Turns out solving this problem this is quite a burgeoning field, complete with its own standardization efforts!
https://en.wikipedia.org/wiki/Post-quantum_cryptography Thanks so much for the updates (Taylor and folks from [randombit]). Cheers, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Jan 24, 2015, at 1:36 PM, Tao Effect <[email protected]> wrote: >> Yes. Shor's algorithm can compute finite field and elliptic curve >> discrete logs, so an attacker who saved a transcript of g^a, g^b over >> the wire today can, if/when quantum computers become available, >> compute a, b, and g^ab and retroactively decrypt the rest of the >> encrypted transcript. > > ... Shit. > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > On Jan 24, 2015, at 1:18 PM, Taylor R Campbell > <[email protected]> wrote: > >> Date: Sat, 24 Jan 2015 13:07:29 -0800 >> From: Tao Effect <[email protected]> >> >> So, I understand that QM algos can pretty much dismantle all >> popular asymmetric encryption algos with enough q-bits, but I >> haven't thought hard enough to see if they also can be used to >> compromise communications that used DH to do PFS underneath the >> initial handshake. >> >> Yes. Shor's algorithm can compute finite field and elliptic curve >> discrete logs, so an attacker who saved a transcript of g^a, g^b over >> the wire today can, if/when quantum computers become available, >> compute a, b, and g^ab and retroactively decrypt the rest of the >> encrypted transcript. > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
