula is given for calculating the decryption failure as $δ = Pr[||(s'^Te − e'^Ts + ...
- 535
2
votes
0
answers
39
views
Real world example of stateful hash-based signature failure
Stateful hash-based signatures are known to be complicated to deploy in practice due to the need of synchronizing the state, which is critical to the system security.
However, I don't remember having ...
- 3,007
2
votes
3
answers
223
views
Symmetric-Key Cryptography counterpart for CRYSTALS-Kyber KEM
We know that the security of an encryption scheme must only depend on the key and not on the obscurity of the (key generation, encryption, decryption) algorithms. (Kerckhoff's principal 1883, Shannon ...
- 675
0
votes
1
answer
62
views
Performance of fplll for exact CVP
I generated a CVP (closest vector problem) instance in pari-gp with this code:
...
- 261
10
votes
1
answer
456
views
Can lattice cryptography problems (ISIS, LWE, etc) be reduced to HSP?
I'm aware that RSA and ECC can be reduced to the Abelian Hidden Subgroup Problem (HSP), which is what makes them vulnerable to Shor's algorithm. I'm curious whether similar reductions exist for ...
- 201