Highest Rated Comments


djao169 karma

Hi, I'm the inventor of supersingular isogeny Diffie-Hellman, and also /u/rabinabo's old college roommate. I think it's important to point out that the same person who broke the non-supersingular variant (i.e., me) also designed the supersingular variant specifically to be immune to the weaknesses that affected the old non-supersingular variant. So there is actually reason to believe that that the security of the non-supersingular variant does not affect that of the supersingular variant. Of course the security of this or any other cryptosystem is still an open assumption, and it is up to the community to compile evidence for security and decide which schemes to trust.

djao3 karma

I think you're looking for papers like [1] or [2]. The last paragraph of [1] in particular makes a direct comparison between ECC and RSA and states that quantum algorithms speed up ECC attacks more than RSA attacks.

The papers all deal with the binary ECC case because the nature of quantum algorithms is that they operate more naturally on binary data. The same results would hold for the non-binary case, but the details are different.