← Back to context

Comment by Panda_

5 days ago

Reticulum uses AES-256 encryption, which is considered quantum safe due to the sheer number of extra combinations adding 128 bits to AES 128 creates, including by NIST[1].

It uses AES because AES is extremely well tested and vulnerabilities have not been found.

The new quantum safe algorithms are still mostly in beta and a few have already been broken. They also have extremely large key lengths which breaks the fundamental idea of Reticulum being able to run over any almost any connection, including LoRa. See what the creator of Reticulum said on the topic [2].

[1] https://csrc.nist.gov/projects/post-quantum-cryptography/faq... "To protect against the threat of quantum computers, should we double the key length for AES now? (added 11/18/18)"

[2] https://github.com/markqvist/Reticulum/discussions/181#discu...

It's not that he's wrong in that assessment, but that doesn't really change anything about the fundamental problem of the cost of being wrong being a completely collapsed infrastructure.

We do not know if the quantum safe stuff is actually quantum safe, but we also don't need to. We just need to have a mechanism to use something else in the future if that should turn out to be a problem.

That mechanism is (from my understanding) lacking.