Talk:NIST Post-Quantum Cryptography Standardization

pqRSA
Why is pqRSA categorized as being "satirical"? There is also a paper called "Post-quantum RSA" on the preprint-server of the IACR. — Preceding unsigned comment added by 2001:638:902:2001:C23F:D5FF:FE6B:33A6 (talk) 16:23, 14 May 2018 (UTC)


 * Have you actually read the paper? It suggests using RSA keys 1 terabyte in size (!) to be safe from quantum computers; they had to patch math libraries to allow for shuch huge precision. To generate the key "The aggregate wall-clock  time  used  by  individual  multiply  jobs was about 1,239,626 seconds, and the elapsed time for the terabyte key generation was about four days" and "in total encryption took a little over 100 hours" and they did not manage to solve decryption for a key that large. Does that sound like a practical cryptosystem to you? :) -- intgr [talk] 19:11, 14 May 2018 (UTC)

To do
Simply listing things which are likely to be of interest to people visiting this page...

Comparison: public-key size, private-key size, signature size, size overhead of encryption (generally not discussed with conventional cryptography, but if you need an extra 64KB of data to transfer a 64B key, encrypting 1KB of text this is an issue), what type of quantum-resistant algorithm was implemented

Need wiki pages for more of the algorithms (the above would likely be included with those). 74.104.188.4 (talk) 22:15, 1 March 2018 (UTC)


 * I did the categorization part. The pk/sk/sig/ct size would vary across security level and I think adding those would irritate readers. I think we should wait before adding wiki pages for algorithms, at least after first round of elimination. Dannyniu (talk) 06:59, 13 March 2018 (UTC)

Appropriate capitalization?
The Post-quantum cryptography article has chosen to capitalize only the first word, whereas this article capitalizes all words. Might I suggest a common choice should be made? I'm inclined to go for all words capitalized. 74.104.188.4 (talk) 22:23, 1 March 2018 (UTC)


 * I replied at Talk:Post-quantum cryptography, let's keep the discussion together there. -- intgr [talk] 23:13, 1 March 2018 (UTC)

Should we link NewHope to RLWE-KEX?
Dannyniu (talk) 02:27, 13 March 2018 (UTC)

Categorization.
I'd like to make a table of these schemes based on their type (e.g. Lattice/Hash/Code/Multivariate-Based KEM/PKE/Signature). I'll do it in my sandbox Dannyniu (talk) 03:53, 13 March 2018 (UTC)


 * Having it as a table is nice, but having it as an alphabetical list is also nice. If someone reads somewhere, algorithm X is near certain to be the winner and they want to find information then an alphabetic list is better.  You also broke all the red links for to be create pages on the algorithms in the table.  Reads like pqNTRUSign is another refinement of NTRUSign and thus linking to that page would be appropriate.  74.104.188.4 (talk) 17:21, 14 March 2018 (UTC)
 * Alphabetical listing is certainly the tradition, but this is a wiki, we could always Ctrl-F to look for it on the page I suppose. Not all schemes are worthy of attention, and I think creating the links one by one as their merit become apparent is probably appropriate. I see your point linking pqNTRUSign to NTRUSign (just like we linked ChaCha20 to a section in Salsa20), I'll add a subsection in that page for linking soon. Dannyniu (talk) 05:33, 20 March 2018 (UTC)
 * The ones which don't make it to the end are of interest to read why they didn't make it to the end. Were major flaws found?  Was the whole category of algorithms broken?  As such I'd tend to include room for links even for the failures.  74.104.188.4 (talk) 01:48, 29 March 2018 (UTC)

Expected Standards Publication
The expected publication of the finalized PQ standards as of October 2021 is 2024. I suggest this information to be added to the article. — Preceding unsigned comment added by 85.64.76.29 (talk) 23:50, 23 November 2021 (UTC)