Re: [Cfrg] likelihood that someone has a quantum computer (was: Re: considering new topics for CFRG)
William Whyte <wwhyte@securityinnovation.com> Mon, 13 January 2014 10:32 UTC
Return-Path: <wwhyte@securityinnovation.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C565E1ADFA9 for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 02:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.779
X-Spam-Level:
X-Spam-Status: No, score=-0.779 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_72=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJuO7LiMR2GA for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 02:32:28 -0800 (PST)
Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id E24811ADF33 for <cfrg@irtf.org>; Mon, 13 Jan 2014 02:32:27 -0800 (PST)
Received: by mail-qc0-f170.google.com with SMTP id e9so6192612qcy.1 for <cfrg@irtf.org>; Mon, 13 Jan 2014 02:32:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securityinnovation.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc:content-type; bh=EWlcJju0T6UgMp+gaH54V69N1+EIpN/3wAWDRkqtzYQ=; b=Br6QxfDlwD63uc4ftG09ehyyiDiPLciD/8+yOFXPVPH6vz3sbZO0cYVhrJnKfmJjql ouT7ZfwkyvQE93Dh9NdqI+JfZZAjqyRBBsTck4HsLfKXcNI1agfAyA6Gpi0KJej+vCb/ sZk7n/nL32f3Zi7yt7gKjXMx65wzBT7je7ce0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc:content-type; bh=EWlcJju0T6UgMp+gaH54V69N1+EIpN/3wAWDRkqtzYQ=; b=NSFvPkTukBTTUcYpXyv8JEg6xSEy8sYe7EsIJZQe4tZDyfJZkcmu5Yk+J9+OdTZ2Za 5ihP0LBAX+5Xnsrd7Z6dUIkplxXOUTPArJ5D4w91tUf356etVIZkiD+AGNd9rgtOai6U cdNmjX5Fc9tEWjxcqfUVywik2jjVtYVApXg0H8ft9jsJSXdqpx3aZ1S4sJn9wCyyHscH FRkWkmY5d2IZzRMBdLx/2xXpZKDVZb75bZV3Tj17D1Pvt5P186FGQdtrT4Ccy8bX0h47 ZZ6WNuk3MTz1VQQZ39nuKlSTvH6Bjq0sXVTck+51rm+ez4+RnMUEoazL06mQ7Rdr99Tg T/mg==
X-Gm-Message-State: ALoCoQnMQ9lZXaE/HCMbmsv+D7sm1Kc9lzoicK+f0Zp1MPGr2RLBVWp3K9Qc/Wbb7l0qbLQUua5d
X-Received: by 10.49.14.131 with SMTP id p3mr11032189qec.50.1389609136533; Mon, 13 Jan 2014 02:32:16 -0800 (PST)
From: William Whyte <wwhyte@securityinnovation.com>
References: <52C755AA.70200@cisco.com> <33E0BF53-A331-4646-B080-FD4F6E13916E@ieca.com> <810C31990B57ED40B2062BA10D43FBF5C1BF54@XMB116CNC.rim.net> <52D29B10.4030401@cisco.com> <CACz1E9rsLRwqpA0fS2RNOcpsn7DMqaN=7dcJDQqEi8HDMKKonQ@mail.gmail.com> <CACsn0c=mYv7v3fGCHCe9D5w2j+gRWWsmoUA7NQ=AsczTMP1rDw@mail.gmail.com> <76A03B60-E798-4DBB-8E3B-1865CD2F8E14@checkpoint.com>
In-Reply-To: <76A03B60-E798-4DBB-8E3B-1865CD2F8E14@checkpoint.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ4x4958Z+19boV+tPFc44KqqvFgQKFSLs2AjIpROUCKyrZpgJv7XkgAVQx05MBj/VjiJjNT5cg
Date: Mon, 13 Jan 2014 05:32:15 -0500
Message-ID: <9be7a3ad1655efadcce3b1620d20b99e@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>, Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] likelihood that someone has a quantum computer (was: Re: considering new topics for CFRG)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 10:32:30 -0000
Hi Yoav, > There is a general attitude in the IETF that standardizing patented technology is bad, because it > discourages open source implementations, but with such old patents (they were issued in '97, no?) The original NTRU patents were applied for in 1997, so expire in 2017. There are a number of improvements which are also patented and expire later. Note that if the concern with patents is that they discourage open source implementations, the NTRU patents are free to implement under GPL and a number of other FOSS licenses, and this grant of rights to use the patents is permanent and irrevocable. https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/LICENSE.m d https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/FOSS%20Ex ception.md Cheers, William -----Original Message----- From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Yoav Nir Sent: Monday, January 13, 2014 1:23 AM To: Watson Ladd Cc: cfrg@irtf.org Subject: Re: [Cfrg] likelihood that someone has a quantum computer (was: Re: considering new topics for CFRG) On Jan 13, 2014, at 6:49 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > On Sun, Jan 12, 2014 at 8:16 PM, William Whyte > <wwhyte@securityinnovation.com> wrote: >> Hi all, >> >> Sorry again for top-posting, that's gmail for you. >> >>> I would put it more positively as: let's figure out how to use >>> post-quantum cryptography in practice, because if there is a >>> breakthrough in quantum computing, the mad rush will be ugly. >> >> As I mentioned in a previous mail, I think the best way to do this is >> to figure out how to avoid depending on a single public key algorithm >> in any context, because all public key algorithms are potentially >> vulnerable to technological and algorithmic breakthroughs. So >> combining public key algorithms seems like a prudent approach. I know >> there are Certicom patents on this but it seems that this shouldn't be insuperable. > > But that depends on at least one algorithm being postquantum secure, > and historically we've not had any real surprises in the public key > world. > Algorithms exist that do this, we just need to be ahead of the game in > specifying them. I'll see if McBits is amenable to standardization. > Worst case we wait for NTRU patents to expire, and adopt it. Just as a procedural note, we don't have to wait for any patents to expire. We can specify standards that use these patents, as long as those patents are disclosed. As in https://ietf.org/ipr/231/ . There is a general attitude in the IETF that standardizing patented technology is bad, because it discourages open source implementations, but with such old patents (they were issued in '97, no?) that is far less a concern. When we do standardize patented technology, implementers have four choices: 1. Get a license 2. Decide that the patent is bogus, and fight it in court. 3. Wait for the patent to expire. 4. Ignore the technology. All implementers have lawyers, and all implementers hate paying for IPR, so #1 and #2 hardly ever happen (with notable exceptions such as RSA years ago and some codecs). Considering that we have no proof of any adversary having a quantum computer just yet, #3 and #4 are more likely, but that's a choice for implementers to make. We can lead a horse to water and all that. Yoav _______________________________________________ Cfrg mailing list Cfrg@irtf.org http://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Trevor Perrin
- [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG David Wagner
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG Henrick Hellström
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG David McGrew
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] considering new topics for CFRG William Whyte
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] considering new topics for CFRG Watson Ladd
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Dan Brown
- Re: [Cfrg] considering new topics for CFRG Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG William Whyte
- Re: [Cfrg] considering new topics for CFRG Max Pritikin (pritikin)
- Re: [Cfrg] considering new topics for CFRG Watson Ladd
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Adam Back
- [Cfrg] QKD is pointless (was: Re: considering new… David McGrew
- Re: [Cfrg] considering new topics for CFRG Stephen Farrell
- Re: [Cfrg] QKD is pointless (was: Re: considering… Paterson, Kenny
- Re: [Cfrg] QKD is pointless (was: Re: considering… Sean Turner
- Re: [Cfrg] considering new topics for CFRG Sean Turner
- Re: [Cfrg] considering new topics for CFRG Max Pritikin (pritikin)
- Re: [Cfrg] considering new topics for CFRG Dan Brown
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] QKD is pointless (was: Re: considering… Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless (was: Re: considering… Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless (was: Re: considering… Watson Ladd
- [Cfrg] DANE in the IETF (was: Re: considering new… Paul Hoffman
- [Cfrg] One Key -> RE: considering new topics for … Paul Lambert
- Re: [Cfrg] QKD is pointless (was: Re: considering… Paul Lambert
- [Cfrg] ReL DANE in the IETF (was: Re: considering… Paul Hoffman
- Re: [Cfrg] QKD is pointless David McGrew
- Re: [Cfrg] QKD is pointless Hilarie Orman
- [Cfrg] likelihood that someone has a quantum comp… David McGrew
- Re: [Cfrg] considering new topics for CFRG dan
- Re: [Cfrg] likelihood that someone has a quantum … David Jacobson
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … Watson Ladd
- Re: [Cfrg] likelihood that someone has a quantum … Yoav Nir
- Re: [Cfrg] likelihood that someone has a quantum … Stephen Farrell
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … arne renkema-padmos
- Re: [Cfrg] likelihood that someone has a quantum … Igoe, Kevin M.
- Re: [Cfrg] QKD is pointless David Wagner
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … William Whyte
- Re: [Cfrg] likelihood that someone has a quantum … David McGrew
- Re: [Cfrg] likelihood that someone has a quantum … arne renkema-padmos
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG Igoe, Kevin M.
- Re: [Cfrg] considering new topics for CFRG Paul Lambert
- Re: [Cfrg] considering new topics for CFRG David McGrew
- [Cfrg] 'key centric' architecture (was: Re: consi… Rene Struik
- Re: [Cfrg] 'key centric' architecture (was: Re: c… Richard Barnes
- Re: [Cfrg] considering new topics for CFRG David McGrew