---
title: The Future of Cryptography with Quantum Computing
date: 2015-12-20T11:57:17+00:00
modified: 2015-12-21T10:32:28+00:00
permalink: https://kaspars.net/blog/future-quantum-computing
post_type: post
author:
  name: Kaspars
  avatar: https://reverse.kaspars.net/gravatar/avatar/92bfcd3a8c3a21a033a6484d32c25a40b113ec6891f674336081513d5c98ef76?s=96&d=mm&r=g
category:
  - Cryptography
post_format:
  - Video
---

# The Future of Cryptography with Quantum Computing

Here is an excellent presentation by Professor [Andris Ambainis](http://home.lu.lv/~ambainis/) ([@aambainis](https://twitter.com/aambainis)) on the aspects of cryptography and encryption in the future with quantum computers:

The main issues are with the asymmetric public key cryptography and the way **quantum computing is good at factorization and solving discrete logarithms** which are supposed to be the [difficult part of the RSA algorithm](https://en.wikipedia.org/wiki/RSA_Factoring_Challenge):

He outlines the following alternative algorithms which are still hard to solve for quantum computers:

- [lattice based](https://en.wikipedia.org/wiki/Lattice-based_cryptography) (NTRU, Ring-LWE),
- code based ([McEliece](https://en.wikipedia.org/wiki/McEliece_cryptosystem)) and
- based on [multivariate quadratic equation](https://en.wikipedia.org/wiki/Multivariate_cryptography).

The only issue with those algorithms appears to be the key size:

AlgorithmPublic key size (bits)Private key size (bits)Ring-LWE6,59514,000NTRU6,1306,747Rainbow991,000740,000Hash signature36,00036,000McEliece37,674,48077,742,169SIDH3,0713,072To me it feels like the computational power and the memory capacity of secure elements today is no longer the main issue.