[Cfrg] New draft on the transition from classical to post-quantum cryptography

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 03 May 2017 22:28 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430051294BF for <cfrg@ietfa.amsl.com>; Wed, 3 May 2017 15:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnJ3Qv5GF7Gr for <cfrg@ietfa.amsl.com>; Wed, 3 May 2017 15:28:47 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A7741296D2 for <cfrg@irtf.org>; Wed, 3 May 2017 15:27:04 -0700 (PDT)
Received: from [169.254.218.211] (142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id v43MQePa045258 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <cfrg@irtf.org>; Wed, 3 May 2017 15:26:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176] claimed to be [169.254.218.211]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: cfrg@irtf.org
Date: Wed, 03 May 2017 15:27:02 -0700
Message-ID: <BAE7613D-D89C-4F19-8FA5-1D3BCC55DCCB@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/k84afUJCcZ15KHTlrHgs3HsNaBk>
Subject: [Cfrg] New draft on the transition from classical to post-quantum cryptography
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 22:28:48 -0000

Greetings again. I have just published a very, very preliminary Internet 
Draft to help people understand when they have to make the transition 
from classical to post-quantum cryptography. The draft information is 
here:

Name:		draft-hoffman-c2pq
Revision:	00
Title:		The Transition from Classical to Post-Quantum Cryptography
Document date:	2017-05-03
Group:		Individual Submission
Pages:		12
URL:        
https://www.ietf.org/internet-drafts/draft-hoffman-c2pq-00.txt
Status:     https://datatracker.ietf.org/doc/draft-hoffman-c2pq-00

This -00 is full of holes, but gives a structure for how to tell people 
about quantum computers that apply to breaking cryptographic keys, how 
to tell when those computers might become feasible, and what they need 
to think about for the transition. It most emphatically does *not* cover 
post-quantum algorithms other than to say "go look here for more info on 
that". That is, this document is about determining when people need to 
make the transition, not the algorithms to which they might transition.

Clearly, the draft needs a lot of input. Not only are there holes, there 
may be flat-out errors in it. That's why there is the strong disclaimer 
at the beginning; I am not a cryptographer, a mathematician, or a 
physicist, but I do work in fields where people are asking "should we 
even be thinking about post-quantum crypto".  Suggestions for text are 
great, suggestions that come with references are even better.

Does this seem like something that CFRG might be interested in adopting 
as an RG document? If so, I can make the next version 
draft-irtf-cfrg...; if not, I can keep this as an individual draft that 
will get published in the IETF stream instead of the IRTF stream.

--Paul Hoffman