By full alternatives I mean things that can do everything RSA can, namely establish secure security without privately sharing information prior. Something which AES can't do.
In other words, I'm looking for quantum-resistant asymmetric encryption.
By full alternatives I mean things that can do everything RSA can, namely establish secure security without privately sharing information prior. Something which AES can't do.
In other words, I'm looking for quantum-resistant asymmetric encryption.
NIST is currently running a post-quantum cryptography contest for this.
Note that they won't standardize one algorithm, but will split Key Encapsulation Mechanisms (KEMs) which exchange symmetric Authenticated Encryption with Associated Data (AEAD) keys out from signature algorithms. RSA uses the same algorithm for both, which allows users to make some catastrophic mistakes by re-using keys for different purposes.
The resulting process to securely send messages will need some way to bind public keys to identities (e.g. the TLS PKI will likely be updated to allow these scheme's keys in certificates). Then key exchange will proceed essentially as normal, just with a KEM to exchange an AEAD key and post-quantum signature to verify identity instead of (or in addition to) RSA or DH or ECDH to exchange an AEAD key and a pre-quantum signature to verify identity.
There are many. A few examples are are the Merkle signature scheme and Crystals-Kyber.