IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 08 December 2021 23:42 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA2BC3A08B0 for <cfrg@ietfa.amsl.com>; Wed, 8 Dec 2021 15:42:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aEMiv4ryqEhU for <cfrg@ietfa.amsl.com>; Wed, 8 Dec 2021 15:42:51 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDB703A08A4 for <cfrg@irtf.org>; Wed, 8 Dec 2021 15:42:50 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B8LZ75U012657; Wed, 8 Dec 2021 17:42:46 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=lsB/MpJ3kGv0JgcdPqUlYRCat377xyX41LQPx1qVFOY=; b=l9t0qo3x9DGIraAaXs4jas8euUOlbJyJ65SW+kFkHhB2dalXVBTPt97q1ZLEwOiTf165 1lWAp8Dwu1uHRlTZoDWPPN7JHOLV7wgWSpoh6SWb9J+OP4y+PoWA6z1H5Pf4gIBAu1Eh xb0Xs1sQJhrSbiAJ2V9xOPdokt58WEqmRKvszTDHydj0bFwu/nIUq4so7uz+Gzuzw2dX EsgUCg3KLpfiLGIawRPFlm7SemDeU7yARB+M4U+wYL0Ta6mQRtSYUMbsYcwTYTDbkm+l i4Xy1JkCQmqDlUoDhW6ag78mPeofRXYhZZXaNQm1OGtOfOtEx5W5dQ2XfGNRUaqnZzzI 6Q==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2171.outbound.protection.outlook.com [104.47.57.171]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3ct49w5mbn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Dec 2021 17:42:45 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KKG2gUv4Uocth5hA8I3+NDtDkcGmEo1Fp6sxL8ikojCBvuTCrPJHLzvykgel0Z18Kr7uNGbEgg2zIf2njAnMaRWHN7ro5teBg1zCp4HHss2q4E/DE1evkjSkLl1+Zhn1Ji8wlEaw55ayLk+c/8IAnA43g52XyS3Uc01Us5NcuPERlqp0HIs27t8JyTE1aj/vrbo+ci1SofLPXJugkxHp3NVpCnpfLg++8g5+cyoWEA5S5GSGZclyjP0eRe5jGSvdeo3GosV+QfU3S//kbhYIUlz5WucKmFb9+i2Fh+fcatSDRn24yL+7obN8cXp8B2V+Sqp56+Fq1IGD0FQ9BzefmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lsB/MpJ3kGv0JgcdPqUlYRCat377xyX41LQPx1qVFOY=; b=f2531lRNMQ/6fTDXmLf96G8v1fQvXagv4NMo2OD1uAeWvkGrgawAAou/OMOtSOV+0FvK3sUyf3G6XmPho6+WNgs0oo9ogp1zE42skNgDqH5fZOhbSmrQ+y3JjpDswufI8XG4PboKEogwRdv7uXvYOsG9arzAlC+pM+ZvyMnoSuYevUQ1m0wsqmBsO88O15dJY5LFvBEF76tQPchgEyQF0v5LHLzSZKHRYZfUp4GJf5tL1ZC4f2sQ6s16jrU8zLNRQIWpR+hDyKzzNANlhdxvII/pGTtfflxxvQfSuj/yon00jVjp+YKxSE3KuJMsCKTi8+XCCFuTZBsncODo1YLqYA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from BL3PR11MB5732.namprd11.prod.outlook.com (2603:10b6:208:353::14) by MN2PR11MB4158.namprd11.prod.outlook.com (2603:10b6:208:155::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.13; Wed, 8 Dec 2021 23:42:43 +0000
Received: from BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9]) by BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9%7]) with mapi id 15.20.4690.027; Wed, 8 Dec 2021 23:42:43 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Richard Outerbridge <outer@interlog.com>, Loganaden Velvindron <loganaden@gmail.com>
CC: CFRG <cfrg@irtf.org>
Thread-Topic: [EXTERNAL] Re: [CFRG] NSA vs. hybrid
Thread-Index: Adfq+SifdKkyH8eASvmUsdG8SJfxR///vEKAgAJDsXiAABATgP/+9opA
Date: Wed, 08 Dec 2021 23:42:43 +0000
Message-ID: <BL3PR11MB57323BB269FE39E9BB19BC029F6F9@BL3PR11MB5732.namprd11.prod.outlook.com>
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com> <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu> <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com> <CAOp4FwQTyYGWLRoMYA_+kaGAzGjTb1Z=6kcQfGkmrw_7oEHqhQ@mail.gmail.com> <2213E164-231B-4D95-9CEE-5808E5EE8034@interlog.com>
In-Reply-To: <2213E164-231B-4D95-9CEE-5808E5EE8034@interlog.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5a1111b7-b7db-4505-afd3-08d9baa46e11
x-ms-traffictypediagnostic: MN2PR11MB4158:EE_
x-microsoft-antispam-prvs: <MN2PR11MB4158E5B01E601134FDDF4F269F6F9@MN2PR11MB4158.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FhhLDHSFvFzr5Q3zGm6R3x4A+jrMucdH3WJfElVTG/H66KDHHrWanEvRbp7hfDpywT6DGPYhDQILo/Pk+pcR2Z5w69aD0EnPobjlkx8skZtH3Phj9z3TlaZPm2R1APBceyDSWfaSfGfbEr/FmZjOZHXYcJRJQHRtNNnJwSjGugunjqOKcYrP7MtQ/XO9IhIAfehWZd36V0bo9bRZ7yRqWmeutXh90M8JtUrdx0DyEouukNfW6BwjELj/NwcCrL2T5gI+kA5I5/f3B3hHIc8ISLktAbyLWTGxciKVdHJ5NovYf+5xgetZecNKMTRl2rQEadk1AzlF85ettu92xrewtk8LsTm03Dmk5kg4YVI+VGaOkmSnJSCui76O0rO69VTmaTP6Ha9Z5YfDd4JTttvf6dtB9w2kkmfw5m3tymOWBD6g/XbdDJtuXwNoXQ969j2oR9eFgXSNuBTn7SCBpLU3q1Ipoz0ZG6/30wXQWum+IlroyEI7KZNeSlPNoWYLdTIjCWdoqTCWsimIkWQeMna1ikjlWI9usvfdVY+RgaGlpvAESaLQlIWLunnCDOKBimOc03sikwsbwaF8NBv7hZR12rw25ACieX2R80IG324zr1T9+D5yrZfLllRvyKe+fMsz243hWsBSN5SQ4LRUjnyiTEeJAm+Vi5xJDERuPP+F/9iY/lcB7ZDReykWBmMvGszl1pYuj2UneVDBVJImKzYuIn+X7dexfKMiuCPT7QHK/JI6x7/ru+3kTNBfeOVEDdTq9Iy2xYeLNjURZUx27XeeZ202FHvWBO6ecfA4yMjo2mQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB5732.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(186003)(8936002)(55016003)(7696005)(83380400001)(316002)(26005)(52536014)(53546011)(8676002)(110136005)(6506007)(71200400001)(2906002)(64756008)(33656002)(66556008)(9686003)(66446008)(5660300002)(76116006)(66476007)(66946007)(508600001)(966005)(86362001)(38070700005)(122000001)(38100700002)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nWefgJWs73AUeLcb1k3x26JOPBIfwQh/Dkt/7Eg61auTSktN+KBC6LA71vZvCy5heW/YhwFdM9sIhHPDKvKSYkBNbDnxUWNQ4zSIropDi5C5GVTt/d3b+ExFziigaeUE8iWrQN2XfiiyhkHR/OVSnhU2NfNqwtLp7X/twqyrzV155t5rhZulvSp0jXvN+IKP0OTKxVqcVu3K+IJaBp4DMUmIdObWqqAKRA9l8Hguvik2rbgUB/jvgLfOPGj+i8iWWYP+nG1WFbBEcrn04djNzpC/i7IzpxMdKim3EPOSDeOJOYk+VRZNfFVBxTpK5dwSj1Brzk94S/vNPNdNL3a4AQT86QoAK2SL+lH9Q7xcfui6FPSxLml+VLTQXIjCDr9ABu5ZNueLuSWgPAO4LjzscKCwiiBbnChf5vlfwHSufjlp7QbKnKSBFIv10pcg3JfU91Bu5pCHC0rOT8WFOvrmpb0gzxoE9oTZPedgwK4YELZAw+DOCJcr+x+ZxvomHIr370unY7qCS9boMgolRVoQYJ/vQuOqkCYfds7EbsT5wHv8jHhRSOGem7lrjlbW3syJpwJeDvtuIGgEsPf5w+zPcxy3zAeUAWOfk947o1OI0i1LSaxkj9H2A7hEHqMyqSBpZHxI+zoDHJIEYAoDOnFU5tAiHRooQnU9JH7bvJBPD76vhfCfM+/Yij94aRsHcUNNplbKdcaWJegamQS1CshfKtOJGGRuNb2vH4PXG22fDx1cfO0/kRMHfcCQgWWO7WcMnJcGGwRvQf03OIPGkK/O8Ztbnd5HVAoDjHUHHxrndhx0dZ6lVYgeW8JobtVjbZ6cPB6EKGG4ifshsDifJk1sB7PsQpq28G0w5TtmvOnjuHqOZAzc7UorooHAoBzZNhng+Y4LI7l+P+2ZULwoc/knpHtfYoaBk+GLh8g2eurfUoX4WpnmJbuh5bIMjrpFehsqWfvFoWLlYOC1vBbPBw3HJVSSoFNTDRAior2yGSyR1H41ZSD3EUmcqQaL4Mhj+qakw7iIx3B+yNGLvwbjeaD1xPwK+iQKUFSLAWS/W8tGVkUTw+qqVrghuWvYF8yh73LRSctWVrPCr56DmeN4U2T+JynyqISII93h2nOF3kP8zSHcLRBCpOAwMyFDogJIjkaCCNPe9AGNujk3s7d0fKYUCAhDK7nohPhmsTn/yv7w8YyPf5cp4lelepAFlHfTq+aseG2JGIQnBkvTHsK65MMqgLOUEaCapWN5qBX58ty1xRrb49ki1JTMVYBDbCJlYg65G9OxQAEutOnYRFHXwQjMwyEJAumToDiRvoLBdYejN167U6jBe5Bk97g7O0OyCzcbOltew92yL9QzgHI6AnIJ2vkdi+Zz4SoZQ6YpXp4QZblMXat3n9PBbXcMP5qVw3Xv+8NzoPQUYNPpUwJablwXf0iFoqIAqZfrT6LnJHWi82BtulYzORIlw4Va9ou9vYc/YEZvgeCtRnHOKnQi+2c7dFa2BGRC/ejRtqH/msqat7tiWo3uFMaEQhhSMEm6kBXxBRLLj7sulfbhspkG4/FRgB6/au6WsL9gfvjAefYbwEPrveupFuHMfeW1AUXyzQdd7QkxUF0lhP8MJutKet5UMwoDgOLGmWcwJ6HihzPYA4xpZ8J/f0P3IARXniRP6A+lohe/ViBaE8h6tFSzi/TxfQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB5732.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a1111b7-b7db-4505-afd3-08d9baa46e11
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2021 23:42:43.1312 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AbpPJTAf3kXwgIkiS9vdGmTLZN3RKZscF64Gqun6THtH+1g2Csp6Nh6TuSqIq4j9lGrgqxrUB6L8O7t0Wl7/gn/j5RodEMEXPGbkAfSKND4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4158
X-Proofpoint-GUID: QCeTSvBaOqrIzy58H9K8nSmuCJ97TixH
X-Proofpoint-ORIG-GUID: QCeTSvBaOqrIzy58H9K8nSmuCJ97TixH
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-08_08,2021-12-08_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 priorityscore=1501 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112080129
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FGrO9nWPeltR0CQKUbvc7_e_owM>
Subject: Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 23:42:57 -0000

> As has been noted, so has NTRU gone through a good amount of review, even more perhaps than Rinjdael by this point in the competition for AES.

I'm probably gonna embarrass myself, but here goes ... The argument that I've heard made is that there's a quantum leap (pun intended) between the complexity of the mathematics of RSA/ECC and NTRU. You can mostly wrap your brain around RSA if your highschool teaches modular arithmetic, and the attacks if you take 2nd year uni group theory. ECC also 2nd year group theory. Lattices, LWE, R-LWE, and especially module-LWE are this esoteric combination of rings, fields, and linear algebra that requires a very specific trajectory of graduate studies (likely over-simplified, apologies in advance).

I took this note during Steven Galbraith's keynote at PQCrypto2016:
"There are only a dozen people in the world (2 in the room) who are experts in all the branches of math and algorithm theory that go into lattice problems, so that poses a big problem in predicting the number of bits of security that these things offer."
(talk recording: https://youtu.be/xpBEgT9xyk8?t=520)

I am most certainly not one of those experts qualified to have an opinion, and I know the situation has improved since 2016, but either way I think NTRU, ECC, and Rijndael are not directly comparable in terms of how "hours of public effort" translate to "confidence".

---
Mike Ounsworth

-----Original Message-----
From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Richard Outerbridge
Sent: December 8, 2021 1:00 AM
To: Loganaden Velvindron <loganaden@gmail.com>
Cc: CFRG <cfrg@irtf.org>
Subject: [EXTERNAL] Re: [CFRG] NSA vs. hybrid

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
On 2021-12-08 (342), at 01:01:18, Loganaden Velvindron <loganaden@gmail.com> wrote:

> On Tue, Dec 7, 2021 at 4:42 AM Martin Thomson <mt@lowentropy.net> wrote:
>>
>> On Tue, Dec 7, 2021, at 11:27, Blumenthal, Uri - 0553 - MITLL wrote:
>>> For sensitive data, problem (1) is relevant now - because, as you
>>> said, ciphertexts could be recorded now and broken/decrypted
>>> decade(s) later, when CRQC is available. Hybrid won't help here (and
>>> those who don't expect CRQC to arrive, can stay with ECC).
>>
>> I'm sorry, is that right?  Are you asserting that a hybrid key exchange can be broken later?  I was under the impression that if I paired ECC with a PQ algorithm (and didn't mess it up) I could get the best of the two, assuming that the KDF and AEAD and whatnot are also OK.
>>
> I agree with Martin. ECC implementations have gone through a good
> amount of review. From an engineering point of view, it is safer to
> pair with a PQ implementation to be on the safe side.

As has been noted, so has NTRU gone through a good amount of review, even more perhaps than Rinjdael by this point in the competition for AES.

Anyone see any serious objection to adoption (it’s already de facto)?
__outer

_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/cfrg__;!!FJ-Y8qCqXTj2!PeBU3jsCIWp69Veg93PAEmFOTFBs-OzdmMra1UcsT_2I2G-F5pobk90n5uJcMiGF8sSx$
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email