The Transition from Classical to Post-Quantum Cryptography
draft-hoffman-c2pq-04
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Expired & archived
|
|
---|---|---|---|
Author | Paul E. Hoffman | ||
Last updated | 2019-02-14 (Latest revision 2018-08-13) | ||
RFC stream | Internet Research Task Force (IRTF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | IRTF state | Candidate RG Document | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | irsg@irtf.org |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Quantum computing is the study of computers that use quantum features in calculations. For over 20 years, it has been known that if very large, specialized quantum computers could be built, they could have a devastating effect on asymmetric classical cryptographic algorithms such as RSA and elliptic curve signatures and key exchange, as well as (but in smaller scale) on symmetric cryptographic algorithms such as block ciphers, MACs, and hash functions. There has already been a great deal of study on how to create algorithms that will resist large, specialized quantum computers, but so far, the properties of those algorithms make them onerous to adopt before they are needed. Small quantum computers are being built today, but it is still far from clear when large, specialized quantum computers will be built that can recover private or secret keys in classical algorithms at the key sizes commonly used today. It is important to be able to predict when large, specialized quantum computers usable for cryptanalysis will be possible so that organization can change to post-quantum cryptographic algorithms well before they are needed. This document describes quantum computing, how it might be used to attack classical cryptographic algorithms, and possibly how to predict when large, specialized quantum computers will become feasible.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)