<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Turns out solving this problem this is quite a burgeoning field, complete with its own standardization efforts!<div><br></div><div><a href="https://en.wikipedia.org/wiki/Post-quantum_cryptography">https://en.wikipedia.org/wiki/Post-quantum_cryptography</a></div><div><br></div><div>Thanks so much for the updates (Taylor and folks from [randombit]).</div><div><br></div><div>Cheers,</div><div>Greg<br><div>
<br class="Apple-interchange-newline"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">--</span><br style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">Please do not email me anything that you are not comfortable also sharing</span><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"> with the NSA.</span>
</div>
<br><div><div>On Jan 24, 2015, at 1:36 PM, Tao Effect <<a href="mailto:contact@taoeffect.com">contact@taoeffect.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><blockquote type="cite">Yes. Shor's algorithm can compute finite field and elliptic curve<br>discrete logs, so an attacker who saved a transcript of g^a, g^b over<br>the wire today can, if/when quantum computers become available,<br>compute a, b, and g^ab and retroactively decrypt the rest of the<br>encrypted transcript.<br></blockquote><div><br></div><div>... Shit.</div><div>
<br class="Apple-interchange-newline"><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;">--</span><br style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;">Please do not email me anything that you are not comfortable also sharing</span><span style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;"> with the NSA.</span>
</div>
<br><div><div>On Jan 24, 2015, at 1:18 PM, Taylor R Campbell <<a href="mailto:campbell+moderncrypto@mumble.net">campbell+moderncrypto@mumble.net</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"> Date: Sat, 24 Jan 2015 13:07:29 -0800<br> From: Tao Effect <<a href="mailto:contact@taoeffect.com">contact@taoeffect.com</a>><br><br> So, I understand that QM algos can pretty much dismantle all<br> popular asymmetric encryption algos with enough q-bits, but I<br> haven't thought hard enough to see if they also can be used to<br> compromise communications that used DH to do PFS underneath the<br> initial handshake.<br><br>Yes. Shor's algorithm can compute finite field and elliptic curve<br>discrete logs, so an attacker who saved a transcript of g^a, g^b over<br>the wire today can, if/when quantum computers become available,<br>compute a, b, and g^ab and retroactively decrypt the rest of the<br>encrypted transcript.<br></blockquote></div><br></div>_______________________________________________<br>Messaging mailing list<br><a href="mailto:Messaging@moderncrypto.org">Messaging@moderncrypto.org</a><br>https://moderncrypto.org/mailman/listinfo/messaging<br></blockquote></div><br></div></body></html>