Page 37

PQC_for_Dummies

CHAPTER 3 Families of Post-quantum Schemes 37 If indeed supersingular elliptic-curve isogenies prove to be secure against classical as well as quantum-computer attacks, they are very interesting candidates for post-quantum cryptography. Comparison of Post-Quantum Schemes The different families of postquantum schemes vary heavily in their resource requirements. Postquantum schemes in general require larger public keys and larger signature/cipher text/message sizes than classical schemes. However, this cost is the price for schemes that are secure against attacks using quantum computers. RSA, ECC, and DH are not an option in scenarios that are taking quantum computers into account. In many cases, the attempt to reduce the resource requirements by introducing additional structure into the schemes resulted in successful attacks. Therefore, for some schemes, a reduction of the public-key size or the data storage/transmission requirements might not be possible. Signatures Arguably the most trusted public-key signature schemes are hash-based schemes. They require small public keys of 64–1,056 bytes which is in the range of classical RSA and ECC signatures. However, the size of hash-based signatures is 2.5–41 kB which is much larger than the sizes of classical signatures. Multivariate-based schemes are still under investigation. They require public-key sizes of 500 kB to 1 MB which is much larger than classical schemes but they have very small signature sizes. Public-key encryption There is strong confidence in the McEliece and Niederreiter encryption schemes (using Goppa codes). The size of their public keys is about 1 MB and therefore very large compared to classical schemes. The size of the cipher text (used, e.g., for key encapsulation) is only around 190 bytes which is in the range of classical schemes. Lattice-based schemes are also quite mature but probably less trusted compared to code-based schemes. The NTRUEncrpyt scheme for example requires 1.5–2.0 kB for both keys and cipher text 35.


PQC_for_Dummies
To see the actual publication please follow the link above