GPG's vulnerability to quantum cryptography
Peter Lebbing
peter at digitalbrains.com
Fri May 16 16:48:10 CEST 2014
On 16/05/14 14:37, Michael Anders wrote:
> In fact arriving at a realistic estimate for the energy needed to brute
> force AES is really hard work. (Besides: Who can say for sure that we
> cannot get some bits from cryptoanalytic progress(two bits already
> crumbled).
You cannot get bits of cryptanalytic progress for brute-force.
Brute-force is by definition completely independent of such things.
And nobody here claimed a realistic estimate. All that was claimed was a
lower bound.
> 1.) We don't have anything other than AES (At least many people think
> so.)
What does the specific cipher used have to do with anything? Since I
don't see where in the thread you replied, I'm not sure if we're still
debating quantum cryptography or that we're discussing brute-forcing.
Quantum cryptography was only discussed relating either to asymmetric
crypto, which AES isn't, or in relation to Grover's algorithm, which is
used to brute-force an algo.
When brute-forcing, the choice of algorithm is irrelevant by definition.
AES is simply used as an example, but the stuff discussed so far would
go for any symmetric algorithm with a 128-bit key. Only the number of
bitflips per trial would vary, which was never really established
anyway, but tentatively put at "quite a lot".
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list