[tor-talk] NSA supercomputer

[Christian Sturm]

Anthony Papillion wrote:
> . Granted, quantum computing
> will shred most (all?) of the ciphers we currently use.

Which actually is a bit sad, cause RSA appears to be replaceable 
Latice-based cryptography:

https://en.wikipedia.org/wiki/Lattice_based_cryptography

As the article says though one needs to choose one of two drawbacks 
here, performance or proven(!) security. They are intersting, cause they 
are not NP-Hard and still can't be attacked by today's knowledge. There 
is at least one alternative that is hard for quantum computers and in 
fact is NP-Hard, which is the McEliece cryptosystem. However it has 
properties that appear to basically render it insecure.

One  hast to also keep in mind that the symmetric algorithm to be fast 
enough. I don't know - or better said, I didn't find - anything about 
this topic yet. In general one shouldn't forget that the attacker can 
always "simply" use the weaker cipher and currently it really seems to 
be AES, because it's harder to know about its propertierties, being not 
simply based on prime numbers. Also there are a number of attacks on it 
now, some of them that maybe someone could find out about how they can 
be used correctly.

But still, the chances of finding an attack against an application that 
reveals the plaintext in some way is something that's a way more likely 
threat and attacks against applications are something that constantly 
happens. Bad behavior, timing attacks, etc. are a way more realistic 
attack vector. And hey, they can try to figure out who sends traffic 
that is encrypted and appears in certain intervals, etc. making them 
look suspicious and visit them. That's where Tor outperforms stuff like 
VPN that is easier to analyze it seems, cause all the do is encrypting 
traffic.

I hope someone finds some flaws in this and tells me, cause I wanna know 
whether I am right about all this.