# 后量子密码学

## 公钥密码学

### 编码密码学

McEliece算法首次发表于1978年（仅比RSA晚一年），使用的是二元戈帕码（Binary Goppa code），经历了三十多年的考验，至今仍未能破解。但缺点是公钥体积极大，一直没有被主流密码学界所采纳。但随着后量子密码学提上日程，McEliece算法又重新成为了候选者。许多研究者尝试将二元戈帕码更换为其他纠错码，如里德-所罗门码LDPC等，试图降低密钥体积，但全部遭到破解，而原始的二元戈帕码仍然安全。

### 多变量密码学

${\displaystyle {\begin{cases}y_{1}=G_{1}(x_{1},x_{2},...,x_{n})\\y_{2}=G_{2}(x_{1},x_{2},...,x_{n})\\...\\y_{m}=G_{m}(x_{2},x_{2},...,x_{n})\\\end{cases}}}$

${\displaystyle G_{l}(x_{1},...,x_{n})=\sum _{1\leqslant i\leqslant j\leqslant n}a_{ij}^{(l)}x_{i}x_{j}+\sum _{1\leqslant i\leqslant n}b_{i}^{(l)}x_{i}+c^{(l)}\quad (l=1,2,...,m)}$

## 参考资料

1. Daniel J. Bernstein. Introduction to post-quantum cryptography (PDF). Post-Quantum Cryptography. 2009 [2021-02-08]. （原始内容存档 (PDF)于2009-09-20）.
2. ^ Peter W. Shor. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing. 1997, 26 (5): 1484–1509. Bibcode:1995quant.ph..8027S. . doi:10.1137/S0097539795293172.
3. ^ ETSI Quantum Safe Cryptography Workshop. ETSI Quantum Safe Cryptography Workshop. ETSI. October 2014 [24 February 2015]. （原始内容存档于2016-08-17）.
4. ^ Matt Braithwaite. Experimenting with Post-Quantum Cryptography. Google Security Blog. [2021-02-08]. （原始内容存档于2021-01-07）.
5. ^ Cryptography in the era of quantum computers. Microsoft. [2021-02-08]. （原始内容存档于2021-02-03）.
6. ^ Grover L.K. A fast quantum mechanical algorithm for database search. 28th Annual ACM Symposium on the Theory of Computing Proceedings. 1996. .
7. ^ An efficient key recovery attack on SIDH (PDF). [2023-10-03]. （原始内容存档 (PDF)于2023-12-05）.
8. ^ Post-quantum encryption contender is taken out by single-core PC and 1 hour. arstechnica. （原始内容存档于2023-12-15）.