Atlas Recent Improvements

You guys are my heros!

Yes, this is *exactly* what I was talking about!

> An attacker currently monitoring and storing circuit-layer NTor handshakes who later has the ability to run Shor's algorithm on a quantum computer will be able to break Tor's current handshake protocol and decrypt previous communications.

(Because our adversary can record the packets exchanged during the ephemeral key exchange, as well as the subsequent data packets, later decrypt the key exchange packets using their quantum computer, then use the recovered ephemeral key to decrypt the actual data sent/received by the hapless Tor user. If I do not misunderstand.)

Regarding this statement:

> It is unclear if and when such attackers equipped with large quantum computers will exist, but various estimates by researchers in quantum physics and quantum engineering give estimates of only 1 to 2 decades.

This estimate may be optimistic, although clearly it is important not to be panicked by oversold claims from companies anxious to cash in on the "Big Data" "AI" juggernaut.

IBM is one of the companies with deep pockets which is pushing hard to compete with Dwave, and the latest word from their marketeers is that IBM will field a 50 qBit true quantum computer in a few months. (First application they mention: AI for cancer moonshot--- the usual AI hogwash our adversaries try to peddle to the general public. In the nineties, Biden was for the Clipper chip... some things never change.)

> post-quantum-secure lattice-based key-exchange

Good, I sort of understand some of the general principles in lattice based cryptosystems.

> Additionally, there are implementations in Go by Yawning Angel, available from [4] and in Rust by Isis Lovecruft, available from [5].

Very good to know you have your best people working on this--- shows the community Tor Project really is preparing the ground for post-quantum reality!

The details of the post are beyond me, but in general it seems that Tor Project must try to have at least two post-quantum ephemeral key exchanges ready ASAP.

I take the point that the greater computational resources needs makes finding protocols admitting fast but secure hardware implementations is an additional complicating factor, wow. Keep up all your good work!

Er, just three more scary prospects to maybe keep in mind:

@ GK: please help try to convince Debian (on which Tails is based) to take seriously the LUKS backdoor (hit enter a certain number of times and get a shell suitable for messing with the / partition, for example by modifying the kernel to snag the legit user using a keylogger during his/her next login). This LUKS "feature" should be removed as a matter of some urgency. Please direct DP's attention to The Intercept's story disclosing a "Statement of Work" for a 3 week lockpicking course to be taught by two USG operatives (with "10-15 years of operational experience using the techniques taught in the course domestically or abroad"!) to a "force protection unit" at a US military base in Japan. The clear implication: US operatives routinely commit "covert building intrusions" in the USA and in allied nations such as DE, Japan, etc. Years ago, the Church Committee revealed that FBI routinely targeted journalists, lawyers, doctors, civil rights activists, environmentalists, and labor organizers with such burglaries during the period 1920-1975, and I fear that there is every reason to think USG spooks have reverted to form.

@ Tor people planning international travel: not to spread FUD, but please be very careful in airports. Kim Jong-nam killing much in the news, but as you probably are aware, there has been a spate of human rights workers who unexpectedly "hung themselves" (thus local authorities) in various airport bathrooms during routine international travel. If possible, avoid traveling alone and look out for each other. I fear that the Kim Jong-nam killing signals a new willingness of certain governments (not just DPRK) to assassinate human rights workers anywhere in the world. NSA has hired a psychologist whose speciality is making murder look like suicide. And VX was invented by USG, not by DPRK.

On the bright side (?), you know you are having a positive effect when the world's ugliest governments (not just DPRK) start trying to kill you on the street!

Hope TP can continue to work towards geographic diversity of key deployed human resources, so to speak. The intensity of physical surveillance in USA is really becoming terrifying. FBI spyplanes, vehicles, pole cameras, stakeouts, tails, mail diversions, the works. All signs suggest USG may be about to strike at Tor Project in the USA, so IMO the Project cannot move to another country fast enough. Hope I am wrong, but in past this level of surveillance has been followed by really bad news for human rights people.

These days, it seems like all the world's governments keep pushing up the deadline for human extinction.

Stay safe out there, Tor people!

Just to point out: There was a project made by someone to make a lighter version of Atlas https://github.com/lukechilds/tor-explorer

One of the nice features: Page size + all assets < 10k. and JavaScript not required!