[Cryptography] quantum computers & crypto
Christian Huitema
huitema at huitema.net
Sun Nov 7 00:45:36 EDT 2021
On 11/6/2021 4:17 PM, Jerry Leichter wrote:
> Otherwise, yes, you have to come up with heuristics, which basically come down to looking at the entropy of the alleged decryption on the assumption that real plaintext has much lower entropy than the random noise that you get from trying to decrypt with the wrong key. Quantifying this is obviously highly dependent on the model you have of correct plaintext. In practice, this is usually not a problem for classical attacks. How you would approach it for quantum attacks, I have no clue.
.. which leads to an interesting side-way on "compress and encrypt". The
general guidance that I read is "don't do that, because compressing
different clear texts results in different compressed lengths, and the
adversary can use the length to guess the message." But then, by
definition, compression reduces the entropy of the compressed plain
text, which makes the heuristics that you describe here harder. So, what
gives?
-- Christian Huitema
More information about the cryptography
mailing list