Re: [Cfrg] likelihood that someone has a quantum computer

William Whyte <wwhyte@securityinnovation.com> Tue, 14 January 2014 02:04 UTC

Return-Path: <wwhyte@securityinnovation.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AE871AE098 for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 18:04:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waw7AMRRhtC3 for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 18:04:24 -0800 (PST)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 8431E1ADFE4 for <cfrg@irtf.org>; Mon, 13 Jan 2014 18:04:24 -0800 (PST)
Received: by mail-qc0-f169.google.com with SMTP id w7so1841015qcr.0 for <cfrg@irtf.org>; Mon, 13 Jan 2014 18:04:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=securityinnovation.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:content-type; bh=6o9MFwN8Igdv6QDWek6FHg5V/shD98vJciACsecrf5g=; b=OeFf++F2PoQ9NolTZgsGjmOf6e1i5rvXwecvuv2UNIzED7rS9+TbogoQlYCzaDMR/7 5HoHFE/8AHYjylQLicnw47xa/S5eFGzJkqkkdSbmW1K0t45nDbH79Fho1buUsFYX2EEE a8ybjuknOlARj8/LaP1Gn+TUCGHJ4oDO/i7Wk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:content-type; bh=6o9MFwN8Igdv6QDWek6FHg5V/shD98vJciACsecrf5g=; b=nIeSeF3u9jSo9s54HAEFJX+KzDXyuZqE4Re7ZEGYfO3eT1ms+mUU5CyQiyGNId5npT srOpOb1jC4UCEneblOCys2RO6iX/w50hzfqM/J9eEU435z07vYrtSW/556XIRNA7sFtV xZlDRt6yWoXs6JpJ4l7n8NxisgWaXMCcXFEePNTg9ieoarbcPCBk6JmD/f3bmLXJq3EV OEbjJXApz8EsVpdA58vNVrW4otnQz9nyhC5H1kZEn7OdCFfVVAyXVTbnD8PakeB6OSvF CMKZJl3YDUOQY7MVpDy+RFmWNW3JOHn9BQIhcfNVjIXEFiptnuQPZ7DxaO1/hKfd5VJe q0eQ==
X-Gm-Message-State: ALoCoQnGoZ6JD2iTwNMl2rjvTgDkMXoFpimjlQCX99R08frAzOKfebfdGg52MCU7VES3fhh3ioET
X-Received: by 10.224.124.74 with SMTP id t10mr45493396qar.40.1389665052982; Mon, 13 Jan 2014 18:04:12 -0800 (PST)
From: William Whyte <wwhyte@securityinnovation.com>
References: <52C755AA.70200@cisco.com> <33E0BF53-A331-4646-B080-FD4F6E13916E@ieca.com> <810C31990B57ED40B2062BA10D43FBF5C1BF54@XMB116CNC.rim.net> <52D29B10.4030401@cisco.com> <CACz1E9rsLRwqpA0fS2RNOcpsn7DMqaN=7dcJDQqEi8HDMKKonQ@mail.gmail.com> <CACsn0c=mYv7v3fGCHCe9D5w2j+gRWWsmoUA7NQ=AsczTMP1rDw@mail.gmail.com> <d4d82e7c3988ce4908202185921ed7bb@mail.gmail.com> <52D3FEC2.4080602@cased.de>
In-Reply-To: <52D3FEC2.4080602@cased.de>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJ4x4958Z+19boV+tPFc44KqqvFgQKFSLs2AjIpROUCKyrZpgJv7XkgAVQx05MA/TQlngIt1h5ZmMF2qrA=
Date: Mon, 13 Jan 2014 21:04:12 -0500
Message-ID: <94153160f9ff12c3f2171a240bd9855f@mail.gmail.com>
To: arne renkema-padmos <arne.renkema-padmos@cased.de>, cfrg@irtf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 02:04:26 -0000

Hi Arne,

So is the idea that all devices have to implement both algorithms? Is
there a mechanism in place for declaring one broken and requiring that the
other is used at all times?

TBH I'm less concerned about catastrophic failure of symmetric algorithms
than public-key algorithms, but I'm very interested in processes to
replace algorithms.

Cheers,

William

-----Original Message-----
From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of arne renkema-padmos
Sent: Monday, January 13, 2014 9:57 AM
To: cfrg@irtf.org
Subject: Re: [Cfrg] likelihood that someone has a quantum computer

On 13/01/14 11:48, William Whyte wrote:
> I don't think you can say that just because there have been few
> discontinuities in the security of algorithms there will be no
> discontinuities in the future. There might be, and if it does happen
> unexpectedly it'll be a big problem. It's not a problem we need to
> work on right now, but, again, that makes this a really good time >
to address it.

It makes sense to have a fallback algorithm set, as ETSI has done with the
3GPP algorithms:

http://www.etsi.org/services/security-algorithms/3gpp-algorithms

They standardised both KASUMI and SNOW 3G with the requirements for SNOW
3G as fallback algorithm being:
* maximizing "cryptographic distance" from KASUMI
* minimizing potential vulnerability to algebraic attacks
See:
https://www.cosic.esat.kuleuven.be/ecrypt/courses/end/slides-28/8-gilbert.
pdf

Cheers,
arne

--
Arne Renkema-Padmos
@hcisec, secuso.org
Doctoral researcher
CASED, TU Darmstadt
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg