[Cryptography] quantum computers & crypto

Christian Huitema huitema at huitema.net
Sun Nov 7 00:45:36 EDT 2021

On 11/6/2021 4:17 PM, Jerry Leichter wrote:

> Otherwise, yes, you have to come up with heuristics, which basically come down to looking at the entropy of the alleged decryption on the assumption that real plaintext has much lower entropy than the random noise that you get from trying to decrypt with the wrong key.  Quantifying this is obviously highly dependent on the model you have of correct plaintext.  In practice, this is usually not a problem for classical attacks.  How you would approach it for quantum attacks, I have no clue.

.. which leads to an interesting side-way on "compress and encrypt". The 
general guidance that I read is "don't do that, because compressing 
different clear texts results in different compressed lengths, and the 
adversary can use the length to guess the message." But then, by 
definition, compression reduces the entropy of the compressed plain 
text, which makes the heuristics that you describe here harder. So, what 

-- Christian Huitema

More information about the cryptography mailing list