[messaging] Do quantum attacks/algos also lead to compromise of PFS?
Tony Arcieri
bascule at gmail.com
Mon Jan 26 19:38:04 PST 2015
On Mon, Jan 26, 2015 at 3:54 AM, Michael Rogers <michael at briarproject.org>
wrote:
> A hybrid of ring-LWE and ECDH has also been proposed for Tor, with the
> goal of maintaining forward secrecy of current traffic against future
> quantum computers
This is the most interesting approach I've heard (and by that I mean I've
heard it before but...):
1) Use an existing, uncontroversial key-exchange protocol (e.g. X25519)
2) Also use a post-quantum key-exchange protocol
When you're done, combine both results together (e.g. as KDF input)
The resulting combination, if done correctly, should be at least as strong
as the strongest of the "pre-quantum" and "post-quantum" key exchange
methods.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150126/75240032/attachment.html>
More information about the Messaging
mailing list