QC resistant algorithms?

Robert J. Hansen rjh at sixdemonbag.org
Wed Dec 16 23:21:21 CET 2015

> Long story short, there exist algorithms that are hypothesised tho be
> QC-resistant, though as far as I know nothing is proven in that
> respect.

The one-time pad is proven QC resistant.

With respect to hypothesis, remember that *none* of the ciphers in
OpenPGP are proven to be resistant against even classical computers, and
we won't until there's a solid proof that P != NP.  QC-resistant
algorithms are in much the same state: a formal proof that an algorithm
was QC-resistant would be breathtaking and shocking, and possibly on the
level of a P != NP proof.

> Those that do exist, there's still a substantial possibility
> that they'll be broken.

Some.  Others look quite solid -- e.g., Lamport signatures.

More information about the Gnupg-users mailing list