[messaging] Do quantum attacks/algos also lead to compromise of PFS?

Taylor R Campbell campbell+moderncrypto at mumble.net
Sat Jan 24 13:18:49 PST 2015

   Date: Sat, 24 Jan 2015 13:07:29 -0800
   From: Tao Effect <contact at taoeffect.com>

   So, I understand that QM algos can pretty much dismantle all
   popular asymmetric encryption algos with enough q-bits, but I
   haven't thought hard enough to see if they also can be used to
   compromise communications that used DH to do PFS underneath the
   initial handshake.

Yes.  Shor's algorithm can compute finite field and elliptic curve
discrete logs, so an attacker who saved a transcript of g^a, g^b over
the wire today can, if/when quantum computers become available,
compute a, b, and g^ab and retroactively decrypt the rest of the
encrypted transcript.

More information about the Messaging mailing list