Opened 22 months ago

Last modified 22 months ago

#22992 new defect

master pubkey of the hidden service quantum computer resistance

Reported by: Dbryrtfbcbhgf Owned by:
Priority: Medium Milestone: Tor: very long term
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, pq
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

what will be done if quantum computers can compute the private key of the ed25519 master pubkey "of the hidden services". Large-scale/medium scale quantum computers would possibly be able to compute the private key of the master pubkey of the hidden service then they would be able to impersonate the hidden service.

https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n1901

Child Tickets

Change History (2)

comment:1 Changed 22 months ago by yawning

Milestone: Tor: 0.3.2.x-finalTor: very long term
Priority: HighMedium

what will be done if quantum computers can compute the private key of the ed25519 master pubkey "of the hidden services"

Migrate to an entirely different HS architecture.

There is (to my knowledge) no PQ signature algorithm currently that has public keys that are suitable for use as addresses. Regardless, all the other crypto would need to use PQ crypto before this even matters in the slightest.

comment:2 Changed 22 months ago by dgoulet

Keywords: tor-hs pq added
Note: See TracTickets for help on using tickets.