Re: [CFRG] CFRG and crypto-threatening quantum computers

Dan Harkins <dharkins@lounge.org> Fri, 17 September 2021 22:34 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABA6D3A193C for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 15:34:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1gIcKfbKEJb for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 15:34:34 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B948A3A193D for <cfrg@irtf.org>; Fri, 17 Sep 2021 15:34:34 -0700 (PDT)
Received: from trixy.bergandi.net (cpe-76-176-14-122.san.res.rr.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTP id <0QZL13OBTO1MQK@wwwlocal.goatley.com> for cfrg@irtf.org; Fri, 17 Sep 2021 17:34:34 -0500 (CDT)
Received: from blockhead.local ([69.12.173.8]) by trixy.bergandi.net (PMDF V6.7-x01 #2433) with ESMTPSA id <0QZL00PHKNSF7J@trixy.bergandi.net> for cfrg@irtf.org; Fri, 17 Sep 2021 15:29:05 -0700 (PDT)
Received: from 69-12-173-8.static.dsltransport.net ([69.12.173.8] EXTERNAL) (EHLO blockhead.local) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Fri, 17 Sep 2021 15:29:05 -0700
Date: Fri, 17 Sep 2021 15:34:32 -0700
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <20210917215621.q675hgb77nlejshj@kaon.local>
To: cfrg@irtf.org
Message-id: <429e319d-7ad7-eac9-3766-a05385e945ad@lounge.org>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8; format=flowed
Content-language: en-US
Content-transfer-encoding: 8BIT
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=69.12.173.8)
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [69.12.173.8] (EHLO blockhead.local)
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com> <00DA2E69-D80A-4CA7-B744-97B30F237501@ll.mit.edu> <20210917184114.4gnz7g4dl7euf5po@kaon.local> <A3231C7A-6DA6-47A9-96B7-0A90339EFB7F@ll.mit.edu> <20210917215621.q675hgb77nlejshj@kaon.local>
X-PMAS-Software: PreciseMail V3.3 [210914] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3NKRkS2RhB22DlnCukQAy4zRfEc>
Subject: Re: [CFRG] CFRG and crypto-threatening quantum computers
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 22:34:38 -0000

   "What does CFRG do?"

   In my view it bridges the gap between the academic paper and
the protocol implementation. Its a crucial role that exists
regardless of whether the crypto is QC-susceptible or not.

   Dan.

On 9/17/21 2:56 PM, Riad S. Wahby wrote:
> Hello Uri,
>
> (Changed the subject line since we're pretty off-topic here.)
>
> It seems silly for us to go back and forth point-by-point, especially
> since most of our specific disagreements are minor and definitional.
>
>      (e.g., What does CFRG do? Depends who you ask. From a research
>      cryptographer's point of view the things we're documenting right
>      now---pairing-friendly curves, hashing to curves, etc.---are
>      roughly the same vintage as S/MIME!)
>
>      (e.g., is USG making new quantum-susceptible standards? Well,
>      should we count NIST's adding Ed25519 to FIPS-186?)
>
> The high-level question is whether CFRG should act as if it's all but
> certain that crypto-threatening quantum computers will exist in the
> next few years. I think no; reasonable people can certainly disagree.
> But let's try to avoid spitting contests. We will win by reaching
> consensus, not by saying the cleverest things.
>
> In that vein:
>
> "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> wrote:
>>>     This argument does not seem productive: essentially all cryptography
>>>     is based on hardness assumptions that have not been proved or disproved
>>>     (and, given our current knowledge, seem unlikely to be). If we accept
>>>     the above argument, the logical conclusion seems to be "disband CFRG".
>> You equate "make new designs quantum-resistant" with "let's disband CFRG"??? Hmm...
> The argument was: "there is no way to prove or disprove convincingly
> this [security] concern", in the context of constructing crypto-threatening
> quantum computers, implies "make all new designs quantum-resistant."
>
> The point is, this doesn't go nearly far enough: "there is no way
> to prove or disprove convincingly this [security] concern", in the
> context of cryptography more broadly (and given prevailing beliefs
> vis-a-vis complexity theory), implies "give up".
>
> But we both agree that's absurd. So maybe we should rethink the premise
> here.
>
> Cheers,
>
> -=rsw
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius