[messaging] Do quantum attacks/algos also lead to compromise of PFS?
Tao Effect
contact at taoeffect.com
Sat Jan 24 14:25:29 PST 2015
Turns out solving this problem this is quite a burgeoning field, complete with its own standardization efforts!
https://en.wikipedia.org/wiki/Post-quantum_cryptography
Thanks so much for the updates (Taylor and folks from [randombit]).
Cheers,
Greg
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
On Jan 24, 2015, at 1:36 PM, Tao Effect <contact at taoeffect.com> wrote:
>> Yes. Shor's algorithm can compute finite field and elliptic curve
>> discrete logs, so an attacker who saved a transcript of g^a, g^b over
>> the wire today can, if/when quantum computers become available,
>> compute a, b, and g^ab and retroactively decrypt the rest of the
>> encrypted transcript.
>
> ... Shit.
>
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
>
> On Jan 24, 2015, at 1:18 PM, Taylor R Campbell <campbell+moderncrypto at mumble.net> wrote:
>
>> Date: Sat, 24 Jan 2015 13:07:29 -0800
>> From: Tao Effect <contact at taoeffect.com>
>>
>> So, I understand that QM algos can pretty much dismantle all
>> popular asymmetric encryption algos with enough q-bits, but I
>> haven't thought hard enough to see if they also can be used to
>> compromise communications that used DH to do PFS underneath the
>> initial handshake.
>>
>> Yes. Shor's algorithm can compute finite field and elliptic curve
>> discrete logs, so an attacker who saved a transcript of g^a, g^b over
>> the wire today can, if/when quantum computers become available,
>> compute a, b, and g^ab and retroactively decrypt the rest of the
>> encrypted transcript.
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150124/2b683730/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150124/2b683730/attachment.sig>
More information about the Messaging
mailing list