Re: [Cfrg] likelihood that someone has a quantum computer

William Whyte <> Tue, 14 January 2014 00:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 009E81AE18B for <>; Mon, 13 Jan 2014 16:05:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2VKMXulZQqzV for <>; Mon, 13 Jan 2014 16:05:27 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c00::22d]) by (Postfix) with ESMTP id 195E91AE107 for <>; Mon, 13 Jan 2014 16:05:26 -0800 (PST)
Received: by with SMTP id ii20so3403031qab.32 for <>; Mon, 13 Jan 2014 16:05:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:content-type; bh=y9YZXq0iIelzgjRkvUvZPCTPMq8II5YQUlcbyDbdxDc=; b=dFXx9E0XFanMbpZtlwtwKnY5dEnHKW3tY/p+OACJke2MVHFMhnAoZ7tSuYmpYW9zAe k917a4olTEeKqZMiUQA2jjgz5eg1aJg81PP4+7BnCLCxzNEVA1/RaYcDjphdJo0IC7Hb aBRaVIqpP9WYvTkkLxWb4kX1eX+QeV/Z0f1P0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:content-type; bh=y9YZXq0iIelzgjRkvUvZPCTPMq8II5YQUlcbyDbdxDc=; b=My9azvqxY2aa2riDm5At77qeWLOq4C+LPgXgPwgmSGgXxhr1n+P6aPVRm+IbzDkCjb qeVFbQ0+zsgs2xLeUElVmtWm21gQPGYNZZwWWD8uXuSwvlJlKGUGfxGbhKVJXf3sczcy sCYwd6QGfFFLYg3pDUEy19NxWPr9KI25312G6M8Ue/zreaP7/hwLcShHoc6h1BsuFy3Q aMbYYwACHIiVPDmEPnC60pulG/Sl108ZQnTqRQ3/AToF6OxXx2vcV/ywN/ReQtSCPq2f rjJ7NtS0Lg+2NnFHSLoMjWp7XVzg22c12zFbt26shgPlYAFpfAj7k9dIXBZHCw4tONUo Mr3A==
X-Gm-Message-State: ALoCoQnVezkxxRSfouoXcnymEN5DI+8w4eV+Nn1EKKYe/Xy0ljnYvFmUi6BhIgkWMJguaUqtuxBH
X-Received: by with SMTP id z8mr44316649qcg.1.1389657915680; Mon, 13 Jan 2014 16:05:15 -0800 (PST)
From: William Whyte <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ4x4958Z+19boV+tPFc44KqqvFgQKFSLs2AjIpROUCKyrZpgJv7XkgAVQx05MA/TQlngIt1h5ZANEHYmaYutLNQA==
Date: Mon, 13 Jan 2014 19:05:12 -0500
Message-ID: <>
To: "Igoe, Kevin M." <>, arne renkema-padmos <>,
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Jan 2014 00:05:29 -0000

We can write an I-D on NTRUEncrypt and other NTRU algorithms, though this
won't happen until the end of this quarter.

I'm also still interested in combining public-key algorithms, see separate


-----Original Message-----
From: Cfrg [] On Behalf Of Igoe, Kevin M.
Sent: Monday, January 13, 2014 1:25 PM
To: 'arne renkema-padmos';
Subject: Re: [Cfrg] likelihood that someone has a quantum computer

I believe there is a consensus on the mailing list for the RG to commit to
identifying public key algorithms suitable for use should advances in
quantum computing make Shor's algorithm a viable threat. I agree with
William that the transition should start before we are forced to do so.
As JFK said, "The time to repair the roof is when the sun is shining".

Volunteers for authors greatly appreciated. No need to limit ourselves to
a single technology/draft this early in the process.

Any dissenting voices out there should speak up now.

-----Original Message-----
From: Cfrg [] On Behalf Of arne renkema-padmos
Sent: Monday, January 13, 2014 9:57 AM
Subject: Re: [Cfrg] likelihood that someone has a quantum computer

On 13/01/14 11:48, William Whyte wrote:
> I don't think you can say that just because there have been few
> discontinuities in the security of algorithms there will be no
> discontinuities in the future. There might be, and if it does happen
> unexpectedly it'll be a big problem. It's not a problem we need to
> work on right now, but, again, that makes this a really good time >
to address it.

It makes sense to have a fallback algorithm set, as ETSI has done with the
3GPP algorithms:

They standardised both KASUMI and SNOW 3G with the requirements for SNOW
3G as fallback algorithm being:
* maximizing "cryptographic distance" from KASUMI
* minimizing potential vulnerability to algebraic attacks


Arne Renkema-Padmos
Doctoral researcher
CASED, TU Darmstadt
Cfrg mailing list
Cfrg mailing list