Closed dhcgn closed 1 year ago
Thank you for the PR, we'll have a look.
I would like to point out, though, that Ascon-128 itself is already post-quantum secure (barring any classical breaks.) Grover's algorithm doesn't parallelise well. It is very likely that it will take many decades after Shor's algorithm is already practical, before Grover's algorithm threatens any symmetric crypto. To wit: NIST security level 1 for post-quantum signatures and key agreement is defined as being as hard to crack as AES-128.
PR #404 is closed.
Since this repo has a focus on PQ, I would like to suggest including the PQ optimized variant of Ascon.
Here is a draft pr: https://github.com/cloudflare/circl/pull/404