[Cfrg] Comments on draft-hoffman-c2pq-01

Philip Lafrance <philip.lafrance92@gmail.com> Fri, 21 July 2017 12:01 UTC

Return-Path: <philip.lafrance92@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4F6131BB0 for <cfrg@ietfa.amsl.com>; Fri, 21 Jul 2017 05:01:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFJBpKQs-aLD for <cfrg@ietfa.amsl.com>; Fri, 21 Jul 2017 05:01:20 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4210B131A87 for <cfrg@irtf.org>; Fri, 21 Jul 2017 05:01:20 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id h199so6349040ith.0 for <cfrg@irtf.org>; Fri, 21 Jul 2017 05:01:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=wyjmdf8Y/Qp7+LZy95p1hSu+naNUecsxStSjOQUDWOQ=; b=azGtoZr2ws5wMeGqOXZ8E7KljrU5nUkMYNoRE8crON1N6UbGhay1RTozZ7P74d8AwN ZaWyLpRX6eEnLDLTBAHQjfpmB36tggAkWmYoAAATTlSaDbEF6shvwETs67KJD/Bdrtba f7v7sptMTYItn+EVMt4zgGjltQAUk8bg8Xd04GMRxxVtGyyeK+6VbwZY/9LSu0Ni0t8O dlxQYSXr+uNjOaNY7vUcvAYQixAa+XBIXJNg20a7PqjNPvuZEpKFVXILGG4NHEpHQRQy fORq7UMRJ9cCPOwayDbyFK45sJ7vwfcx2YgaW+dMsWqBszP8PsEMhX5yZGJlWQjOAL5R CpLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wyjmdf8Y/Qp7+LZy95p1hSu+naNUecsxStSjOQUDWOQ=; b=M21SN6NWihQ8FPEC2t0/lXrykMOKZ3tWB9J5AI7YPKPkyqYP+UQIMZEKo3LS/lozaJ 4iqiv9641O39ZkMmaswEk/+0Hcb/+3V47vu5Yw9feLWWe4wtqQrbfitlMv/48f7SNh31 Tordv3GUigDf9qTpP6K1ocC/aDv0vQ7D2QAIl4jnU1wHLYSV3x5uR+sXit52t8UDjUZt xLzztSAAUsGUTZ3viEp/IoF+Md4ODNws4ztz12Un/M1iTj+YcejUuUD7vj+SZ3dm7U2c G7OkWgNSNE/LIbbdGaXaCSV5xkEGWxaNJyckhmrlE8Pwm+xgbenY4GFes8wMK4/RHVOh cKNg==
X-Gm-Message-State: AIVw111YCgMOdc9Xmguo6XWYEFU606LToq+tG6ah8pfLlP4A5kN3GYgY 3P2gpIJOQ1Mz76LQFtuvLA3lGRwcgZjg
X-Received: by 10.36.4.139 with SMTP id 133mr6925607itb.142.1500638479037; Fri, 21 Jul 2017 05:01:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.189.194 with HTTP; Fri, 21 Jul 2017 05:01:18 -0700 (PDT)
From: Philip Lafrance <philip.lafrance92@gmail.com>
Date: Fri, 21 Jul 2017 08:01:18 -0400
Message-ID: <CALwqbuyti95Tvx43vvWHhnfdrHo+yNVc8GQ0B-utk+C==3-h-A@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a113fe1e27abc4a0554d29f23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/U1ZlyJcxeiFjjAr2tn3jEcfVu7I>
Subject: [Cfrg] Comments on draft-hoffman-c2pq-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 12:01:27 -0000

Hello all,

So I can't express enough how much I support this document.

I gave it a cursory read and prepared some remarks (see below).

Since I was up at 3am today (IPSECME meeting was at 5:50 am my time) I kind
of want to go home and sleep. So, I'll give a more detailed review sometime
next week (hopefully with some input from my quantum crypto colleagues).

Comments:

Section 1.3

            -The definition given for “post-quantum cryptography” is pretty
limited and kind of inaccurate. The definition as given would suggest that
ECC is post-quantum as it does not rely on factoring large numbers or
determine the discrete log of a large composite number.


Maybe something like:


 "The term "post-quantum cryptography" refers to the invention and study of
cryptographic techniques (including encryption, signature and key exchange
algorithms) that are implementable on a classical computer and are based on
problems that are believed to be difficult for a quantum computer to solve.
In particular, this includes algorithms based on lattices, isogenies,
hash-functions, multivariate polynomial systems, and coding theory. It
excludes systems whose security relies on factoring numbers, or the
difficulty of determining the discrete log of one group element with
respect to another."



Section 1.6

            -The good folks at the Institute for Quantum Computing have a
good textbook which would be a nice reference (here is a link
http://hep.fcfm.buap.mx/cursos/2014/MCI/An_Intro_to_Quantum.pdf)



Section 2.1

            -This section seems to only be concerned with using quantum
algorithms to recover secret key. Why not also mention for example using
Grover to find collisions to forge signatures?



            -We should maybe consider replacing “large-scale” quantum
computer with “universal” quantum computer.



-Maybe some discussion about the differences between quantum annealing and
a universal quantum computer. This would be useful because, for example
D-Wave is a quantum annealer, not a universal quantum computer, but the
difference is lost on most people. Understanding the difference is
important if we’re talking about when to transition.


That's all for now.


All the best folks! Safe travels home from Prague!


-Philip Lafrance