Terabyte priv/pub keys, "we are the leading pq lattice based implementation", broken implementations, attack scripts. I have the feeling a lot of submissions are the result of pressure on academia to publish...
While likely right, that particular entry was more a comedy submission by djb himself, no one is taking pqRSA seriously, the merging of the sig/encryption versions too was itself hilarious and a subtle metajoke about how big the competition is. There's plenty on the line here and govts know it, there's a little bit of a lottery feeling associated with it all.
I do like their honesty about people going after easy targets. The real goal here is breaking some of the big contenders and hopefully more people have a crack.
SIKE and NTRU needs some serious attention/money/cred associated with breaking it
The danger is that people, like me, will have literally no idea that this is a "comedy submission". I mean, I know that djb is well-respected in his field and so as an interested layperson I would tend to assume that anything that looks serious is serious. In fact, I did just that when I tried to read the pqRSA paper...
They might decide to use it, or push for its use in some product. Obviously it's an extreme example, but stuff like that does happen (not that I think cryptographers shouldn't have fun).
And otherwise many of these would all be unactionable research fancies with insufficient review.
Are we going to have standard PQ algos in time for government, infrastructure, and industry to upgrade before disparate or widespread availability of quantum computation capabilities?
One estimate indicated that Bitcoin and ECDSA would be broken with Shor's by - optimistically - 2027.
How many n-year tech acquisition refresh cycles are there between then and now?
Will Grover's algorithm find a more efficient approach?
> One estimate indicated that Bitcoin and ECDSA would be broken with Shor's by - optimistically - 2027.
I think 2027 is beyond optimistic. We still haven't solved quantum storage (in fact, there's a strong argument that it might not be physically possible since you'd likely need 4-dimensional media to store passively-error-correcting qubits) or any other number of fairly fundamental issues before we can actually run CrackPrivateKey().
> Will Grover's algorithm find a more efficient approach?
Grover's algorithm is the optimum speedup for problems of its form ("brute force" searches), and it gives a square-root speedup. So doubling keys solves post-quantum for Grover's algorithm.
Shor's algorithm gives an exponential speedup, and so is going to always be a better speedup.
I should've been more specific: is it at all likely that Grover's will enable faster/feasible search of "quantum algorithm space" (?) or crypto_algo_classical_implementations-space? Or are we limited by number of qubits and QEC for the foreseeable future?
I do like their honesty about people going after easy targets. The real goal here is breaking some of the big contenders and hopefully more people have a crack.
SIKE and NTRU needs some serious attention/money/cred associated with breaking it