[messaging] Do quantum attacks/algos also lead to compromise of PFS?

Tony Arcieri bascule at gmail.com
Mon Jan 26 19:38:04 PST 2015

On Mon, Jan 26, 2015 at 3:54 AM, Michael Rogers <michael at briarproject.org>

> A hybrid of ring-LWE and ECDH has also been proposed for Tor, with the
> goal of maintaining forward secrecy of current traffic against future
> quantum computers

This is the most interesting approach I've heard (and by that I mean I've
heard it before but...):

1) Use an existing, uncontroversial key-exchange protocol (e.g. X25519)
2) Also use a post-quantum key-exchange protocol

When you're done, combine both results together (e.g. as KDF input)

The resulting combination, if done correctly, should be at least as strong
as the strongest of the "pre-quantum" and "post-quantum" key exchange

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150126/75240032/attachment.html>

More information about the Messaging mailing list