Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Mon, 08 May 2017 14:34 UTC

Return-Path: <prvs=63014949d3=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 181D8129492 for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 07:34:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ew3AAgASN0k8 for <cfrg@ietfa.amsl.com>; Mon, 8 May 2017 07:34:43 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 6B38F12947B for <cfrg@irtf.org>; Mon, 8 May 2017 07:34:43 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v48EYgpT019201; Mon, 8 May 2017 10:34:42 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] New draft on the transition from classical to post-quantum cryptography
Thread-Index: AQHSxFyloAd9nWKoNk2AcrmqPq9I+KHkOZmAgAWiEoCAANDSgIAAEN0A///GhACAAEUsAP//vrIA
Date: Mon, 8 May 2017 14:34:42 +0000
Message-ID: <58C7D7DD-B129-4FF1-B091-9AA8FAA46607@ll.mit.edu>
References: <BAE7613D-D89C-4F19-8FA5-1D3BCC55DCCB@vpnc.org> <78B0B91A8FEB2E43B20BCCE132613181399287CA@mail-essen-01.secunet.de> <9E0DFD44-3000-4E5B-BAE6-2EF74DB3EA4E@vpnc.org> <0d785b8b616846e9aa0eda962d1aade5@usma1ex-dag1mb1.msg.corp.akamai.com> <48F06B9A-7ED4-4711-901C-AA17DD690BC6@vpnc.org> <8076F68B-F7B1-487B-86ED-B6DCFE93EBF2@ll.mit.edu> <E6CCB3B6-3D85-4F98-A8A8-9DA3C97EDF44@vpnc.org>
In-Reply-To: <E6CCB3B6-3D85-4F98-A8A8-9DA3C97EDF44@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.21.0.170409
x-originating-ip: [172.25.177.148]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3577084482_1952570309"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-08_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705080078
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/k3-ZBwtAW9qXGgEC4-AyFgsUB7Q>
Subject: Re: [Cfrg] New draft on the transition from classical to post-quantum cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 14:34:45 -0000

On 5/8/17, 10:28 AM, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote:
    > Wouldn’t you agree that for long-term documents (those that need to 
    > survive for 15+ - 20+ years from now) the “need to change” is now 
    > with a pretty high probability?
    
    No. That is, I haven't seen evidence that there will be quantum 
    computers in 15 to 20 years from now that will be able to break 
    classical cryptography using current key sizes. The same is true if you 
    said "50 years". 

First, I’m sure there are documents now that need a “secure life” longer than 20 or even 50 years.

    Of course, I might have missed something in the early 
    research for the -00 draft, so if you have pointers to such 
    calculations, that would be great.

Alas, my crystal ball is out of order right now. But scientific progress tends to be not exactly predictable/calculate-able. E.g., did you expect to talk about “quantum computers breaking crypto” 20 years ago? I didn’t.