Skip to main content

The Transition from Classical to Post-Quantum Cryptography
draft-hoffman-c2pq-05

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Expired & archived
Author Paul E. Hoffman
Last updated 2019-11-22 (Latest revision 2019-05-21)
RFC stream Internet Research Task Force (IRTF)
Formats
Additional resources Mailing list discussion
Stream IRTF state Candidate RG Document
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to irsg@irtf.org

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Quantum computing is the study of computers that use quantum features in calculations. For over 20 years, it has been known that if very large, specialized quantum computers could be built, they could have a devastating effect on asymmetric classical cryptographic algorithms such as RSA and elliptic curve signatures and key exchange, as well as (but in smaller scale) on symmetric cryptographic algorithms such as block ciphers, MACs, and hash functions. There has already been a great deal of study on how to create algorithms that will resist large, specialized quantum computers, but so far, the properties of those algorithms make them onerous to adopt before they are needed. Small quantum computers are being built today, but it is still far from clear when large, specialized quantum computers will be built that can recover private or secret keys in classical algorithms at the key sizes commonly used today. It is important to be able to predict when large, specialized quantum computers usable for cryptanalysis will be possible so that organization can change to post-quantum cryptographic algorithms well before they are needed. This document describes quantum computing, how it might be used to attack classical cryptographic algorithms, and possibly how to predict when large, specialized quantum computers will become feasible.

Authors

Paul E. Hoffman

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)