Re: [CFRG] NSA vs. hybrid
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 07 December 2021 02:15 UTC
Return-Path: <prvs=89753b2724=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A051F3A0D62 for <cfrg@ietfa.amsl.com>; Mon, 6 Dec 2021 18:15:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jk76me212s6b for <cfrg@ietfa.amsl.com>; Mon, 6 Dec 2021 18:15:39 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C3A93A0E0F for <cfrg@irtf.org>; Mon, 6 Dec 2021 18:15:38 -0800 (PST)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 1B72Faxq155287 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <cfrg@irtf.org>; Mon, 6 Dec 2021 21:15:36 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=yrj8ZlbexH5HFZO269KOU6f5wSLhkkTlAXMVx66tpz03ZyLqsK2ndqLl1xEgZJwr/EbiAQ8df+RWc87L5ESalJBccoeSqsC8rSCZLBG5QBYQbnttRqdl2oWtOmjZWnRrUBliAl4mldj40ceebIj8G4XZ7CJhM1G9EeOkHNvZvrCtAF+2NGmQi3iLwNuBCFM5ZFCN4W/AItCxdJ1lMMMEe+GW7oJONQURLyKSs1PpBg9PtWEwOAUoOUSB5syTaHnjWyHLse0qAusRXe0G9N+fwPXzOF4ZbgISDUfT79rjD4QhJbwt7PKLizDSk2OtScs+6PnsHQVtXj9jvEAqWo41Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O78xbU2u06mZt2j8K423MnpYTD5f8e+hSxdt4KMqcVM=; b=1ludrx2EegnaTkYohvsWdqpQYqNL5w7f4ICe6q5nOgnQg3xBmaoyclxP8a3q+QTemSRviz43UrvlLajl16626QDRzcx/OHu/MimyGWgPZiyJo91Okng/rH9bfJRjX/Vpact6JFAMs+zFfl0oKdEOoBThi4RSsa/uTmLHgxEyXHru8Eb0C21hvPxTwRaJniyKagNEiaFBi0Cv5jQZH6sYoLVVovvDSRIF7eKRwrVG/PI8N5pk2bXzYdHUZrXFTq/Pklyg4hOhKDhTQpl5Ld9+8IVNQL7zAQYY8BAYjSZU+dyHe4OfXzndpsaj0goQnx9lQKSkDulVdg3lNBrX93LuBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] NSA vs. hybrid
Thread-Index: Adfq+SifdKkyH8eASvmUsdG8SJfxR///vEKAgABXtID//69qgP//q8fggABrVoA=
Date: Tue, 07 Dec 2021 02:15:34 +0000
Message-ID: <32073C5C-9DDE-4CA7-BB8A-F078C2406152@ll.mit.edu>
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com> <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu> <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com> <E383D80F-D38C-4A6F-9DA6-1BABDA7D8FBF@ll.mit.edu> <BL3PR11MB5732461035F7173FED4A0F309F6E9@BL3PR11MB5732.namprd11.prod.outlook.com>
In-Reply-To: <BL3PR11MB5732461035F7173FED4A0F309F6E9@BL3PR11MB5732.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.54.21101001
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 373982d3-94bb-4dd9-c184-08d9b92773bd
x-ms-traffictypediagnostic: CY1P110MB0744:
x-microsoft-antispam-prvs: <CY1P110MB07446F2B198A33C2C5536CF4906E9@CY1P110MB0744.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V+W5Ziw8RKTUvqsjOGjo+8005HPXWI7AKwcZ30CexQS2brZWNv9GvUWIH4ySRjKjeJCZmk6PDf1BcJnhDvYlf+f9ogGPJJhM36Ocyk2WLhm8xbmyoBnxgHhLWmBpJC0Ak36gFdRPDEa2aSplD5SjmhoBrjCP6kkQeH8VG4RiiHj2uG5oTZ11QuOVB1TQuVTtcolBEeJLSMMqsToYDoAG/ldLuqq2Y5iVsmKqyjsjF4pUO/t82Qtj+N4QwQfw8lT5ceWEugLwvzgf+mYcKDoQD6eJyszk3QUvV0qxBv4K/4chEx+Gos4aM1MFxGYK19P5VJMZ+PsUeIVEnnBCPdbDY/E3ravZgvxGidgK0y4HvioXFDC+o8rKO8L6RK70OOMJM9IBszV6EWNtyfuCeC2F6ZIzZ0Nc5F9al0cw8oWiTJa3lFjukfxs7brdolcCme0aZIBMdrGjJyxkCyC9FdxpD4lMuKbJgT2cZ/WY5MCjld0JBG4VyH+byZc5QQd+M/uSd8yiJyWj8SF4fy/s//wMbPyHypinqSVB+gNqWltpA4GtQ+t3mjEvgCZj/d0zf/m9pvCWuCsWXyyYzOCDyiC1rj2O77LmHwvt4tDNeZdVca6xVxEZYVjWXYHDc8JeMXXOnFKtVIjj/erGJvHr2QaeHCtHzU2Gu4vM/WDg92R7Hug=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(6512007)(71200400001)(5660300002)(26005)(8676002)(75432002)(99936003)(8936002)(33656002)(6916009)(38070700005)(6486002)(83380400001)(86362001)(6506007)(498600001)(186003)(2616005)(2906002)(4744005)(66476007)(64756008)(66556008)(66446008)(122000001)(66946007)(76116006)(38100700002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /MX4MNwu7arujNHBfaceU42JU4wF5f/K+YjELXDJwco5uuKc4ZDRlvu41TJn7on/VibJc5wTsUT5ggXAT5iAmAIkxOGTGloEHPI5S3r5rgczbIkRDOEUsv+p7L7Qc/FrFfd616MKPnQ/P93qzRbiEQ==
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3721670134_879656471"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 373982d3-94bb-4dd9-c184-08d9b92773bd
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2021 02:15:34.4495 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0744
X-Proofpoint-ORIG-GUID: 5XoXQOAyYwxdK9NScMmMdm-oGLHKJzqt
X-Proofpoint-GUID: 5XoXQOAyYwxdK9NScMmMdm-oGLHKJzqt
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-12-06_08:2021-12-06, 2021-12-06 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 suspectscore=0 malwarescore=0 adultscore=0 mlxlogscore=833 mlxscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112070013
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QhGnQhFpUtbTXOPKe9YW8J6qnU0>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2021 02:15:41 -0000
> In all scenarios: > 2) Hybrid (esp. with 3+ algs) allows you to combine > multiple PQC algs, spreading out your risk. Repeating myself, yes it would spread out the risk, but IMHO it is not worth the cost. It has not been done before, and it isn't worth doing now. Besides, if "combining" was done back in the early 2000, it wouldn't've helped now - because the threat today (CRQC) would break all of them. Now we're talking about some unknown attacks that we *hope* would compromise some algorithms, but not other... What makes one think that the next (after-Quantum) threat wouldn't threaten both our Classic and our PQ?
- [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Stephen Farrell
- Re: [CFRG] NSA vs. hybrid Scott Fluhrer (sfluhrer)
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Jeff Burdges
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Ilari Liusvaara
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Phillip Hallam-Baker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Martin Thomson
- Re: [CFRG] NSA vs. hybrid Andrey Jivsov
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Richard Outerbridge
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Christopher Peikert
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase