There are quantum-resistant encryption methods available, but most of them haven’t been studied that long.
As Koblitz and Menezes put it,… most quantum-resistant systems that have been proposed are complicated, have criteria for parameter selection that are not completely clear, and in some cases (such as NTRU) have a history of successful attacks on earlier versions.
Some methods do have a long history but have other drawbacks.
Robert McEliece’s encryption method, for example, dates back to 1978 and has held up well, but it requires a megabyte key to achieve 128-bit security.
There is a variation on McEliece’s method that has radically smaller keys, but it’s only been around for six years.
In short, the dust hasn’t settled regarding post-quantum encryption methods.
Related postsLearning with errorsCode-based encryptionUnbalanced oil and vinegarIsogeny-based methods People are naturally suspicious of algorithm recommendations coming from the NSA.
Wouldn’t the agency like for everyone to use encryption methods that it could break?.Of course.
But the agency also wants US companies and government agencies to use encryption methods that foreign agencies cannot break.
There’s little downside to using established methods with longer keys.
However, key length may not the weakest link.
If you’re vulnerable to timing attacks, for example, doubling your key length may create a false sense of security.
.. More details