Comment Re:A question for people familiar with cryptology (Score 1) 33
Unlock all interactions? No. Unlocking a specific interaction? Maybe.
For common uses (like the public web), the most likely approach to decrypting a specific interaction is to break the RSA (cert-based) on the outside and then the Diffie-Hellman (ephemeral per-transaction) on the inside, then recover the symmetric encryption key to decrypt the rest of the conversation. But this is not trivial, and it requires more work than to just toss the transaction into the quantum computer.
The ephemeral layer is where things get harder. Even if you can derive the RSA key on a regular connection, you've got the first layer, but the DH layer is redone for each new connection. (Some sites don't use DH, or are vulnerable to downgrade attacks where DH isn't used, but DH is pretty widespread.) Every ephemeral negotiation has to be individually cracked. Tor uses DH or x25519 on all connections, so each has to be individually cracked. It is expected that breaking an individual 2048-bit RSA or DH encryption would take several hours if one had a quantum computer of sufficient power. Cracking 3072- or 4096-bit RSA/DH will take even longer, if it's even possible on the same systems. However, we appear to be a long way from such capabilities, and the NSA isn't likely to use it to break arbitrary Tor connection encryption, saving it instead for much more practical items. As soon as the NSA has practical quantum computing, it's going to have decades of backlog to go through just for the international signals, and getting anything moved up in line is going to need a damned good reason.