@@ -395,9 +395,9 @@ slower than secret-key ciphers. Consequently, secret-key ciphers are
395395used for the vast majority of encryption, while public-key ciphers are
396396reserved for use in authentication and session key establishment.
397397
398- .. admonition :: Post-Quantum Cryptography
398+ .. sidebar :: Post-Quantum Cryptography
399399
400- As we have seen, a lot of cryptography depends on the difficulty of
400+ * As we have seen, a lot of cryptography depends on the difficulty of
401401 solving certain mathematical problems, such as factoring prime
402402 numbers or computing discrete logarithms. When the efforts of
403403 mathematicians over decades to solve a problem have proven
@@ -410,9 +410,9 @@ reserved for use in authentication and session key establishment.
410410 progress is made towards ever larger quantum computers, measured by
411411 the number of quantum bits (qubits), there is a real
412412 risk that many current cryptographic algorithms will at some point
413- become breakable.
413+ become breakable. *
414414
415- There is plenty of debate about whether quantum computing will ever
415+ * There is plenty of debate about whether quantum computing will ever
416416 progress to the point that the risks to conventional cryptography
417417 materialize. Current quantum computers are much too small and lack
418418 the error-correcting capabilities necessary to solve the
@@ -427,23 +427,23 @@ reserved for use in authentication and session key establishment.
427427 considering the possibility that some data that is well protected
428428 today could be stored for a decade or two and then decrypted by a
429429 future quantum computer, so even data produced today could be at
430- risk.
430+ risk.*
431431
432- The response to this uncertain threat has been to develop suites of
432+ * The response to this uncertain threat has been to develop suites of
433433 cryptographic algorithms for which no quantum solution is
434434 known. This is the field of "Post-Quantum Cryptography". Note the
435435 use of the phrase "no solution is known". It is hard to prove that
436436 no algorithm exists—once again we are in the territory of trying to
437437 prove a negative. But NIST is running a process to evaluate and
438438 standardize a set of quantum-resistant algorithms, and there is
439439 plenty of focus on the candidate algorithms to establish their
440- suitability over the long term.
440+ suitability over the long term. *
441441
442- There is a general, if not universal, sense that at some point
442+ * There is a general, if not universal, sense that at some point
443443 post-quantum cryptographic algorithms will be needed. While the
444444 timeframe is uncertain and the exact algorithms to be used may
445445 change, the requirement for *crypto-agility *—the ability to swap
446- out one set of algorithms for another—is now well established.
446+ out one set of algorithms for another—is now well established.*
447447
4484483.4 Message Authentication
449449---------------------------------
0 commit comments