Re: [CFRG] NSA vs. hybrid
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 07 December 2021 00:27 UTC
Return-Path: <prvs=89753b2724=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C583A0C48; Mon, 6 Dec 2021 16:27:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xsoPipmSpFoL; Mon, 6 Dec 2021 16:27:27 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA1FA3A0C49; Mon, 6 Dec 2021 16:27:26 -0800 (PST)
Received: from LLEX2019-3.mitll.ad.local (llex2019-3.llan.ll.mit.edu [172.25.4.125]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 1B70ROp0061564 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 6 Dec 2021 19:27:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=g+uGbSnaGfsHUof+cLVgDM0XzQzqkDre8VVVgw5/1UjdcwFFmDV5XYwLk1rsDf1uGPepUNBV9xnYkOW7uHq+Zgj0XaNnGiVKNhaM2IStbHgUflbAgVP3tXL8Tqg8K2NMIZzyEgXEix103XRUyyROkREa9KL5FpJQgcHWa5rhjgENmzddf/0n3LzRwTSi2pRGzzJuG3HGg7IEAQOpkSm8QNLNpAblyIMx/KCZh5WaGFfrGpE5KTv6LshpCY8y+9XMx3kW6pqT05djak5trkGqRSqv27BT8HmLLGIqJ+UiDNP0RVSnBtl278qEzetlt+N1TeIBny3AyRhaNp48+TemHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=J/C47TMcFEym+pPeNUVbZPddTphKLRZ712RFtwTXwFk=; b=Vy+NButPAmcD8cKHG33KAdcqHFV0mNdnnB9oE7KovwN3iqUXa0o9TELNPkkNc8mtQiNhNjyN4sPcjurOeQBgugq+6odGUUIUP9mxBBY2YW66SVZC7q98NR4lZdmG0koLnKY0Ik/LcL+I5QKe7A2Hf7WDAQKq+jKd5g+VAnsbI8cVNqAY1qwlAYv3GGusc1W8vF6kgAitbxVzjLkjyW9J4gg48C7uANJd7aFK+o32OQJc+gj1mDaAxEQUJoUD6vZWJ6aWSia7W3N8nMP8invH1atOZQ7cHYJ6AZ5DHlXYwQoRPLeP92SAqYh9/iEB1Jo7kJ3gEOhjAHq/l9pMeylqMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] NSA vs. hybrid
Thread-Index: Adfq+SifdKkyH8eASvmUsdG8SJfxR///vEKA
Date: Tue, 07 Dec 2021 00:27:21 +0000
Message-ID: <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu>
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com>
In-Reply-To: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.54.21101001
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16818723-cec4-4020-68c1-08d9b91855d0
x-ms-traffictypediagnostic: CY1P110MB0614:
x-microsoft-antispam-prvs: <CY1P110MB06147BC3EB7C149172A54114906E9@CY1P110MB0614.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lEgBy1YGMQDmk5yPPifQS5T49vwBg5TRAOdLtq9/tq0p6I212XjJzaFSbL+fW8oGgOb2LakuzRPsMirtToiQISvINxM+DtB6XALc9qoxItrEb4aWiObk1W9owREWQKtpdgP34ljpS0+iyX46PjMrTAY2w5y4Hnryu7ev8wb7FnJM7//AHMW31pTDwbHhlM5uOtD/gRx4UsZlJgeJU5KkoJ6dLXGQcqObuJOdGoUT1jiwVw4DwiLB20n1TW5PwJxDXxqKH41dK9ATbRCZVfZyzU5lmu10YRmJNxOaMzgQWY8bdZduc/1qKk4o7E/j6OolQlkb2b1a29LTl0hFQlrM4f+Ld661nvxLFzZRuOnPSpJNlmN5torUP1OeI3VsWvjAjAVsGHswk9OVEGUQZD1W9cdPiD30pK7AzHxrj7UI/yEt6AC7DrFNwP6j4of2cYZ/xYv9k6BcMyGdaL4e1c/67przcQOTePuukQDIyGfRcNqpdBY+E5J7gWDcHAGj0CxWofZfz51TSKSg0Z1+nDPWzorvQAlKUUS5DgpWqZLCT+BDsyyoiI83wdeMRtTcYCv23gaWWRZIWtMvZM+EiGYQCzWHK7eHNJM7rZotHefuifeXKdqA+hfQTLkS/yQC1EWmRjdhPc2ZoqBatCjoaREPMedq6pFd2bCV0Ei1ksBJJ+mXaim/Zlkq72H7uCSOjxbF6cyVsNN3Y0735N4oBmh/cjl+rdgy1XxrypAnMpLhPufc4bYh7WviIr+tRIkQrOpzfX+fEwOVN4DWdVysGSwamw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(110136005)(2616005)(26005)(8676002)(6506007)(498600001)(71200400001)(8936002)(76116006)(186003)(2906002)(6512007)(83380400001)(64756008)(66446008)(6486002)(38070700005)(5660300002)(75432002)(122000001)(33656002)(86362001)(66556008)(66476007)(66946007)(99936003)(38100700002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4TCBn1U9Ba32Faakcm6RlcVwBwTnKPZRUi0Nzvw3NILTV35jo4xaNzqFHF6UfGE0CqFsMI5JVWhB89YyZjPbmP8HjPTbYA3oQsMBQc8sLkIFBf2enuVVF5L8/q2wVYAzYvE+q30E0sqzWXOnZxccINqHdsy5LwxgLkH0PQfuP63ZI50jbpUqtUmszZHvMYf4p4AB4EsWgUcozD257OD3RjamQnV+YLz8LPoZdFh/C5yo57LkEslENcwFBFviSu15A7YNmyDq+lusVi55Z+cy2m+74o3tSGnEiuY1Shff99b9a6zlmtwPG9MqZNa80A3ZWMIMfbJGt9D7XLtd13H0MYZ3AQPFqTwAHL1dGGHh/PZ+g4rB4OhggflqLnjrCgyG2ujAMHfnla6csFOsCs9BiKAFK8nCRbYYEaaNOJrH+X91xbfYmYm8BApavLNEWCiPMt6XOUgInEiaUHRukFpdhNssIEY81ex6JlOan772VHbQ7LEAUqIAjlHSLomuJAafgL/GFC1ewoA26sW8q6KySPhdj35hhwHARggoiY/YggLL97n96RhNEUf8Zd/tXwtL2OPR2uuU/d06wImWdzrv2cO7DeCVYGUNk/QujkpogcB+lfBlLBX4HmQ/jU+Jut0fYvnQy+l0qDCOVSyDX8g6WHxyGcrNor5FtcOd+STT9W9X98s3RICinRz9zKrZ0MGPNZY8rYf0GeI811DZ9IhjWA+Gk6QLIqP4njwFpK71m6aFxnx7tzeidzajCfDP2sWESHjBxTodLpX1aKKV98vcIjAYLTeU3fGBFmzLy/1i1talQCynVKObdkPvsa4EFKKhb6HfzTspTonS9GJCN3AEeUuI6emxN9kuyCREo2vPo6VxOGD/TVb5/mG7Ai12awcHVAm2yLtS8ivd5ovb5423AMab9zOhY+ocrEvJoFL7NQYIh//9ufcuj+ZmYC1p6UOYQYmgSz2THx2/DtE0vIJzBP1ulG/d+ZZmAuNyKvWfs0xItMxhmAz/3a5x22TllpoGIy7bwPXwuLgn+wXj36tB+hjvqB7aGGdD4fVc6CGLH499ohrRqDmcWtfe3B+Xp/bt71NidsqmaSAHIk3gfp2o8ynx1G3FLcdT2oYeFpqENuTuB5fWolbdjPnXMOacUsYKpGV5R1vgaUZLz9sht3dUXOqQhA07pKpyIWR677DcGlnYKy0/JjEUvm8J7RXmy69bE2+5AYyRk5jGMFkeR3LsFdC0v9TPX/ORYcO1E7sKOlW51H6qEaJBMBBd9HVTL1Y9
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3721663641_448815890"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0616.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 16818723-cec4-4020-68c1-08d9b91855d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2021 00:27:21.8351 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0614
X-Proofpoint-ORIG-GUID: N_7_buF9UYZIh4QKzbiCPXrRRtdgAvNK
X-Proofpoint-GUID: N_7_buF9UYZIh4QKzbiCPXrRRtdgAvNK
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-12-06_08:2021-12-06, 2021-12-06 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 suspectscore=0 malwarescore=0 adultscore=0 mlxlogscore=878 mlxscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112060146
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/bZXuyO6GARajq9Fxd3eBVO8WOKE>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2021 00:27:33 -0000
CRQC (Crypto-Relevant Quantum Computer) is a threat in two ways: 1. Breaking your key exchange and decrypting your confidential information; 2. Forging your digital signature and/or authentication. For sensitive data, problem (1) is relevant now - because, as you said, ciphertexts could be recorded now and broken/decrypted decade(s) later, when CRQC is available. Hybrid won't help here (and those who don't expect CRQC to arrive, can stay with ECC). As to (2), it's unclear when we need to start worrying (though, probably, not now). Clearly, it's of no advantage to the adversary to forge my signature now on a TLS session established 10 years ago. It may well be a concern for legal documents - e.g., if somebody 10 years from now forges a signature on a mortgage - but I can't evaluate this risk, as I don't have enough understanding of the field. So, "quantum annoyance" is not an answer for me: for short-lived data, I don't care at all (for now) - and for long-lived (presumably important) data I can't rely on "well, they're busy cracking zillions of somebody else's data, and my data's turn may not even come". -- Regards, Uri There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare
- [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Stephen Farrell
- Re: [CFRG] NSA vs. hybrid Scott Fluhrer (sfluhrer)
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Jeff Burdges
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Ilari Liusvaara
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Phillip Hallam-Baker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Martin Thomson
- Re: [CFRG] NSA vs. hybrid Andrey Jivsov
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Richard Outerbridge
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Christopher Peikert
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase