I am developing a post quantum safe GPG like program, is argon2 quantum safe cryptographically for GPG like application.
Asked
Active
Viewed 1,720 times
6
-
Related: https://crypto.stackexchange.com/questions/95257/is-password-hashing-post-quantum-secure – samuel-lucas6 Jul 19 '22 at 07:33
-
2Does that answer have enough information for you? Because Argon2 is not fundamentally different from other password hashes in this regard. – Maarten Bodewes Jul 19 '22 at 07:45
-
1Thank you guys , yes the information shared did answer my question . – ANISH M 18CS006 Jul 20 '22 at 03:46
1 Answers
4
Simply put, it should be because it's based on BLAKE2b, it's memory hard, and symmetric cryptography is relatively unaffected by quantum computing since attacks can't be carried out efficiently compared to those for asymmetric cryptography (e.g. Grover's algorithm vs Shor's algorithm). The RFC states the following:
The collision and preimage resistance levels of Argon2 are equivalent to those of the underlying BLAKE2b hash function. To produce a collision, 2^(256) inputs are needed. To find a preimage, 2^(512) inputs must be tried.
The KDF security is determined by the key length and the size of the internal state of hash function H'. To distinguish the output of the keyed Argon2 from random, a minimum of (2^(128),2^length(K)) calls to BLAKE2b are needed.
That's enough not to worry.
samuel-lucas6
- 1,783
- 7
- 17
-
1Grover's Algorithm doesn't preclude existence of another more efficient algorithm in a particular case so the comment about it doesn't make sense. – Reinstate Monica Jul 19 '22 at 16:40
-