Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography

"Paul Hoffman" <paul.hoffman@vpnc.org> Mon, 08 May 2017 14:28 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B70E128961 for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 07:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVKDS1qz1lBs for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 07:28:28 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1449127867 for <cfrg@irtf.org>; Mon, 8 May 2017 07:28:28 -0700 (PDT)
Received: from [169.254.253.96] (142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id v48ES3dE045469 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 8 May 2017 07:28:04 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176] claimed to be [169.254.253.96]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Date: Mon, 08 May 2017 07:28:26 -0700
Message-ID: <E6CCB3B6-3D85-4F98-A8A8-9DA3C97EDF44@vpnc.org>
In-Reply-To: <8076F68B-F7B1-487B-86ED-B6DCFE93EBF2@ll.mit.edu>
References: <BAE7613D-D89C-4F19-8FA5-1D3BCC55DCCB@vpnc.org> <78B0B91A8FEB2E43B20BCCE132613181399287CA@mail-essen-01.secunet.de> <9E0DFD44-3000-4E5B-BAE6-2EF74DB3EA4E@vpnc.org> <0d785b8b616846e9aa0eda962d1aade5@usma1ex-dag1mb1.msg.corp.akamai.com> <48F06B9A-7ED4-4711-901C-AA17DD690BC6@vpnc.org> <8076F68B-F7B1-487B-86ED-B6DCFE93EBF2@ll.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AI8aTiRMrIxXKzZopUP4hnWE8os>
Subject: Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 14:28:29 -0000

On 8 May 2017, at 7:20, Blumenthal, Uri - 0553 - MITLL wrote:

> Wouldn’t you agree that for long-term documents (those that need to 
> survive for 15+ - 20+ years from now) the “need to change” is now 
> with a pretty high probability?

No. That is, I haven't seen evidence that there will be quantum 
computers in 15 to 20 years from now that will be able to break 
classical cryptography using current key sizes. The same is true if you 
said "50 years". Of course, I might have missed something in the early 
research for the -00 draft, so if you have pointers to such 
calculations, that would be great.

I strongly suspect that some organizations feel a strong need to start 
protecting such messages and are very interested in standardizing on 
good pqc algorithms. If those organizations have any pointers as to how 
they are making their judgements, that would greatly help this draft.

--Paul Hoffman