Page 20

PQC_for_Dummies

20 Post Quantum Crypto for Dummies attacks that reduce the computational cost and faster computing systems that raise the threshold are being developed. Consequently, the security parameters need to be updated from time to time. Post-quantum cryptography must follow a similar approach in respect to classical attacks. For some schemes, there is still a lot of development in the efficiency of classical attacks: the best known attacks improve rapidly. However, post-quantum schemes also require security metrics for attacks using quantum computers. The efficiency of quantum computations is not yet well understood. There is no large quantum computer available for practical analysis of quantum attacks. Therefore, all estimations on the security of postquantum schemes against quantum computers are purely theoretical. This implies two problems: If the power of quantum computers is underestimated, security parameters might be too weak and schemes will be broken once quantum computers arrive. If the power of quantum computers is overestimated, security parameters are chosen too strong which reduces the usability and efficiency of the schemes and hinders their widespread deployment. Therefore, finding a precise metric for the security of cryptographic schemes against quantum computers is crucial. Parameters Given a precise security metric, we need to specify security parameters for the post-quantum schemes. Currently, many publications are focusing on security parameters that are secure against classical attacks, because this facilitates comparison with classical cryptographic schemes like RSA and ECC and because the security metrics against classical attacks are well understood. However, the main benefit of post-quantum schemes is their resistance against quantum-computer attacks. Therefore, we require post-quantum secure parameters for post-quantum schemes. Efficient schemes Different post-quantum schemes have different resource requirements. However, currently not many schemes have competitive efficiency compared to classical cryptographic schemes. Therefore, we need improvements for the post-quantum schemes in order to reduce their resource requirements. There is ongoing research on how to reduce key-sizes and computational cost of post-quantum schemes. However, attempts to reduce resource requirements for example by introducing some redundant structure often resulted in a loss of security. The price for longterm secure post-quantum cryptography likely is higher cost in computation, storage, and communication demand.


PQC_for_Dummies
To see the actual publication please follow the link above