Re: [Cfrg] likelihood that someone has a quantum computer

"Igoe, Kevin M." <> Mon, 13 January 2014 18:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 08EA51ADFDA for <>; Mon, 13 Jan 2014 10:25:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.438
X-Spam-Status: No, score=-7.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id B_xxuP1ZHlWm for <>; Mon, 13 Jan 2014 10:25:26 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id C1BF21ADF84 for <>; Mon, 13 Jan 2014 10:25:25 -0800 (PST)
X-TM-IMSS-Message-ID: <>
Received: from ([]) by ([]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 759123130003ebe3 ; Mon, 13 Jan 2014 13:25:13 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.2.342.3; Mon, 13 Jan 2014 13:25:09 -0500
Received: from ([]) by ([]) with mapi id 14.01.0289.001; Mon, 13 Jan 2014 13:25:09 -0500
From: "Igoe, Kevin M." <>
To: 'arne renkema-padmos' <>, "" <>
Thread-Topic: [Cfrg] likelihood that someone has a quantum computer
Thread-Index: AQHPEG/Cx6fq9PykQkyciVxXssDanZqC7evQ
Date: Mon, 13 Jan 2014 18:25:07 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Cfrg] likelihood that someone has a quantum computer
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Jan 2014 18:25:29 -0000

I believe there is a consensus on the mailing list for the RG to commit
to identifying public key algorithms suitable for use should advances in 
quantum computing make Shor's algorithm a viable threat. I agree with 
William that the transition should start before we are forced to do so. 
As JFK said, "The time to repair the roof is when the sun is shining".

Volunteers for authors greatly appreciated. No need to limit ourselves
to a single technology/draft this early in the process.

Any dissenting voices out there should speak up now.

-----Original Message-----
From: Cfrg [] On Behalf Of arne renkema-padmos
Sent: Monday, January 13, 2014 9:57 AM
Subject: Re: [Cfrg] likelihood that someone has a quantum computer

On 13/01/14 11:48, William Whyte wrote:
> I don't think you can say that just because there have been few 
> discontinuities in the security of algorithms there will be no 
> discontinuities in the future. There might be, and if it does happen 
> unexpectedly it'll be a big problem. It's not a problem we need to 
> work on right now, but, again, that makes this a really good time >
to address it.

It makes sense to have a fallback algorithm set, as ETSI has done with the 3GPP algorithms:

They standardised both KASUMI and SNOW 3G with the requirements for SNOW 3G as fallback algorithm being:
* maximizing "cryptographic distance" from KASUMI
* minimizing potential vulnerability to algebraic attacks


Arne Renkema-Padmos
Doctoral researcher
CASED, TU Darmstadt
Cfrg mailing list