[cabfpub] Contingency planning for Quantum Cryptanalysis

Adam Langley agl at google.com
Tue Apr 19 14:27:04 MST 2016


On Tue, Apr 19, 2016 at 10:41 AM, Phillip Hallam-Baker <philliph at comodo.com>
wrote:

> There are in fact ways that it is possible to construct a WebPKI type
> infrastructure using hash signatures and we may even end up having to
> resort to using some of them, particularly for low power devices. In
> particular:
>
> * Distribute Merkle trees of public key values.
> * Adopt a ‘use one, make one’ approach to distribution.
> * Engage hash chain logs to provide reference truth.
> * Use GPU farms and/or bitcoin mining equipment to construct large Merkle
> trees, the hardware using the trees can be more modest.
>

There is no need to expend large amounts of computational power to generate
large Merkle trees of public keys. "Forest" schemes go back to CMSS (
https://eprint.iacr.org/2006/320.pdf). A modern synthesis of all the best
tricks in this space can be found in https://sphincs.cr.yp.to/. (Although
note that signatures are ~40KB. The smaller signatures are from stateful
schemes which are unsuitable for use in a PKI.)


Cheers

AGL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160419/bad193b3/attachment.html 


More information about the Public mailing list