IETF Logo Mail Archive

Re: [CFRG] NSA vs. hybrid

Natanael <natanael.l@gmail.com> Fri, 17 December 2021 20:34 UTC

Return-Path: <natanael.l@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663373A00E5 for <cfrg@ietfa.amsl.com>; Fri, 17 Dec 2021 12:34:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7UwiHl-TMaG for <cfrg@ietfa.amsl.com>; Fri, 17 Dec 2021 12:34:29 -0800 (PST)
Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C95D53A00D3 for <cfrg@irtf.org>; Fri, 17 Dec 2021 12:34:29 -0800 (PST)
Received: by mail-ua1-x930.google.com with SMTP id u40so6617671uad.1 for <cfrg@irtf.org>; Fri, 17 Dec 2021 12:34:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=y0ok5r2VGeL4Stux4rIBU8IYlrKf4Y22YxuStVQoKeA=; b=RjDtEwJT7JELlOZY9wZQkKGaqaYZz6j9MSTj+gtvMJSFKTE2qbguEfPs7ho7e4xA4D PX6zOZN0hAYoCBKQlRT5moqtpZCNYR9mxFoxTRv7hOm2vBW9dgWwNw+0hwhVuMppA4Jo YRDf5kKEFG0XyH1cXxt1Ed2AlAjTdG0IyNd2dfPtPhwyLQPtPTJqql76Mf5qsaObCX4z L/0d7JGFf6uivrUgEDU4QqFbre5rfZs+toZqHJsH/5oLhJ1fn8mvqQ1Z4B9oABC91hjc Sw2WZGoECy3YE9Le6gx828rITLMt/IjZY7vTY07sVBjWlYOoZJTzgRZpVnmgxJOV5Y4+ lpVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=y0ok5r2VGeL4Stux4rIBU8IYlrKf4Y22YxuStVQoKeA=; b=zL/QckXEvnVe6FYB4OX6O55OeGwoIrFc1IPjuGxtj3F6+Qinqhqwy/UcDURtNUweKT miGaf6YzwZ7MN4VNAGV9OZe2UAEUZyIRmFP2ujNpyS5pnExkBI2Oql97XXuMGEH48k+h v2b47L+Gv0ZVihYgTD9lQ6KfJEHcecHY5k2/HosqMxIXooD5RyNKRhq77lQtmgp3VQR8 Po4dZeKMMF+ORd9Cjxj75eHBtClTmOF1eT3W3WBnGW7NukjSI7WlvyuJsDfW0+Gq1MNb sX0wF6ZAbQVtttkn1du/WkKGgGuoF7jHKhH4lI4hDlL4zokWeThE8dDetW39OLYMOcuC Zw1Q==
X-Gm-Message-State: AOAM5327ZRUEUBt+oqJ9/TTdNOddceG1uDOYVWbso7iE+NdywC99Po4D J8xiRsgMye59FODJOByPbEAGxrcnFWURL/13ynE=
X-Google-Smtp-Source: ABdhPJx+QrRYw8T4KZ5tuFmIRH2uh1I2FJLgsN95ZTnzroXA0ELb7dbsc8Qvx13MGjhl3yFCPQIaDdFVHmIHyILigA0=
X-Received: by 2002:a67:fa59:: with SMTP id j25mr1985038vsq.30.1639773268153; Fri, 17 Dec 2021 12:34:28 -0800 (PST)
MIME-Version: 1.0
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com> <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu> <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com> <E383D80F-D38C-4A6F-9DA6-1BABDA7D8FBF@ll.mit.edu> <BL3PR11MB5732461035F7173FED4A0F309F6E9@BL3PR11MB5732.namprd11.prod.outlook.com> <CAAt2M19XCwuF==rmprejs+5Se5DwGYb4QRifR+__vSNtS0gugg@mail.gmail.com> <CAMCcN7SnApLDOOVu440ghL8dg+L3C193SZzJd=U3t066x_1hZw@mail.gmail.com> <CE910870-EB8D-4845-A42E-962950555EB2@shiftleft.org> <BC7A43B5-449D-47F1-9230-5AD03D21495D@ll.mit.edu> <F814C8C8-2612-4C24-A3FF-0F649F7776C2@shiftleft.org>
In-Reply-To: <F814C8C8-2612-4C24-A3FF-0F649F7776C2@shiftleft.org>
From: Natanael <natanael.l@gmail.com>
Date: Fri, 17 Dec 2021 21:34:15 +0100
Message-ID: <CAAt2M19yHHudWEojPAX20xno4h4OTBJpmD4E50mEQ4hJudD7PA@mail.gmail.com>
To: Mike Hamburg <mike@shiftleft.org>
Cc: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, IRTF CFRG <cfrg@irtf.org>, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000291a0105d35d77ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/2Bh6iRCBmC77L9pB9mzRcIr6Dpg>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2021 20:34:35 -0000

Just saw somebody post this from French ANSSI:

https://www.ssi.gouv.fr/en/publication/anssi-views-on-the-post-quantum-cryptography-transition/

Quoting two parts;

> Acknowledging the immaturity of PQC is important: ANSSI will not endorse
any direct drop-in replacement of currently used algorithms in the
short/medium term. However, this immaturity should not serve as an argument
for postponing the first deployments.

And;

> Even though hybridation is a relatively simple construction, ANSSI
emphasizes that the role of hybridation in the cryptographic security is
crucial and will be mandatory for phases 1 and 2 presented in the sequel.
In addition, the implementation security of the hybridation technique
should be also taken in consideration.

> Given that most post-quantum algorithms involve message sizes much larger
than the current pre-quantum schemes, the extra performance cost of an
hybrid scheme remains low in comparison with the cost of the underlying
post-quantum scheme.
> ANSSI believes that this is a reasonable price to pay for guaranteeing an
additional pre-quantum security at least equivalent to the one provided by
current pre-quantum standardized algorithms.

TLDR they plan to require a hybrid approach until PQC alternatives are
sufficiently established (have enough cryptoanalysis to be trusted to be
sufficiently strong).

v2.23.0 | Report a Bug | By Email