Topic: NTRU vs Kybe: Which Quantum Resistant Algorithm Is Better for Bitcoin? (Read 98 times)

Can you give us example which cryptocurrency actually use NTRU cryptography when cryptocurrency generally use only hash and signature cryptography?


Do you even read link you shared?
1. Table on link you shared only says ECDSA (<= 256 bits) disallowed after 2035.
2. SHA-256 remains allowed by NIST roadmap.

In addition, Bitcoin use hash and signature cryptography, not encryption cryptography. So Core developers don't need to think about transition of encryption cryptography.

Neither.

NTRU and Kyber are PKE/KEM - Public Key Encryption / Key Encapsulation Mechanism.

You should rather look at:
FIPS 204, ML-DSA, former Dilithium
FIPS 205, SLH-DSA, former SPHINCS+
FIPS 206, FN-DSA, former FALCON, not yet standardized

|-------------------+-------------+------------+-----------+----------+-----------|
|                   | Private Key | Public Key | Signature | security |   average |
|                   |       bytes |      bytes |     bytes |     bits | block MB* |
|-------------------+-------------+------------+-----------+----------+-----------|
| secp256k1         |          32 |         32 |        64 |      128 |         2 |
|-------------------+-------------+------------+-----------+----------+-----------|
| ML-DSA-44         |        2560 |       1312 |      2420 |      128 |        78 |
| ML-DSA-65         |        4032 |       1952 |      3309 |      192 |       110 |
| ML-DSA-87         |        4896 |       2592 |      4627 |      256 |       150 |
|-------------------+-------------+------------+-----------+----------+-----------|
| SLH-DSA-SHA2-128s |             |         32 |      7856 |      128 |       164 |
| SLH-DSA-SHA2-192s |             |         48 |     16224 |      192 |       339 |
| SLH-DSA-SHA2-256s |             |         64 |     29792 |      256 |       622 |
|-------------------+-------------+------------+-----------+----------+-----------|
| Falcon-512        |        1281 |        897 |       666 |      128 |        33 |
| Falcon-1024       |        2305 |       1793 |      1280 |      256 |        64 |
|-------------------+-------------+------------+-----------+----------+-----------|
* could be off by a factor of 2

I think this discussion is, while interesting, a bit premature. NIST (not that bitcoin is a US thing, but the guidance here is good) released their document on the timeline for post-quantum encryption (IR 8547) last November.  Here is a decent summary from InfoSec.

If you believe the table, there is some confidence that SHA256 will survive at least through 2035.  While there is some concern over its performance against a collision attack, this attack is about getting two keys that produce the same hash value, NOT finding a second key which has a particular hash value associated with another unknown key.

I'd be hard pressed to find a sense of urgency that would get me designing or coding the end product - there is only about 70-80K lines of code in the entire core, so not going to be a earth shaking task.  The harder part will be designing the transition - technical and operational - from one hash to the next.  Guessing there are not too many core developers who haven't already had thoughts about how to transition the encryption, if and when needed.  I'm inclined to give this issue a few more years for the alternatives to mature and prove themselves.

Hey guys,
With quantum computing on the horizon, don’t you think it’s time to start thinking about how Bitcoin’s security might be affected? Right now, Bitcoin uses ECDSA, but what happens when quantum computers can break it? There are two algorithms that are getting a lot of attention as possible solutions: NTRU and Kyber. But which one is actually better for Bitcoin? Let’s dive into it  .

1-Security, Have you heard that NTRU is based on lattice problems? It’s pretty resistant to both regular and quantum attacks.  But do you think it’ll stay secure as quantum computing advances?
Then there’s Kyber.  It’s also lattice-based and is actually part of the NIST post-quantum standardization.  Do you think it’s as solid as they say, or could there be weaknesses we haven’t found yet?

2–Efficiency, NTRU is known for being pretty efficient with smaller key sizes.  Doesn’t that sound like a win for Bitcoin, especially when speed and efficiency matter?
But what about Kyber? It’s efficient too, but its key sizes are bigger.  Do you think that could slow things down when it comes to Bitcoin’s scalability?

3–Key Sizes, NTRU uses smaller key sizes (around 1-2 KB).  How important do you think that is for Bitcoin’s storage and bandwidth?
But Kyber uses larger key sizes (around 3-4 KB).  Could this be a problem as Bitcoin grows, or do you think it’s manageable?

4–Real-World Use, NTRU has been used in other cryptos for years.  It’s proven, but do you think it’ll be able to handle the demands of Bitcoin in the long run?
Kyber is newer but is already gaining a lot of attention.  Could it be the future of quantum-resistant crypto, or is it too early to say?

So, what do you think? NTRU looks fast and efficient, but is it strong enough for the future? Or is Kyber the way to go, with its solid reputation and growing support? Let me know your thoughts!