# 后量子密码学

## 公钥密码学

### 编码密码学

McEliece算法首次发表于1978年（仅比RSA晚一年），使用的是二元戈帕码（Binary Goppa code），经历了三十多年的考验，至今仍未能破解。但缺点是公钥体积极大，一直没有被主流密码学界所采纳。但随着后量子密码学提上日程，McEliece算法又重新成为了候选者。许多研究者尝试将二元戈帕码更换为其他纠错码，如里德-所罗门码LDPC等，试图降低密钥体积，但全部遭到破解，而原始的二元戈帕码仍然安全。

### 多变量密码学

${\displaystyle {\begin{cases}y_{1}=G_{1}(x_{1},x_{2},...,x_{n})\\y_{2}=G_{2}(x_{1},x_{2},...,x_{n})\\...\\y_{m}=G_{m}(x_{2},x_{2},...,x_{n})\\\end{cases}}}$

${\displaystyle G_{l}(x_{1},...,x_{n})=\sum _{1\leqslant i\leqslant j\leqslant n}a_{ij}^{(l)}x_{i}x_{j}+\sum _{1\leqslant i\leqslant n}b_{i}^{(l)}x_{i}+c^{(l)}\quad (l=1,2,...,m)}$

## 参考资料

1. Daniel J. Bernstein. Introduction to post-quantum cryptography (PDF). Post-Quantum Cryptography. 2009.
2. ^ Peter W. Shor. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing. 1997, 26 (5): 1484–1509. Bibcode:1995quant.ph..8027S. arXiv:quant-ph/9508027. doi:10.1137/S0097539795293172.
3. ^ ETSI Quantum Safe Cryptography Workshop. ETSI Quantum Safe Cryptography Workshop. ETSI. October 2014 [24 February 2015]. （原始内容存档于17 August 2016）.
4. ^ Matt Braithwaite. Experimenting with Post-Quantum Cryptography. Google Security Blog.
5. ^ Cryptography in the era of quantum computers. Microsoft.
6. ^ Grover L.K. A fast quantum mechanical algorithm for database search. 28th Annual ACM Symposium on the Theory of Computing Proceedings. 1996. arXiv:quant-ph/9605043.