On Wed, Oct 08, 2014 at 04:05:14PM +0200, rysiek wrote:

Dnia środa, 8 października 2014 07:59:36 John Young pisze:

...

http://sphincs.cr.yp.to/

Special note to law-enforcement agents: The word "state" is a technical term in cryptography. Typical hash-based signature schemes need to record information, called "state", after every signature. Google's Adam Langley refers to this as a "huge foot-cannon" from a security perspective. By saying "eliminate the state" we are advocating a security improvement, namely adopting signature schemes that do not need to record information after every signature. We are not talking about eliminating other types of states. We love most states, especially yours! Also, "hash" is another technical term and has nothing to do with cannabis.

This... has to be some elaborate joke.

-- Pozdr rysiek

djb is getting better at trolling ;) from TFA: "2^128 security even against attackers equipped with quantum computers". wouldn't bet much money on this. first, it is not known if P=NP (someone wrongly claimed in this case "everyone will be composer". certainly sufficiently high degree algorithm won't help at all). second, it is not known even if P ≠ NP, can a sufficiently powerful quantum computer solve SAT efficiently? -- if the answer is ``yes'' djb & co fail. not to mention that if djb is using "qmail + csh", "Shock-See-Shell" will screw him beyond crypto. -- cheers

On Wed, Oct 08, 2014 at 11:48:20AM -0400, Riad S. Wahby wrote:

Georgi Guninski wrote:

...

second, it is not known even if P ≠ NP, can a sufficiently powerful quantum computer solve SAT efficiently? -- if the answer is ``yes'' djb & co fail.

And yet a quantum computer efficiently solving SAT would be substantially more surprising than P=NP!

ok, this is the popular scientific opinion, i am noob at complexity theory. just to point out that if a deity offers me crypto stuff that is breakable in polynomial time, but provably not less than say O(n^1000), i wouldn't care about P vs NP and will choose $n$ large enough, might be wrong.

Quantum computation is not magic; the limits of quantum mechanics already imply relatively strong lower bounds for quantum hash collision search.

-=rsw