Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography

"Paul Hoffman" <> Mon, 08 May 2017 00:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 24255128854 for <>; Sun, 7 May 2017 17:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DYtjFbomRj2i for <>; Sun, 7 May 2017 17:18:54 -0700 (PDT)
Received: from (Opus1.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E5DA012702E for <>; Sun, 7 May 2017 17:18:53 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.15.2/8.14.9) with ESMTPSA id v480IS0h011346 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 7 May 2017 17:18:29 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
From: Paul Hoffman <>
To: "Tams, Benjamin" <>
Cc: "" <>
Date: Sun, 07 May 2017 17:18:51 -0700
Message-ID: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <>
Subject: Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 May 2017 00:18:55 -0000

On 4 May 2017, at 3:17, Tams, Benjamin wrote:

> thank you for producing the initial draft. I think such a document can 
> be very useful for
> the community and individual organizations for being taken into 
> account for properly managing
> risk in view of possible attacks by quantum computers.


> I briefly read over the document.
> Here are some personal comments on the organization of the document.
> If the intention of the final document is to help people understand 
> when they have to make the
> transition  from classical to post-quantum cryptography, I would like 
> to propose to set the focus
> more on what an organization should consider for deciding whether or 
> not to go from classical to
> post-quantum cryptography. My very personal vision is to motivate the 
> reader to consider the
> following questions.
> 1. What if useful quantum computers arise in the short term (e.g. 0-10 
> years),
> middle term (eg. 10-15 years), or long term (e.g. 15-25 years)?
> 2. What if I use classical cryptography today, that can be broken
> by a quantum computer in the short, middle or long term?
> 3. When should I switch to post-quantum cryptography for digital 
> signatures, asymmetric
> encryption, or symmetric encryption?
> 4. Is my application worth for being attacked by someone who can use a 
> quantum
> computer? If it is, why? (This question is already addressed in 
> Section 5 of the draft).
> Essentially, I think the intention of the document should not be to 
> convince the reader to use
> or not to use post-quantum cryptography. It should rather leave it to 
> the reader to decide
> whether or not (and if to which extent) he considers it necessary to 
> apply post-quantum
> cryptography in his application.

That is certainly my intention.

> Anyway, if an organization's decision is to use post-quantum 
> cryptography (a decision that we
> should leave open), then the organization should be able to access a 
> specification suitable for
> implementation, timely. While CFRG may already specify documents for
> PQ-safe digital signatures, CFRG seems to hesitate to specify 
> something for  PQ-safe public
> key encryption. It is (not just) my opinion, that the need for PQ-safe 
> public key encryption
> is much higher, though less matured.

And I completely want to avoid any discussion of such a specification in 
this document; I consider "when you want to move to post-quantum" 
orthogonal to "at the time you move, here are your best options".

--Paul Hoffman