Community call #2613 - 
Your VPN just went post-quantum with Elisa Pioldi
Hey Nymsters!
This week’s call was a deep dive into the quantum future. We were joined by Elisa Pioldi, a PhD researcher specializing in post-quantum privacy-preserving technologies, working on the GNU TALER team. We discussed quantum computing threats, post-quantum cryptography, and how TALER aims to revolutionize digital payments while preserving privacy.
Big thanks to everyone who joined and asked great questions!
Quantum Computing: The Threat Explained
Elisa broke down the core difference between classical and quantum computing:
“A normal computer could solve a problem in a millennium. A quantum computer can solve certain problems in minutes.”
The real danger isn’t just future decryption - it’s “harvest now, decrypt later.” Attackers can store encrypted data today and wait for quantum computers to crack it.
“Whatever you’re encrypting now is not secure in the future. You have to take into account how many years you want your secrets to stay secret.”
What breaks? Public key cryptography (asymmetric crypto) is vulnerable. Symmetric crypto like AES-256 just needs its key length doubled.
Post-Quantum Cryptography: The Solution
Post-quantum crypto relies on math problems that are hard even for quantum computers - lattices, isogenies, multivariate cryptography.
“We just find hard problems that are not vulnerable to quantum algorithms, and base our crypto on them.”
Elisa explained lattices with a simple analogy: imagine a grid. With a “good basis” (orthonormal), finding the closest vector to a point is easy. With a “bad basis,” it’s incredibly hard - and that hardness is what secures the crypto.
Resources: OpenQuantumSafe - a library collecting post-quantum crypto implementations.
GNU TALER: Privacy-Preserving Digital Cash
TALER (already supported as a payment method for NymVPN) solves a fundamental problem: current digital payment systems surveil users.
“Every transaction we do in our current life can be observed.”
Asymmetric privacy is TALER’s core innovation:
- Customers pay in complete privacy - the system cannot see who they are
- Merchants can be audited to declare income and prevent illegal activity
“It’s a compromise, but it’s a good compromise. You need to make an effort to compromise with the real world.”
Key features:
- Open source (GNU project)
- Supports any currency (fiat or crypto)
- Already deployed in Switzerland (Biel, expanding)
- Refresh protocol - spend part of a coin, get an entirely new, unlinkable coin as change
“It’s impossible to de-anonymize users. If you’re following the cryptographic specifications, you cannot be traced in any way.”
Elisa’s perfect use case: TALER as a digital euro, with the European Central Bank as the exchange, and users running Nym to protect the communication channel.
“Nym is exactly what we need for running TALER. We’ve been thinking about mixnets since the beginning.”
Post-Quantum TALER - The Challenge
Making TALER post-quantum is not trivial. Unlike basic primitives (digital signatures, key encapsulation), TALER needs blind signatures - and efficient post-quantum blind signatures don’t exist yet.
“We cannot afford to use the current available blind signatures - they’re not efficient enough. We don’t know when this will happen, but research is really, really active in this field.”
Crypto agility is crucial: protocols must be able to swap algorithms because we don’t yet know which post-quantum schemes will remain secure.
Q&A Highlights
Q: What countries have TALER so far?
“Switzerland (Biel). We’re expanding to other Swiss cities and have agreements with banks outside Switzerland - mainly Europe, but Latin America is on the list.”
Q: How does TALER prevent dirty coins or state-level de-anonymization?
Elisa explained the refresh protocol: when you spend part of a coin, you get a completely new, unlinkable coin as change.
Q: Can the auditor and exchange collude to de-anonymize users?
“I’m proving mathematically that it’s impossible to de-anonymize user spending. Collusion could lead to DoS attacks, but tracing is impossible.”
Q: What happens to digitally signed documents when quantum computers arrive?
“Signatures with non-PQ algorithms will be fakeable. But we refresh keys - whatever happened in the past, we don’t care anymore at some point.”
Q: How to exchange cash for TALER bucks?
“We did this at a conference in Dresden - physical cash for TALER bucks. In the future, ATMs with cash deposit could do it.”
Q: Perfect customer scenario using TALER + Nym?
“TALER as digital euro with the European Central Bank as exchange, users running Nym on their machines. Everything completely protected.”
Q: Will quantum computing be the norm by 2036?
“Quantum computers will never become the norm - they’re for specific tasks. You won’t use quantum computing to run your games.”
Q: What path do you recommend for studying post-quantum?
“Study classical crypto first, then go post-quantum. Either computer science or math background works.”
Additional Resources
- PQC Forum - Google group where leading researchers discuss post-quantum crypto standardization and developments
Timestamps
- 00:03:14 - What is TALER? Asymmetric privacy explained
- 00:07:39 - Quantum computing vs classical computing
- 00:13:38 - “Harvest now, decrypt later” threat
- 00:16:09 - How post-quantum crypto works (lattices explained)
- 00:20:23 - Post-quantum TALER challenges
- 00:22:22 - NIST standardization & crypto agility
- 00:36:13 - Q&A begins
- 00:54:11 - POAP & closing
Watch the full recording:
YouTube Link
Huge thanks to Elisa Pioldi for the fascinating conversation - and stay tuned for more TALER guests on future calls!
See you next week! 