IETF Logo Mail Archive

Re: [CFRG] NSA vs. hybrid

Loganaden Velvindron <loganaden@gmail.com> Wed, 08 December 2021 06:01 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54A923A0A37 for <cfrg@ietfa.amsl.com>; Tue, 7 Dec 2021 22:01:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HtxKiaAwaBI for <cfrg@ietfa.amsl.com>; Tue, 7 Dec 2021 22:01:31 -0800 (PST)
Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E0F33A0A34 for <cfrg@irtf.org>; Tue, 7 Dec 2021 22:01:31 -0800 (PST)
Received: by mail-qv1-xf31.google.com with SMTP id p3so1441029qvj.9 for <cfrg@irtf.org>; Tue, 07 Dec 2021 22:01:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=knPJPWgX4VPETl7Q4EE1+G+jDKhLCDsOTXpurjXT5mQ=; b=JDVg7NXBVrpsmLG63TGVzqlpvEj3t3bnrLFlVwPo4Uotgtuf3pfo54GGYziF6nB+kW yLCbH4My4sS0qVZLx5fzKyYZ4IKi2Ee382R5vo/ga65H7SMTVXHvgKtiwNmj4h11y9xT lNqKcCYdzQx3+h/sfRR7o7od/JEgrGEBPVlpM64INAGtjo2gNUQ0wYmtdiYBpgAfxMxZ o0iiPkvCfqyqRGQxXwccZ0nP59pzMDwuWAJMGdYqDfaqyobQMDK88BvlgOtFEXQrV6YU QeDtfOmMUlly2HxpBXIpYb30MxDfK9shhNInQITKikbY5BfrKhNnbty0eO6ChYuR1z+c VrBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=knPJPWgX4VPETl7Q4EE1+G+jDKhLCDsOTXpurjXT5mQ=; b=ICiQLFNESWad0J40Z4H0Hy65rz7/0qUFJ/sg8RMioTI2bmhx8GU8BfHVmDEb0DqeyI ubnaS3xS0+0jM78jPuUqCHTOWJZuWsoEUffE/PTyV27VO0vAWb/T6GbKjg2y+ga6tbTF LHkyHHeDmMXZQcN4AKflBOXVzi2yu3UhptcQdvC/XldfLSmSehWOHybPWyIVrumiDtf3 E5nElnU01qcN6M/bWRLsa0HUdRfPm/dK6SraZtn7Bb0F1r+pU7EoEn/2Mn81Z9mNwk8e epE4h6x6dOnbzhbS09U6t+9IWsjzXrN5oNs9S+4R0US06UEhobDOw3cVe0lVbVMW1DQR nesA==
X-Gm-Message-State: AOAM531dtY1QSafiVMOZU5SaRmLp0Hf8hlNeah8fpS+BAL/xf6uladU4 ee5voW+Z9p84cckQl/kQ4ma3GGOftyEu4W1BcEiv+Ro1
X-Google-Smtp-Source: ABdhPJzxf5hJT7Xzf94WmS+KDsnnbVyLKPxdBK+ub7LDZZbbZS2rJ+EVhLjNx+kZWWKsX+vxmGrabHopXJ3zftm0LJk=
X-Received: by 2002:a05:6214:83:: with SMTP id n3mr4838333qvr.122.1638943289576; Tue, 07 Dec 2021 22:01:29 -0800 (PST)
MIME-Version: 1.0
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com> <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu> <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com>
In-Reply-To: <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Wed, 08 Dec 2021 10:01:18 +0400
Message-ID: <CAOp4FwQTyYGWLRoMYA_+kaGAzGjTb1Z=6kcQfGkmrw_7oEHqhQ@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/I9VEnvnsLmalMGMdvrNam_UUfqo>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2021 06:01:36 -0000

On Tue, Dec 7, 2021 at 4:42 AM Martin Thomson <mt@lowentropy.net> wrote:
>
> On Tue, Dec 7, 2021, at 11:27, Blumenthal, Uri - 0553 - MITLL wrote:
> > For sensitive data, problem (1) is relevant now - because, as you said,
> > ciphertexts could be recorded now and broken/decrypted decade(s) later,
> > when CRQC is available. Hybrid won't help here (and those who don't
> > expect CRQC to arrive, can stay with ECC).
>
> I'm sorry, is that right?  Are you asserting that a hybrid key exchange can be broken later?  I was under the impression that if I paired ECC with a PQ algorithm (and didn't mess it up) I could get the best of the two, assuming that the KDF and AEAD and whatnot are also OK.
>
I agree with Martin. ECC implementations have gone through a good
amount of review. From an engineering point of view, it is safer to
pair with a PQ implementation to be on the safe side.
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email