[cryptography] Do quantum attacks/algos also lead to compromise of PFS?

Greg greg at kinostudios.com
Sat Jan 24 17:10:58 EST 2015


Thanks Natanael!

What I'm gathering from here and [messaging] is that yes, OTR doesn't seem seem to be future-secure, and PFS isn't perfect (with the way it's usually implemented today), *but* there do seem to be possible solutions to this problem, if we can trust what the math/physics folks are saying.

-g

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Jan 24, 2015, at 1:13 PM, Natanael <natanael.l at gmail.com> wrote:

> 
> Den 24 jan 2015 22:06 skrev "Greg" <greg at kinostudios.com>:
> >
> > So, I understand that QM algos can pretty much dismantle all popular asymmetric encryption algos with enough q-bits, but I haven't thought hard enough to see if they also can be used to compromise communications that used DH to do PFS underneath the initial handshake.
> >
> > Side question: is this the right list to ask this on, or is there other ones I should try? (Is CFRG appropriate? Metzdowd is annoying with its long moderation times...)
> 
> Key exchange like DH simplifies PFS but isn't strictly necessary. A mechanism with temporary public keys where your main keys only sign the temporary keys, and the temporary keys are used for exchange of nonces to generate session keys (there are presumed quantum secure public key algorithms!), would be sufficient as well if you delete the temporary public keys the way DH secrets in regular PFS key exchanges are deleted afterwards.
> 
> There are many hash based signature algorithms, and other types of public key algorithms like lattice based and many others.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150124/02d965e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150124/02d965e3/attachment.asc>


More information about the cryptography mailing list