GPG's vulnerability to quantum cryptography

Peter Lebbing peter at digitalbrains.com
Fri May 16 16:48:10 CEST 2014


On 16/05/14 14:37, Michael Anders wrote:
> In fact arriving at a realistic estimate for the energy needed to brute
> force AES is really hard work. (Besides: Who can say for sure that we
> cannot get some bits from cryptoanalytic progress(two bits already
> crumbled).

You cannot get bits of cryptanalytic progress for brute-force.
Brute-force is by definition completely independent of such things.

And nobody here claimed a realistic estimate. All that was claimed was a
lower bound.

> 1.) We don't have anything other than AES (At least many people think
> so.)

What does the specific cipher used have to do with anything? Since I
don't see where in the thread you replied, I'm not sure if we're still
debating quantum cryptography or that we're discussing brute-forcing.

Quantum cryptography was only discussed relating either to asymmetric
crypto, which AES isn't, or in relation to Grover's algorithm, which is
used to brute-force an algo.

When brute-forcing, the choice of algorithm is irrelevant by definition.
AES is simply used as an example, but the stuff discussed so far would
go for any symmetric algorithm with a 128-bit key. Only the number of
bitflips per trial would vary, which was never really established
anyway, but tentatively put at "quite a lot".

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list