[messaging] Do quantum attacks/algos also lead to compromise of PFS?

str4d str4d at i2pmail.org
Sat Jan 24 14:25:30 PST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Taylor R Campbell wrote:
> Date: Sat, 24 Jan 2015 13:07:29 -0800 From: Tao Effect 
> <contact at taoeffect.com>
> 
> So, I understand that QM algos can pretty much dismantle all 
> popular asymmetric encryption algos with enough q-bits, but I 
> haven't thought hard enough to see if they also can be used to 
> compromise communications that used DH to do PFS underneath the 
> initial handshake.
> 
> Yes.  Shor's algorithm can compute finite field and elliptic curve
>  discrete logs, so an attacker who saved a transcript of g^a, g^b 
> over the wire today can, if/when quantum computers become 
> available, compute a, b, and g^ab and retroactively decrypt the 
> rest of the encrypted transcript.

That's not quite the same as breaking PFS though. PFS is the premise
that knowing the key to one session/message gives you no information
about the plaintext of any other session/message. QM algos like Shor's
algorithm speed up the decryption process, but you would still need to
break each session/message individually.

In other words, QM algos don't break PFS, because the requirement it
imposes (to decrypt all sessions/messages individually) is not a
significant barrier when the PFS protocol uses QM-vulnerable crypto
primitives. Building a PFS protocol using QM-resistant crypto would
restore the barrier.

str4d

> _______________________________________________ Messaging mailing 
> list Messaging at moderncrypto.org 
> https://moderncrypto.org/mailman/listinfo/messaging
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUxBvJAAoJEIA97kkaNHPnXfIP/1pOaYu/S9mIoWkI6B+J20Me
P7Ngt2AxB2I/DJnnwQNHGthWPEtf1DTQIHscr0jkRHrf7DXm64kI4p9NPn9VxCtd
hS00znfAnFkotdoEC+ENdurgBrfvst5571Skamf1rvIUGzqXeYBLnTtVeCgFriDb
VOzf88SW/apm/CCPMVB3KNq7bITTwtD6CawnTSjXRu0DQzk+j8WHeAXBVXUK2xGY
hyJFegGRlClYMqIiW/HMrAy2QvQIJ9exDb5d7lREZeB8Q5qOUX0wGbS+iTpBk0pC
9aKLb9VxS/YtBcEVgozIGanWyu6npQI7mJvIiMdhn+63e4j4VcdVjBs5S3ZcY8aQ
50T2+kMB5ciiP0PwF1jerwy0AiCMrKiKy8L1coLhJlyk+HaWt1F/8Xw/Xnq/3Gmr
tHm1Hft7h13q6iFg6fCOgfYUIZaRIUQApzTGHzuG3Npn0NgTKCV3MpLS9bjEd9dh
uZHvcYsDePCtwd36KVHqlJW8AvmbhUkyNwi3dvLOmd67FoAMaw+uATHrUo/NSYb/
MkTe8SmYeWsviKZ14x7mhhAbwgPT7ZizMfdzLyq1UcQAQYu/MrEgcdQvfUbT1Y0k
VavzU9ADgDo83nH5n1pcyjcFARQc3rYoTX3+B/Gic72yUWK7zqyvStQbrvqCFUtb
D4fxWyVrPr3Tx1boUZYa
=xoZe
-----END PGP SIGNATURE-----


More information about the Messaging mailing list