Lessons learnt from the Lion and the Gazelle

Quantum Annoyance 

In the coming years, the threat of quantum-capable hackers looms large. Let's imagine them to be the fierce lions, and we, the users on classical computers, are the vulnerable gazelles in the digital Serengeti. So, how can we survive the quantum apocalypse?

As it turns out, we may not need to run "faster" than the lion. Since it is the slowest (or weakest) gazelle that falls prey to the lion, can we just run "faster" than the slowest gazelle? A simple strategy to learn from this is to be more "annoying" to quantum hackers compared to others.

But what does it mean to be annoying to a quantum hacker? One way is by implementing techniques like perfect forward secrecy when applying cryptography. We study the example of the Transport Layer Security (TLS) protocol used to secure communication between web browsers and servers.

In TLS v1.2, all communication between the browser and server relies on the security of a single RSA key. This means that if a quantum hacker breaks this RSA key, the communication security for all users collapses. However, TLS v1.3 introduces a significant improvement. Each session now relies on a different ephemeral ECDH key, thereby changing the exposure. While each ECDH key can still be broken by a quantum hacker, the gain from each cryptanalysis is limited to just one session, not all sessions from all users. This fundamental change may be just enough to annoy quantum hackers and lead them to look elsewhere for easier targets.

So being quantum annoying is not a panacea, but it is relatively simpler to implement compared to post-quantum cryptography, and a cheap way to buy us additional time before the quantum lion pounces.