[messaging] Do quantum attacks/algos also lead to compromise of PFS?
str4d
str4d at i2pmail.org
Sat Jan 24 14:25:30 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Taylor R Campbell wrote:
> Date: Sat, 24 Jan 2015 13:07:29 -0800 From: Tao Effect
> <contact at taoeffect.com>
>
> So, I understand that QM algos can pretty much dismantle all
> popular asymmetric encryption algos with enough q-bits, but I
> haven't thought hard enough to see if they also can be used to
> compromise communications that used DH to do PFS underneath the
> initial handshake.
>
> Yes. Shor's algorithm can compute finite field and elliptic curve
> discrete logs, so an attacker who saved a transcript of g^a, g^b
> over the wire today can, if/when quantum computers become
> available, compute a, b, and g^ab and retroactively decrypt the
> rest of the encrypted transcript.
That's not quite the same as breaking PFS though. PFS is the premise
that knowing the key to one session/message gives you no information
about the plaintext of any other session/message. QM algos like Shor's
algorithm speed up the decryption process, but you would still need to
break each session/message individually.
In other words, QM algos don't break PFS, because the requirement it
imposes (to decrypt all sessions/messages individually) is not a
significant barrier when the PFS protocol uses QM-vulnerable crypto
primitives. Building a PFS protocol using QM-resistant crypto would
restore the barrier.
str4d
> _______________________________________________ Messaging mailing
> list Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUxBvJAAoJEIA97kkaNHPnXfIP/1pOaYu/S9mIoWkI6B+J20Me
P7Ngt2AxB2I/DJnnwQNHGthWPEtf1DTQIHscr0jkRHrf7DXm64kI4p9NPn9VxCtd
hS00znfAnFkotdoEC+ENdurgBrfvst5571Skamf1rvIUGzqXeYBLnTtVeCgFriDb
VOzf88SW/apm/CCPMVB3KNq7bITTwtD6CawnTSjXRu0DQzk+j8WHeAXBVXUK2xGY
hyJFegGRlClYMqIiW/HMrAy2QvQIJ9exDb5d7lREZeB8Q5qOUX0wGbS+iTpBk0pC
9aKLb9VxS/YtBcEVgozIGanWyu6npQI7mJvIiMdhn+63e4j4VcdVjBs5S3ZcY8aQ
50T2+kMB5ciiP0PwF1jerwy0AiCMrKiKy8L1coLhJlyk+HaWt1F/8Xw/Xnq/3Gmr
tHm1Hft7h13q6iFg6fCOgfYUIZaRIUQApzTGHzuG3Npn0NgTKCV3MpLS9bjEd9dh
uZHvcYsDePCtwd36KVHqlJW8AvmbhUkyNwi3dvLOmd67FoAMaw+uATHrUo/NSYb/
MkTe8SmYeWsviKZ14x7mhhAbwgPT7ZizMfdzLyq1UcQAQYu/MrEgcdQvfUbT1Y0k
VavzU9ADgDo83nH5n1pcyjcFARQc3rYoTX3+B/Gic72yUWK7zqyvStQbrvqCFUtb
D4fxWyVrPr3Tx1boUZYa
=xoZe
-----END PGP SIGNATURE-----
More information about the Messaging
mailing list