IETF Logo Mail Archive

Re: [Cfrg] likelihood that someone has a quantum computer

"Igoe, Kevin M." <kmigoe@nsa.gov> Mon, 13 January 2014 18:25 UTC

Return-Path: <kmigoe@nsa.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08EA51ADFDA for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 10:25:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.438
X-Spam-Level:
X-Spam-Status: No, score=-7.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_xxuP1ZHlWm for <cfrg@ietfa.amsl.com>; Mon, 13 Jan 2014 10:25:26 -0800 (PST)
Received: from nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) by ietfa.amsl.com (Postfix) with ESMTP id C1BF21ADF84 for <cfrg@irtf.org>; Mon, 13 Jan 2014 10:25:25 -0800 (PST)
X-TM-IMSS-Message-ID: <759123130003ebe3@nsa.gov>
Received: from MSHT-GH1-UEA02.corp.nsa.gov ([10.215.227.181]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 759123130003ebe3 ; Mon, 13 Jan 2014 13:25:13 -0500
Received: from MSMR-GH1-UEA07.corp.nsa.gov (10.215.224.5) by MSHT-GH1-UEA02.corp.nsa.gov (10.215.227.181) with Microsoft SMTP Server (TLS) id 14.2.342.3; Mon, 13 Jan 2014 13:25:09 -0500
Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSMR-GH1-UEA07.corp.nsa.gov ([10.215.224.5]) with mapi id 14.01.0289.001; Mon, 13 Jan 2014 13:25:09 -0500
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: 'arne renkema-padmos' <arne.renkema-padmos@cased.de>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] likelihood that someone has a quantum computer
Thread-Index: AQHPEG/Cx6fq9PykQkyciVxXssDanZqC7evQ
Date: Mon, 13 Jan 2014 18:25:07 +0000
Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABA9A1B1B@MSMR-GH1-UEA03.corp.nsa.gov>
References: <52C755AA.70200@cisco.com> <33E0BF53-A331-4646-B080-FD4F6E13916E@ieca.com> <810C31990B57ED40B2062BA10D43FBF5C1BF54@XMB116CNC.rim.net> <52D29B10.4030401@cisco.com> <CACz1E9rsLRwqpA0fS2RNOcpsn7DMqaN=7dcJDQqEi8HDMKKonQ@mail.gmail.com> <CACsn0c=mYv7v3fGCHCe9D5w2j+gRWWsmoUA7NQ=AsczTMP1rDw@mail.gmail.com> <d4d82e7c3988ce4908202185921ed7bb@mail.gmail.com> <52D3FEC2.4080602@cased.de>
In-Reply-To: <52D3FEC2.4080602@cased.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.225.46]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2014 18:25:29 -0000

I believe there is a consensus on the mailing list for the RG to commit
to identifying public key algorithms suitable for use should advances in 
quantum computing make Shor's algorithm a viable threat. I agree with 
William that the transition should start before we are forced to do so. 
As JFK said, "The time to repair the roof is when the sun is shining".

Volunteers for authors greatly appreciated. No need to limit ourselves
to a single technology/draft this early in the process.

Any dissenting voices out there should speak up now.

-----Original Message-----
From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of arne renkema-padmos
Sent: Monday, January 13, 2014 9:57 AM
To: cfrg@irtf.org
Subject: Re: [Cfrg] likelihood that someone has a quantum computer

On 13/01/14 11:48, William Whyte wrote:
> I don't think you can say that just because there have been few 
> discontinuities in the security of algorithms there will be no 
> discontinuities in the future. There might be, and if it does happen 
> unexpectedly it'll be a big problem. It's not a problem we need to 
> work on right now, but, again, that makes this a really good time >
to address it.

It makes sense to have a fallback algorithm set, as ETSI has done with the 3GPP algorithms:

http://www.etsi.org/services/security-algorithms/3gpp-algorithms

They standardised both KASUMI and SNOW 3G with the requirements for SNOW 3G as fallback algorithm being:
* maximizing "cryptographic distance" from KASUMI
* minimizing potential vulnerability to algebraic attacks
See:
https://www.cosic.esat.kuleuven.be/ecrypt/courses/end/slides-28/8-gilbert.pdf

Cheers,
arne

--
Arne Renkema-Padmos
@hcisec, secuso.org
Doctoral researcher
CASED, TU Darmstadt
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email