IETF Logo Mail Archive

Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt

Kyle Rose <krose@krose.org> Mon, 25 July 2016 13:44 UTC

Return-Path: <krose@krose.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A7512D518 for <cfrg@ietfa.amsl.com>; Mon, 25 Jul 2016 06:44:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HjdSMWc-SP3N for <cfrg@ietfa.amsl.com>; Mon, 25 Jul 2016 06:44:48 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2774112D190 for <cfrg@irtf.org>; Mon, 25 Jul 2016 06:44:48 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id o67so160685791qke.1 for <cfrg@irtf.org>; Mon, 25 Jul 2016 06:44:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RfbAe+gUolOohUkrDunxyznk/VeNwSzb+CfT2gs9qK0=; b=dy5TuUwVaQgZZUnduRpbxysRBju9R1QllElQSClQKThThALVLJH6oT4ZCNlrhtLeg2 YgY5ESm7qhz5VN4f/XidrAYhW/lT4c7fIu1/YChpPjy0nM+QEInHdDgRwA/hglaOoN4M k7uWDE0eucMiH54CofrQVW2FEVypDb11L5JyA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RfbAe+gUolOohUkrDunxyznk/VeNwSzb+CfT2gs9qK0=; b=I7UZe3P00GfPBREIev8Q7ukpO/k51BYDy2NVUabyHFYee5BluZwxJQ2QrYdBTAOy/4 ae53mhN8IkvqlpROyQlOta9nyYlXs7l6MXal2pV4Jz2p7qBY5plRcUCPX8BO++IGDOFk D8n3RGB7DcRvZYbYRpPA55dBV/GYSE3isBHp64ooOkKMJIjkhOWA8oBbYfKH3MDnfsuq HES3PZGroS6j3yNP8x5kICvgJ21fEECoRlvWJ5EpBEue3JYftsiItqaLfyMEuiYovFtK CiIoi9bC8EOBIBhWOOoOd+ypOlxldHSciUbe6ci+6xfvuUeM8OKcMpyI0jOVmsY08BRV 6V6Q==
X-Gm-Message-State: AEkoouuvBN7E+wOIsFLFQF5wIwdtErhHrZyjWsIMVQELRHNftCWu2LFhCHoN4TJo/Zc/yh6lQlnxy0wDiBltUw==
X-Received: by 10.55.87.194 with SMTP id l185mr21445608qkb.78.1469454287201; Mon, 25 Jul 2016 06:44:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.94.70 with HTTP; Mon, 25 Jul 2016 06:44:46 -0700 (PDT)
X-Originating-IP: [2001:4878:8000:50:c575:6fcb:a4a4:a14e]
In-Reply-To: <454b1115-787b-f148-1448-58e7de1620c7@huelsing.net>
References: <20160706144508.25995.18605.idtracker@ietfa.amsl.com> <577D1B6E.1020506@huelsing.net> <D3B93AC9.7187E%kenny.paterson@rhul.ac.uk> <994C5976EA09B556.08963792-86E6-4CE4-95FB-23F0F6046EC0@mail.outlook.com> <C6F5FDF9-6A09-4ECB-AAF5-985BF06F0F83@rhul.ac.uk> <69e0bf26-c079-75fb-0a5c-751bf3581016@cs.tcd.ie> <CACsn0cnU1UM1_4Y7at7ov0rr94-YWm0Boogs7R916P2Lk_BpPw@mail.gmail.com> <21d8f293-d302-6ead-66d9-cc05db238348@cs.tcd.ie> <454b1115-787b-f148-1448-58e7de1620c7@huelsing.net>
From: Kyle Rose <krose@krose.org>
Date: Mon, 25 Jul 2016 15:44:46 +0200
Message-ID: <CAJU8_nVy5sG2vZWDEOFRNJuKCgR1tGNCLqpmOrDDTJZxgNtd4Q@mail.gmail.com>
To: "A. Huelsing" <ietf@huelsing.net>
Content-Type: multipart/alternative; boundary="001a114e7322cd9152053875fc0c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/VdNSDVbsUipDt-2mYH_4HsKAkSM>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 13:44:51 -0000

>
> 3. "Politics": Should we deploy post-quantum crypto now, possibly at the
> cost of not deploying advanced "classical" crypto.
>
It's not just politics. For most online use cases, confidentiality must be
maintained for a longer period than authenticity, as Ilari pointed out to
me on the TLS list last week. (I.e., authenticators can be good for a
limited time only and then rotated, and so only need to be better than
attacks expected during that window, whereas encrypted data can't be
rotated once it's been recorded by an adversary for decryption later based
on new techniques or machinery.)

So PQ signatures aren't generally as important for deployment today as PQ
key exchange is. Unfortunately, the crypto community has much less
confidence in the schemes for the latter than for the former: research and
cryptanalysis, not standards development, are the blockers there.

This is not to be interpreted as a knock on hash-based signatures, which
are probably the future if quantum computers become a real thing, only that
it's not clear that there's any tangible benefit in the near future beyond
gaining experience with new schemes. In particular, I think any caution
expressed regarding XMSS should be directed mostly at state management,
which is where screw-ups are most likely.

Kyle

v2.23.0 | Report a Bug | By Email