Re: [Cfrg] likelihood that someone has a quantum computer

David Jacobson <> Sun, 12 January 2014 15:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A40061ADF78 for <>; Sun, 12 Jan 2014 07:38:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 13lzMwoQcMyb for <>; Sun, 12 Jan 2014 07:38:48 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id B9D281ADF24 for <>; Sun, 12 Jan 2014 07:38:48 -0800 (PST)
Received: from [] by with NNFMP; 12 Jan 2014 15:38:37 -0000
Received: from [] by with NNFMP; 12 Jan 2014 15:38:37 -0000
Received: from [] by with NNFMP; 12 Jan 2014 15:38:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1389541117; bh=wEQnjiIOYocUf32U+a5rBQPGcQxwfCOowp5VKjMR2l4=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type; b=xPrVfyVIMxLjxtbk6UvoA6kJ8cDJmj6LK0vbLlI5wsFFS0z29bVUQ5efFwbucvqIc4ngj5hCfX64gmMOiQJgxRTaxuXSmzOUwkdOgJ8f/FYgtOUwaAMyk10peE+XcPEiPho3foxjm24dG8pRy2oHVBu5noeffP8XZS608yFMZhg=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: vWzxFRYVM1liSKju7AnQhUpDR0ATtyeokn0wpNBr3v1mN18 ipcomZP60ozDbVrceNx1Tp8a8gHaImfK61P09plxAaEka40RDgCOB1MI_yo4 zXzVgMHl_fcKeMZutwLqac9cdJHOtjDB7VRZFdqm4iMnic.ApF30r3Q9UY5t mdbEkbnc6a4nDIlUp777Rj22Oylun8uqBdsQVUlPKrXNyqoryZifgqE._gpu OkXb4uJxn_BJ2InARm4BaHDtjYjjiGh9BWMVMFKtZlsWyhIre.NhaLg0IuX5 szFHrBG8jp9oFCi2DEVWoKuWZj5Oqcqv8GpXqCqmo3N3EXDl_a9GW7XC.Os5 62GCUg3VaEbozWtlnHHIDd5u3qmtv97mCL1LnasuGjArMgBxZCSI_LlJsoy_ 9qXIehnhHpzIR8eqnw337ZozA2liDlIZX9pdOt3AQEB.VaJNoHrW6iLY.X3g QrQDzxN7eXFkAxAEShs_EQ8ADBihDo.5_8oNXkTkzRwZfFiW0EhSlhLA41ox Lr6GoE1eJsXcViKh3KSxAmta3wdqHY1hgO3mwam1OZEX8ZK_rXo40Zy4Woi1 Bk3oozO0BJODHdoVcC_Q56hsmyWw4p495Kv9ofy2ip.y7en7Rqv2FRvPfKQK IaVr_H7Z4652xk12utNuc8TDFSHyqz8fCaxZhqCYHpyrViJU1AZoRiXTy494 otXp1
X-Yahoo-SMTP: nOrmCa6swBAE50FabWnlVFUpgFVJ9Gbi__8U5mpvhtQq7tTV1g--
X-Rocket-Received: from [] (dmjacobson@ with plain []) by with SMTP; 12 Jan 2014 15:38:37 +0000 UTC
Message-ID: <>
Date: Sun, 12 Jan 2014 07:38:35 -0800
From: David Jacobson <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: David McGrew <>, Dan Brown <>, "''" <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------070407000600020002020400"
Cc: "''" <>
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 12 Jan 2014 15:38:50 -0000

On 1/12/14 5:39 AM, David McGrew wrote:
> Hi Dan,
> some further thoughts on things quantum:
> On 01/08/2014 12:32 PM, Dan Brown wrote:
>>> 2) Is QKD something we need to start considering:
>> I am more interested in the issue of whether quantum computing (for Shor's
>> algorithm) will, or even has, become feasible? I am not an expert in the
>> area, but am interested.
> this is not an area that I actively follow, but I think the following 
> description is accurate: quantum computing is an active area of 
> research, and those working in the area believe that it can become a 
> viable technology in the not-to-distant future, though there are also 
> skeptics who feel that quantum decoherence may make it impossible to 
> ever build a quantum computer that would be able to solve problems of 
> cryptographic interest.   (An important side note: the D-Wave computer 
> is not a real quantum computer in the Peter Shor sense; it does 
> something more like simulated annealing).
>> Of course, we can just go ahead and get prepared with proposals for
>> postquantum algs.  That's great to do, but still doesn't address the
>> question. I expect some may argue that asking this whole question just begs
>> pointless speculation, on the grounds that if your adversary (soon) has a
>> QC, then you should have spent your time switching to PQ rather than
>> thinking about whether the adversary had a QC.  In other words, I'm
>> expecting some may say that consideration of postquantum crypto is perfectly
>> reasonable, but asking about the existence of a quantum computer is
>> pointless.
> This is my thinking, more or less.   I would put it more positively 
> as: let's figure out how to use post-quantum cryptography in practice, 
> because if there is a breakthrough in quantum computing, the mad rush 
> will be ugly, and besides, we don't really know what capabilities our 
> adversaries have now, or will have in a decade.


This is a volunteer group, and the energy that can be summoned depends 
on interest, excitement, fear, etc.  (Just note how CFRG has gone from a 
sleepy group with 2 or 3 messages per month to many messages a day since 
last summer.)  So, if we want to study post quantum computing, find 
promising algorithms, and evaluate them, we can do that if we have a 
sufficient set people with interest and expertise.  And I think we do.  
It is not like we are at a big company and we have to get some executive 
to give us a budget.

    --David Jacobson