-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Taylor R Campbell wrote: > Date: Sat, 24 Jan 2015 13:07:29 -0800 From: Tao Effect > <[email protected]> > > So, I understand that QM algos can pretty much dismantle all > popular asymmetric encryption algos with enough q-bits, but I > haven't thought hard enough to see if they also can be used to > compromise communications that used DH to do PFS underneath the > initial handshake. > > Yes. Shor's algorithm can compute finite field and elliptic curve > discrete logs, so an attacker who saved a transcript of g^a, g^b > over the wire today can, if/when quantum computers become > available, compute a, b, and g^ab and retroactively decrypt the > rest of the encrypted transcript.
That's not quite the same as breaking PFS though. PFS is the premise that knowing the key to one session/message gives you no information about the plaintext of any other session/message. QM algos like Shor's algorithm speed up the decryption process, but you would still need to break each session/message individually. In other words, QM algos don't break PFS, because the requirement it imposes (to decrypt all sessions/messages individually) is not a significant barrier when the PFS protocol uses QM-vulnerable crypto primitives. Building a PFS protocol using QM-resistant crypto would restore the barrier. str4d > _______________________________________________ Messaging mailing > list [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUxBvJAAoJEIA97kkaNHPnXfIP/1pOaYu/S9mIoWkI6B+J20Me P7Ngt2AxB2I/DJnnwQNHGthWPEtf1DTQIHscr0jkRHrf7DXm64kI4p9NPn9VxCtd hS00znfAnFkotdoEC+ENdurgBrfvst5571Skamf1rvIUGzqXeYBLnTtVeCgFriDb VOzf88SW/apm/CCPMVB3KNq7bITTwtD6CawnTSjXRu0DQzk+j8WHeAXBVXUK2xGY hyJFegGRlClYMqIiW/HMrAy2QvQIJ9exDb5d7lREZeB8Q5qOUX0wGbS+iTpBk0pC 9aKLb9VxS/YtBcEVgozIGanWyu6npQI7mJvIiMdhn+63e4j4VcdVjBs5S3ZcY8aQ 50T2+kMB5ciiP0PwF1jerwy0AiCMrKiKy8L1coLhJlyk+HaWt1F/8Xw/Xnq/3Gmr tHm1Hft7h13q6iFg6fCOgfYUIZaRIUQApzTGHzuG3Npn0NgTKCV3MpLS9bjEd9dh uZHvcYsDePCtwd36KVHqlJW8AvmbhUkyNwi3dvLOmd67FoAMaw+uATHrUo/NSYb/ MkTe8SmYeWsviKZ14x7mhhAbwgPT7ZizMfdzLyq1UcQAQYu/MrEgcdQvfUbT1Y0k VavzU9ADgDo83nH5n1pcyjcFARQc3rYoTX3+B/Gic72yUWK7zqyvStQbrvqCFUtb D4fxWyVrPr3Tx1boUZYa =xoZe -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
