[tor-dev] Safe post-quantum RSA? So says DJB and others
Taylor R Campbell
campbell+tor-dev at mumble.net
Thu Jun 1 15:43:08 UTC 2017
> Date: Thu, 1 Jun 2017 14:03:46 +0000
> From: Hugo Maxwell Connery <hmco at env.dtu.dk>
>
> Interesting (and surprising):
>
> https://eprint.iacr.org/2017/351.pdf
This joke paper is an elaborate exercise in burying the lede.
Abstract: This paper proposes RSA parameters for which (1) key
generation, encryption, decryption, signing, and verification are
feasible on today's computers while (2) all known attacks are
infeasible, even assuming highly scalable quantum computers.
[...]
Concrete parameters and initial implementation (buried on p. 12):
This section looks at performance in more detail, and in particular
reports successful generation of a 1-terabyte post-quantum RSA key
built from 4096-bit primes.
The authors don't actually report successful cryptography operations
with such a key -- only successful generation of the key, after four
days. The largest key they report a successful public-key operation
with was 256 GB; the largest for a private-key operation, 32 GB.
More information about the tor-dev
mailing list