There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. For example, I estimate a $1/2$ chance of breaking RSA-2048 by $2031$.
In this note, I briefly overview the problem, the solutions and some of the next steps.Category / Keywords: cryptanalysis, quantum cryptanalysis, post-quantum cryptography, quantum cryptography, quantum-resistant cryptography, quantum-safe cryptography, quantum computing Date: received 5 Nov 2015 Contact author: mmosca at uwaterloo ca Available format(s): PDF | BibTeX Citation Note: This note is based on the abstract for a talk I gave at QCRYPT 2015 in Tokyo. http://2015.qcrypt.net/scientific-program/ Version: 20151105:125621 (All versions of this report) Short URL: ia.cr/2015/1075 Discussion forum: Show discussion | Start new discussion