[CFRG] Post-quantum authentication can be deployed now
Robert Ransom <rransom.8774@gmail.com> Thu, 22 July 2021 22:20 UTC
Return-Path: <rransom.8774@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C01A3A0ED2 for <cfrg@ietfa.amsl.com>; Thu, 22 Jul 2021 15:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYoAIqxfKaGe for <cfrg@ietfa.amsl.com>; Thu, 22 Jul 2021 15:20:31 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 595F23A0ED3 for <cfrg@irtf.org>; Thu, 22 Jul 2021 15:20:31 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id r6so331584ioj.8 for <cfrg@irtf.org>; Thu, 22 Jul 2021 15:20:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=IeGu3Ym/p2l3PiWJzQfOx6T9ETfLE+tGawEaHIxi3WE=; b=toNOupw6fNnfBM0IO1pSMER/szsdYVNqcjkfc3x/Is4DuUe/LkmPV4npIun9hSKK1v Z5sP4mvdJ2DX4rVhWtk3WSCJPrlLa0rl9nQNkyZF4kU3HhYpwPUASAxGr0LkWQ8+bJt+ Xjcq6Dd+BuV+xLcZwkJfaWgwVcDLsUSb75kNYcWIFAuUUvQg3HthvtRs57IxoCCpsWx/ OYv0cA5+jCRn5njXACMkQgYHUT7GMJn6oNm9LwkxMTDMf5L4r8YJbBS0NJEJs92sy3ta ALxRuoAxXo9oSEKWIm4i2s878EjvyWBovcKVnuTGU3gcgdmjwId0zMYg+8AK392aKygw i8hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IeGu3Ym/p2l3PiWJzQfOx6T9ETfLE+tGawEaHIxi3WE=; b=ejnFxqbTzbmk8BZ9ydG3JfarRzQSFSU0lRMRB4h9l9Ww8SHgg0AEV701xYsmS+0K+i 9sARc3STdIieG/Njp1yToWURKh7AA+j0TwZ2eXudsDrxqob1wSoPRrS2MCEH+r7KbK4v yALLINp+jMDoqxwcXGBdx2eSfNBW0g9SzSW/RbjaSGmxMjsDZegjbaGq1JG97TRnHSQd 2xnTl/aRpIKHRX5lnA26FSBlF4hDQpM/wdpi+jCCsyHm+qTco09kJ0B/UlzwC+t+++jT 1gHQGStjP4S4NhsNLQVXddkk9qrVmumHGTUiAFEmCPGj7Xib2+sV8kldpK1Afdo3Uc0e cQkg==
X-Gm-Message-State: AOAM532Vik+Znuix2YHhRM6CXN9UIJsiCpuw9kiZGnIepZ22ejkK52Cd EH2yiFxSaTpDgOj5kR9tQS1bhwT1sP/m9UfbTW8=
X-Google-Smtp-Source: ABdhPJwr87/HzD/p9NhA7DusIY4txEKPXFBFcr7MsL0ys2vF2faJ6V5JKpnFrWSUfZINIuHUGNb10VNlUmGiIOzp3rI=
X-Received: by 2002:a05:6602:3155:: with SMTP id m21mr1422939ioy.145.1626992429939; Thu, 22 Jul 2021 15:20:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:2654:0:0:0:0:0 with HTTP; Thu, 22 Jul 2021 15:20:29 -0700 (PDT)
From: Robert Ransom <rransom.8774@gmail.com>
Date: Thu, 22 Jul 2021 18:20:29 -0400
Message-ID: <CABqy+sq4G2JUHO6LrWw1zkWpEvYLr-coSAoMvfPmjt1z7u7EFw@mail.gmail.com>
To: pqc-forum@list.nist.gov, cfrg@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SiBuU-Glfz42ccSNJ63rUH09LWg>
Subject: [CFRG] Post-quantum authentication can be deployed now
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 22:20:37 -0000
Post-quantum authentication has not received the same deployment effort as forward secrecy using post-quantum cryptography thus far, in part due to the belief that large quantum computers have not yet been built. The implicit assumption is that a quantum computer capable of breaking the cryptosystems currently deployed could not be developed and put into use without a public announcement. I have written an implementation of PKP-based signatures, and integrated it into OpenSSH and PuTTY. The SSH patches also include an NTRU-based key exchange which can easily be implemented in any SSH implementation. The software is available at https://github.com/rransom8774 . A specification for PKPSIG is in progress. Robert Ransom
- [CFRG] Post-quantum authentication can be deploye… Robert Ransom