[messaging] Do quantum attacks/algos also lead to compromise of PFS?
Taylor R Campbell
campbell+moderncrypto at mumble.net
Sat Jan 24 13:18:49 PST 2015
Date: Sat, 24 Jan 2015 13:07:29 -0800
From: Tao Effect <contact at taoeffect.com>
So, I understand that QM algos can pretty much dismantle all
popular asymmetric encryption algos with enough q-bits, but I
haven't thought hard enough to see if they also can be used to
compromise communications that used DH to do PFS underneath the
initial handshake.
Yes. Shor's algorithm can compute finite field and elliptic curve
discrete logs, so an attacker who saved a transcript of g^a, g^b over
the wire today can, if/when quantum computers become available,
compute a, b, and g^ab and retroactively decrypt the rest of the
encrypted transcript.
More information about the Messaging
mailing list