By full alternatives I mean things that can do everything RSA can, namely establish secure security without privately sharing information prior. Something which AES can't do.
In other words, I'm looking for quantum-resistant asymmetric encryption.
$\begingroup$
$\endgroup$
1
-
1$\begingroup$ Beside asymmetric encryption, a "full alternative" for RSA must do digital signature, which nowadays is the main use of RSA, and does not follow from asymmetric encryption. I have removed the "quantum cryptography" tag since the question is about classical cryptography that resist quantum computers, not using quantum mechanisms to perform cryptography, as in Quantum Key Distribution. $\endgroup$– fgrieu ♦Commented Jun 30, 2023 at 7:47
Add a comment
|
2 Answers
$\begingroup$
$\endgroup$
NIST is currently running a post-quantum cryptography contest for this.
Note that they won't standardize one algorithm, but will split Key Encapsulation Mechanisms (KEMs) which exchange symmetric Authenticated Encryption with Associated Data (AEAD) keys out from signature algorithms. RSA uses the same algorithm for both, which allows users to make some catastrophic mistakes by re-using keys for different purposes.
The resulting process to securely send messages will need some way to bind public keys to identities (e.g. the TLS PKI will likely be updated to allow these scheme's keys in certificates). Then key exchange will proceed essentially as normal, just with a KEM to exchange an AEAD key and post-quantum signature to verify identity instead of (or in addition to) RSA or DH or ECDH to exchange an AEAD key and a pre-quantum signature to verify identity.
$\begingroup$
$\endgroup$
There are many. A few examples are are the Merkle signature scheme and Crystals-Kyber.