Re: [Cfrg] naive question: QC vs RC vs Moore-blip

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Mon, 08 May 2017 17:49 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCD0126C23 for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 10:49:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.765
X-Spam-Level:
X-Spam-Status: No, score=0.765 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jb0JOW7Vz3tV for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 10:49:23 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.201.169]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09596126B6D for <cfrg@irtf.org>; Mon, 8 May 2017 10:49:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 31DA9A1262; Mon, 8 May 2017 13:49:22 -0400 (EDT)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (easymail-mailout.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYd3+2c1E7vz; Mon, 8 May 2017 13:49:20 -0400 (EDT)
Received: from macbook-air-2.lan (66-215-86-135.dhcp.psdn.ca.charter.com [66.215.86.135]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 7BB98A11A6; Mon, 8 May 2017 13:49:20 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF501B13ECA@XMB116CNC.rim.net>
Date: Mon, 8 May 2017 10:49:19 -0700
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <310534EA-BF8F-4160-881F-134DD30C70FC@oxy.edu>
References: <810C31990B57ED40B2062BA10D43FBF501B13ECA@XMB116CNC.rim.net>
To: Dan Brown <danibrown@blackberry.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SWm0vWdcdfurKWvPUNFFci-t7EU>
Subject: Re: [Cfrg] naive question: QC vs RC vs Moore-blip
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 17:49:25 -0000

I’m not sure how much energy this whole subject is worth, honestly. Remember that the reason the NSA started talking about post-quantum when they did was to distract us from the Dual-EC random number generator debacle.

I have absolutely no doubt that people are pouring tons of money into QC and making progress. I just don’t think we can take anything said about the maturity of the technology at face value. 

Full disclosure: my opinions are colored by the way JPLs SeaSat spacecraft met an untimely death (and the ugly politics afterward). It used off-the-shelf spy satellite components and JPL was not allowed to know what their real performance was. 

Given all of those uncertainties, wouldn’t our efforts be better spent worrying about the other things we know we don’t know? (And keep an eye out for things we don’t know we don’t know.)

(This is not intended as an attack on you Dan!! Just my opinion.)

> On May 8, 2017, at 8:31 AM, Dan Brown <danibrown@blackberry.com> wrote:
> 
> Dear CFRG,
> 
> Please forgive my naivety on the matters below.
> 
> If quantum computers are realistic enough to warrant standards changes (now or soon), then what about other hypothetical computers, such as:
> 
> (1) computers that can do super high-precision, as in the "real computation" model (or whatever variant of this model that can implement Shamir's algorithm to factor using super-large integers in a polynomial (even linear?) number of integer arithmetic steps),
> 
> (2) sudden (single) blips exceeding the usual Moore's law (and variants) for future computing power (e.g. are sudden and new 100x faster transistor material, superconductors, photonics, less realistic than quantum computers)?
> 
> I don't know the established answers, but would speculate:
> 
> (a) quantum computers are deemed more realistic than each of (1) and (2),
> 
> (b) model (1) is known [?] to affect all algorithms equally, so we must just give up on it,
> 
> (c) most justifications for 128-bit security already include a margin of error for risk (2),
> 
> (d) 256-bit security (and variants) are meant to deal with (2).
> 
> Are these the established answers, or is there better answers? 
> 
> As a research issue, I'd like to know more about (b), if it is correct.
> 
> I'd like to know more about (a), the why of it, but am unlikely to understand.
> 
> Best regards,
> 
> Dan Brown
> 
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg

Personal email.  hbhotz@oxy.edu