2022.05.21 19:17:21 (1528062404348608512) from Daniel J. Bernstein, replying to "Shawn Willden πΊπΈ πΊπ¦ (@shawnwillden)" (1528061515412041729):
Would you say that "any organization that runs high-value edge- and cloud-computing applications that require large volumes of data to flow quickly between local nodes and decentralized sources of computing power" is facing the performance challenges of crypto on small devices?
2022.05.21 18:58:20 (1528057615061725185) from Daniel J. Bernstein:
Management consultant Dogbert says that post-quantum cryptography is "impractical" for "high-value edge- and cloud-computing applications that require large volumes of data to flow quickly between local nodes and decentralized sources of computing power": https://web.archive.org/web/20220521163740/https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/when-and-how-to-prepare-for-post-quantum-cryptography
2022.05.21 19:04:54 (1528059271539109889) from Daniel J. Bernstein:
After this performance BS and generic emerging-market FUD (unspecified "cost" and the risk of "having to switch to higher-performance PQC solutions that come to market in the future"), Dogbert concludes "most organizations should take a wait-and-see approach to PQC solutions".
2022.05.21 19:12:56 (1528061291696336896) from "Shawn Willden πΊπΈ πΊπ¦ (@shawnwillden)":
I don't think performance concerns are BS. I'm looking at potentially having to rearchitect because current PQC algorithms are too slow and keys too large to use in the ways we've used classical asymmetric algorithms, especially EC-based algorithms.
2022.05.21 19:13:49 (1528061515412041729) from "Shawn Willden πΊπΈ πΊπ¦ (@shawnwillden)", replying to "Shawn Willden πΊπΈ πΊπ¦ (@shawnwillden)" (1528061291696336896):
Some of what I do is reliant on secure elements, and it's not clear if it will even be possible to implement current PQC algorithms on those tiny devices.