IETF Logo Mail Archive

Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 02 April 2019 23:56 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3DD81203B0 for <cfrg@ietfa.amsl.com>; Tue, 2 Apr 2019 16:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grWwAqOPBTMt for <cfrg@ietfa.amsl.com>; Tue, 2 Apr 2019 16:56:37 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 975181203AA for <cfrg@irtf.org>; Tue, 2 Apr 2019 16:56:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1554249396; x=1585785396; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=iEwPVZrfD1efEZfHEehrsFsckBCGHfRlVY6sHROsQqo=; b=0sFBgdDUqEzX1mQJaXhvhvGkbYoyXOuHwClq4X8o/ACDL5tENZFOe8u8 a9M3MPV/2pN6RNFlJWZKeHrhiYOtuA5l7wsrfuwDgYa6df+fJyYsZEeJt DxlP/M6/rJVPBymqqVRpcLrp+rQGjWxT0PD35twLOzCQahhxrMPG8b2gp y9OlMTbMI2GlFTHe4aB6beTQriuoc0idBj35zsRAmqLBmkj0E+8HurUDH saDxPGCHeqK11npkLX1lVKCJ9xaB0znNUw4hfeDek7euTulynzYchnnGr kasGERyR8ZpVokS61loHhog6I0zNsL2oXgwX0i+YwtUp3ggy+5Si1rcRD w==;
X-IronPort-AV: E=Sophos;i="5.60,302,1549882800"; d="scan'208";a="54198934"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.9 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-e.UoA.auckland.ac.nz) ([10.6.3.9]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 03 Apr 2019 12:56:31 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-e.UoA.auckland.ac.nz (10.6.3.9) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 3 Apr 2019 12:56:31 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Wed, 3 Apr 2019 12:56:30 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Björn Haase <bjoern.m.haase@web.de>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
Thread-Index: AQHU2YhHElp7qJVa306c7sp7VaiA0aYKZlUAgAA63ACABtxrAIACXiwAgAwGegCAAD6YAP//creAgAEMZwCAAWPLAIAAENIAgATQZgCAAARKgIAAL2WAgAEVMb///15bAIAA94rE///CjYAALIuriw==
Date: Tue, 02 Apr 2019 23:56:30 +0000
Message-ID: <1554249372811.54517@cs.auckland.ac.nz>
References: <155231848866.23086.9976784460361189399@ietfa.amsl.com> <CAEseHRrSiJ72tQepyTiL=pSBcRRLGXhnJyy_QzOubWax+v=Ntw@mail.gmail.com> <CAEseHRqh4d0VaeSaj4CWr_ZxJbbpm33ZaLF-aYGBjVowFNLFeQ@mail.gmail.com> <c57bbf7b-3177-eb64-a3c0-26842fccbb89@lepidum.co.jp> <CAEseHRrVomCo6KD7gidCRBzKJDzFZRQ+q0+PjfBr8tQT4dVpMQ@mail.gmail.com> <b016d1f6-68e4-9728-c738-ab72c593dfd1@lepidum.co.jp> <CAEseHRoLGFbf74HT9n2beryc9Liqf2Hz+_rh-yo6Q8hNqwCvNQ@mail.gmail.com> <CAMCcN7RTQU=a+SYVkGUHZ4enOhkA9j9i6ivMRDUwb+aXPZ9hBg@mail.gmail.com> <7AE82BE8-768D-4B70-B7F1-EAF6894E428E@ll.mit.edu> <9CABDAD4-AAB7-46BF-BED7-6A917F828F11@inf.ethz.ch> <27F5D9B6-A44D-4A12-B81D-C4FB01052113@ll.mit.edu> <810C31990B57ED40B2062BA10D43FBF501DB4A31@XMB116CNC.rim.net> <B79CBA86-3C81-4973-84C2-7DAD7B659CB4@ericsson.com> <CADPMZDCHgsP6=ssJymeoq7RP1eshWf4zk+N9Cf1DY-fk+ntCgA@mail.gmail.com> <1554167337418.62603@cs.auckland.ac.nz> <1A5915E5-E50A-426E-B8F5-6CCCA47AB392@ll.mit.edu> <1554185903715.11087@cs.auckland.ac.nz>, <86950110-c278-31d2-ae3e-a2485d0243ed@web.de>
In-Reply-To: <86950110-c278-31d2-ae3e-a2485d0243ed@web.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/gSfazcV9UClpxUj9sRVM_WOZnzQ>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 23:56:43 -0000

Björn Haase <bjoern.m.haase@web.de> writes:

>We know that the cost of conventional attacks is low and many applications
>are actually "worth" the effort of an attack.

Another thing about PQC is that all of this is entirely new crypto that we
have no experience in using.  We've had decades of experience with using
PreQC, and have mostly managed to get it right (a lot of the attacks being
performed were known about years ago but were ignored until someone published
an attack paper with accompanying tools and newsworthy name, and even then
there's a huge amount of code in PreQC crypto designed specifically to prevent
entire classes of attacks), while we have zero experience with using PQC.
Which means we're going to see years if not decades of new attacks, or the
same old attacks that were fixed in PreQC implementations, popping up with
PQC.  It's quite possible that PQC will make us a lot *less* secure, if QC
never really happens but the expected vulnerabilities in using PQC do.

In fact I'll make this prediction now:

  Likelihood of successful attacks due to QC: Epsilon.
  Likelihood of successful attacks due to use of PQC over PreQC: 100.0%.

(the second figure should actually be much higher than 100%, because there'll
be many, many of them, not just one).

Peter.

v2.23.0 | Report a Bug | By Email