Re: [Cfrg] likelihood that someone has a quantum computer

David McGrew <mcgrew@cisco.com> Mon, 13 January 2014 12:17 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71231AE037 for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 04:17:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.037
X-Spam-Level:
X-Spam-Status: No, score=-10.037 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_SIZE_HUGE=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZXrG_4lIOPab for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 04:17:52 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE7C1ADF68 for <cfrg@irtf.org>; Mon, 13 Jan 2014 04:17:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4125; q=dns/txt; s=iport; t=1389615461; x=1390825061; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=r/i3DWaDpmlgCDhDCHPR2TtaSsiVNbhTdRMKIgeKlcY=; b=Q3+GwI+4gSS8xLauKaY/2u6oK75rUjOSQI5cXnS55X/hLsw7lESLZLox StUfLrDRvKd9WVvlBlPAP8eOgdBYXQOuer7C4dkAxvWtDPvUm5P3lQEUy tk8tNsLPVWsnHqTze4LEWkP2NqZFItSbGOvOzJBGTt7erNa2meXbo2My/ 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjoFAJPY01KtJXHB/2dsb2JhbABagkdEt3GDCIEPFnSCJQEBAQMBeAEFCwsECgoJFg8JAwIBAgFFBg0BBwKHeAjEcBeONgEBTweENwSJQ4pwg2SGRYtQg0segTU
X-IronPort-AV: E=Sophos; i="4.95,652,1384300800"; d="scan'208,217"; a="12432131"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by alln-iport-6.cisco.com with ESMTP; 13 Jan 2014 12:17:34 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8914.cisco.com [10.117.10.229]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id s0DCHXDd026503; Mon, 13 Jan 2014 12:17:33 GMT
Message-ID: <52D3D95C.5040902@cisco.com>
Date: Mon, 13 Jan 2014 07:17:32 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: William Whyte <wwhyte@securityinnovation.com>
References: <52C755AA.70200@cisco.com> <33E0BF53-A331-4646-B080-FD4F6E13916E@ieca.com> <810C31990B57ED40B2062BA10D43FBF5C1BF54@XMB116CNC.rim.net> <52D29B10.4030401@cisco.com> <CACz1E9rsLRwqpA0fS2RNOcpsn7DMqaN=7dcJDQqEi8HDMKKonQ@mail.gmail.com>
In-Reply-To: <CACz1E9rsLRwqpA0fS2RNOcpsn7DMqaN=7dcJDQqEi8HDMKKonQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060100050003050304070907"
Cc: Dan Brown <dbrown@certicom.com>, "TurnerS@ieca.com" <TurnerS@ieca.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 12:17:54 -0000

Hi William,

On 01/12/2014 11:16 PM, William Whyte wrote:
> Hi all,
>
> Sorry again for top-posting, that's gmail for you.
>
> > I would put it more positively as: let's figure out how to use 
> post-quantum cryptography in practice, because if there is a 
> breakthrough in quantum computing, the mad rush will be ugly.
>
> As I mentioned in a previous mail, I think the best way to do this is 
> to figure out how to avoid depending on a single public key algorithm 
> in any context, because all public key algorithms are potentially 
> vulnerable to technological and algorithmic breakthroughs. So 
> combining public key algorithms seems like a prudent approach. I know 
> there are Certicom patents on this but it seems that this shouldn't be 
> insuperable.

I am skeptical about the approach of combining multiple public key 
algorithms, especially for postquantum algorithms.  This is partly 
because of the complexity of the specification and the implementation, 
but also because it would require double the amount of work from 
authors, reviewers, and implementers in order to be successful.   
Patents could also be a significant issue, as you note.

David