Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography

"Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com> Tue, 09 May 2017 09:22 UTC

Return-Path: <chris.dearlove@baesystems.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D848A129B76 for <cfrg@ietfa.amsl.com>; Tue, 9 May 2017 02:22:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.921
X-Spam-Level:
X-Spam-Status: No, score=-6.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qEC_maa7sIN4 for <cfrg@ietfa.amsl.com>; Tue, 9 May 2017 02:22:16 -0700 (PDT)
Received: from ukmta1.baesystems.com (ukmta1.baesystems.com [20.133.0.55]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 951F2129B69 for <cfrg@irtf.org>; Tue, 9 May 2017 02:22:13 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.38,313,1491260400"; d="scan'208";a="181618324"
Received: from unknown (HELO baemasmds016.greenlnk.net) ([10.15.207.101]) by ukmta1.baesystems.com with ESMTP; 09 May 2017 10:17:09 +0100
X-IronPort-AV: E=Sophos;i="5.38,313,1491260400"; d="scan'208";a="170487425"
Received: from glkxh0004v.greenlnk.net ([10.109.2.35]) by baemasmds016.greenlnk.net with ESMTP; 09 May 2017 10:16:52 +0100
Received: from GLKXM0003V.GREENLNK.net ([169.254.4.172]) by GLKXH0004V.GREENLNK.net ([10.109.2.35]) with mapi id 14.03.0248.002; Tue, 9 May 2017 10:16:52 +0100
From: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Paul Hoffman <paul.hoffman@vpnc.org>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] New draft on the transition from classical to post-quantum cryptography
Thread-Index: AQHSxFyyrdxv3Y4EbE29PkiMhZEf96Hj5ceAgAWiEoCAANDSgIAAEN0AgAAJkwCAAAIdAIAAAcAAgAFIm+A=
Date: Tue, 09 May 2017 09:16:52 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30DE6330D69@GLKXM0003v.GREENLNK.net>
References: <BAE7613D-D89C-4F19-8FA5-1D3BCC55DCCB@vpnc.org> <78B0B91A8FEB2E43B20BCCE132613181399287CA@mail-essen-01.secunet.de> <9E0DFD44-3000-4E5B-BAE6-2EF74DB3EA4E@vpnc.org> <0d785b8b616846e9aa0eda962d1aade5@usma1ex-dag1mb1.msg.corp.akamai.com> <48F06B9A-7ED4-4711-901C-AA17DD690BC6@vpnc.org> <8076F68B-F7B1-487B-86ED-B6DCFE93EBF2@ll.mit.edu> <E6CCB3B6-3D85-4F98-A8A8-9DA3C97EDF44@vpnc.org> <58C7D7DD-B129-4FF1-B091-9AA8FAA46607@ll.mit.edu>
In-Reply-To: <58C7D7DD-B129-4FF1-B091-9AA8FAA46607@ll.mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/_0tDtK4EQWkopipHi5tQlRtMJ0I>
Subject: Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 09:22:18 -0000

The NSA, who probably have the longest timescales, say (https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf, on page 8):

"Algorithms often require 20 years to be fully deployed on NSS. NSS equipment is often used for 30 years or more. National security information intelligence value is often 30 years (sometimes more) although it may vary depending on classification, sensitivity, and subject."

[NSS = National Security System]

-- 
Christopher Dearlove
Senior Principal Engineer
BAE Systems Applied Intelligence Laboratories
__________________________________________________________________________

T:  +44 3300 467500  |  E: chris.dearlove@baesystems.com

BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow, Chelmsford, Essex CM2 8HN.
www.baesystems.com/ai
BAE Systems Applied Intelligence Limited
Registered in England & Wales No: 01337451
Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP

-----Original Message-----
From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: 08 May 2017 15:35
To: Paul Hoffman
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography

On 5/8/17, 10:28 AM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote:
    > Wouldn’t you agree that for long-term documents (those that need to 
    > survive for 15+ - 20+ years from now) the “need to change” is now 
    > with a pretty high probability?
    
    No. That is, I haven't seen evidence that there will be quantum 
    computers in 15 to 20 years from now that will be able to break 
    classical cryptography using current key sizes. The same is true if you 
    said "50 years". 

First, I’m sure there are documents now that need a “secure life” longer than 20 or even 50 years.

    Of course, I might have missed something in the early 
    research for the -00 draft, so if you have pointers to such 
    calculations, that would be great.

Alas, my crystal ball is out of order right now. But scientific progress tends to be not exactly predictable/calculate-able. E.g., did you expect to talk about “quantum computers breaking crypto” 20 years ago? I didn’t.
 
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************