From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V6f97-0006cE-7c for bitcoin-development@lists.sourceforge.net; Tue, 06 Aug 2013 11:09:45 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.50 as permitted sender) client-ip=209.85.219.50; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f50.google.com; Received: from mail-oa0-f50.google.com ([209.85.219.50]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V6f96-00064K-FT for bitcoin-development@lists.sourceforge.net; Tue, 06 Aug 2013 11:09:45 +0000 Received: by mail-oa0-f50.google.com with SMTP id i4so427008oah.37 for ; Tue, 06 Aug 2013 04:09:39 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.43.226 with SMTP id z2mr534399oel.76.1375787379080; Tue, 06 Aug 2013 04:09:39 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.84.231 with HTTP; Tue, 6 Aug 2013 04:09:38 -0700 (PDT) In-Reply-To: References: <51FE9834.7090007@gmail.com> Date: Tue, 6 Aug 2013 13:09:38 +0200 X-Google-Sender-Auth: 2eHhejn_gMsGw4hwjJh5ptI9TTc Message-ID: From: Mike Hearn To: Gregory Maxwell Content-Type: multipart/alternative; boundary=001a11333dce0444f704e34576ac X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1V6f96-00064K-FT Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Preparing for the Cryptopocalypse X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Aug 2013 11:09:45 -0000 --001a11333dce0444f704e34576ac Content-Type: text/plain; charset=UTF-8 > They have poor space/bandwidth usage properties, which is one reason > why Bitcoin doesn't use them today, but as far as I know the same is > so for all post-QC schemes. > I believe post-QC schemes based on Regev's LWE assumption are getting competitive with more traditional schemes. A paper from 2010 says they were able to get to around the same as large RSA key sizes (2048 bits), which is much worse than ECC but not entirely infeasible. Especially given that barring some breakthrough, by the time QC is a real problem we'll have gigabit wifi and 32 core devices with a terabyte of storage embedded in our hands :) --001a11333dce0444f704e34576ac Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

=
They have poor space/bandwidth usage properties, which is one reason
why Bitcoin doesn't use them today, but as far as I know the same is so for all post-QC schemes.

I believe p= ost-QC schemes based on Regev's LWE assumption are getting competitive = with more traditional schemes. A paper from 2010 says they were able to get= to around the same as large RSA key sizes (2048 bits), which is much worse= than ECC but not entirely infeasible. Especially given that barring some b= reakthrough, by the time QC is a real problem we'll have gigabit wifi a= nd 32 core devices with a terabyte of storage embedded in our hands :)
--001a11333dce0444f704e34576ac--