Re: [CFRG] CFRG and crypto-threatening quantum computers

John Mattsson <john.mattsson@ericsson.com> Fri, 01 October 2021 09:03 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7277D3A0BF4 for <cfrg@ietfa.amsl.com>; Fri, 1 Oct 2021 02:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLqkLo8jRgwK for <cfrg@ietfa.amsl.com>; Fri, 1 Oct 2021 02:03:39 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2081.outbound.protection.outlook.com [40.107.22.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BD5D3A0BF0 for <cfrg@ietf.org>; Fri, 1 Oct 2021 02:03:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nHnXyEd+c9tgpn8SDpC8ycth9BcX6dLD0hMI5DZ/9qvCRJHmP4kYKuiwL4TyNPG92s2Ua9cucTy68PxfMGXCs3yrlABePOSXdhFj96zJheiOa/uyPYxjHu4F+lahnLuSShBis+YMKXR891ViU4tsh9aPqrMJX4nH7235odmYn5lZA2k5R+N/gO3tFfyR1fja3fTSsj08UbG7Axt3Lzo9Q0G8Ba5wpXvK/pJp3A+27czMckM7C5YCVH25ILlBK6/dTvunfGsAnMqWQkCTwdT4POiOmLEBVdPS5mDtDnjlSpYM7TwyQaNQgeS62UbJyczZKbqYLgmlf3tmyla8f18sIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=r84wrVptRK5iztUGbAPnDrsUCJnUv+bv/riIXyOHUL0=; b=jFSYDtYUMmmz8LRQWZKZ59HqvrAxTKzNCnwa2QWWjAkAusvfwHiflNEjHAUydrtvzgOPzLw6PwtDlVEZPc/6PzPRB6r3BfMvYNORzIqsfoVFtSOwMAGtGviNafWTcku4xvg2zv9IrLMmaCqdF/XNHbM/iC4nsrySzQqxAgfMrhx/alFQvDUZZ9SD14RIJAf0NyRODtVdH7vySeChpT2CML2lG5fTtgNJ3eQLIfCeGQ0bbGpVUK3YG5+0TayUv+vmRxQ0Dfsl8II7za4SJ9J8hB6mTDKuXUEplDT7pONtLcjF6UmAHMFtGlw14M/QdLm7o4ONE9DNhj1FNF4ZFR2pBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r84wrVptRK5iztUGbAPnDrsUCJnUv+bv/riIXyOHUL0=; b=nbRNtB0nsXoa/qFZws/Eoyyqr0i2eyf6x2h/vL/ffIyjjphiczApOd6wJm4nK6ZcOHi9H20b4Xv8aDgD4OXt6rFo3SDwvly+AWfkYw8kBM1kVXo3zEdkcDhAFKchU7YSCeJg3uggWcSZ3DL+uULUeUTbVsuB38YrjS5xRYslyDQ=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2938.eurprd07.prod.outlook.com (2603:10a6:3:4b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.7; Fri, 1 Oct 2021 09:03:31 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::d012:63e4:344b:a81b%8]) with mapi id 15.20.4587.012; Fri, 1 Oct 2021 09:03:31 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "<cfrg@ietf.org>" <cfrg@ietf.org>
Thread-Topic: [CFRG] CFRG and crypto-threatening quantum computers
Thread-Index: AQHXrA7yDY12iqqwq0Gk7Qanu1eIi6uoyz8AgAAMeoCAFRUF7A==
Date: Fri, 1 Oct 2021 09:03:31 +0000
Message-ID: <HE1PR0701MB30505B718236FFFF4CAC9DBB89AB9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com> <00DA2E69-D80A-4CA7-B744-97B30F237501@ll.mit.edu> <20210917184114.4gnz7g4dl7euf5po@kaon.local> <A3231C7A-6DA6-47A9-96B7-0A90339EFB7F@ll.mit.edu> <20210917215621.q675hgb77nlejshj@kaon.local> <CAOvwWh2v3ovm=JNW_Z=EXSfYabH0sw5U_m-TkA6mSQy+-YHtNQ@mail.gmail.com> <AF60635C-B6D4-4EC2-B84A-D1AE70D6507A@vigilsec.com>
In-Reply-To: <AF60635C-B6D4-4EC2-B84A-D1AE70D6507A@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d196f833-0bfa-435c-efe0-08d984ba5743
x-ms-traffictypediagnostic: HE1PR0701MB2938:
x-microsoft-antispam-prvs: <HE1PR0701MB2938FD4B4872C47C95E56B8089AB9@HE1PR0701MB2938.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kStIlcgf4MTepeFlNauMRNtvR/Tvr+6eccRqpos/f4DRC9qw2imdEqwkP+oYdZelx2/6vB1oiK0sCxokPfxGYtrX6TJ99BFlkCymeQV5R5mP5AOxpAL9DR7KECk8ThfmTZLGoCgyvuDwVOQRCQIIa7VIukiYYt0gPrFyzusPGdNaXj2agqgMaU8PYRqOmZmjsv/oheV/bv3giJyXehSFtviGQBRr040ceGw5ujZB7xB+sDqk5nb7zUPvMTbSpNlz6Rf9TWBzm6pWZfi2FW+p/BKMhWuEqZlyk3WGY+6cmLGBwmMloixm1Kk+xqv71kv0dx4SzE/URThqt1ETCbeBCsVNEi0pZQsIe+kUlfMDQ8/SG8MerumZeUgbhw7ugoynhvI4SOToZ0SZ1AST48BezcmPM+vM2xZRqaMSJphKn98G7qT6Kl6GwlLuPklSGZZz8VW+AXk76B+GUo6UlodDDN3jojb0sIEurrto2wCzI/5XFufR8FA0jdOyBPyRBVJG5tffVRMCiG7V3P3sVeyyiHcObtabBZ/MMn9PU9xKr+LmSI9o92q2b4Ib3P0IxFzqz0NCNZszu0VNnFzWMMliCjDZy+WzvBZSQB1UH7FzOsA9XtCxguJ3svKcIh4E2POv1GDA7z/cNM2zWMyHWqmjU34XwqyhCc4LPm2wo2wRz2ekk2tpIchjbHrEg5bMekpCUb+OOwYuiwm80lLgMz3KzedmlRQi3DHZsrDvnl8TZxMksexm8I0EQH922FhPMvo4Crgae6RU5rs2XWUW1GTs7OoXHTtU6hSePWG4somGaF3yTQghAOG2y7/KJ/km9ERK
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(186003)(8676002)(55016002)(44832011)(9686003)(66574015)(316002)(71200400001)(508600001)(38070700005)(83380400001)(86362001)(5660300002)(52536014)(2906002)(8936002)(66446008)(66556008)(66476007)(166002)(6506007)(38100700002)(122000001)(64756008)(76116006)(66946007)(33656002)(26005)(966005)(7696005)(491001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?mMat5/U0E4yprQ740Fyvs/v5pYM8LvZdJGVSwhOIZwiasUCS3jBG/U8kbg8Q?= =?us-ascii?Q?LhW8h0hby29tNXO3ZCoov0qy+322pwSjMeGiD/emLvb5izIhq7YxDQCAJYof?= =?us-ascii?Q?ER8JKZiFuXaWEXy1DkDV1PHeCUg0KFkbS1Ukbkvf90pcszZ9o7LepxsOAPEY?= =?us-ascii?Q?arn2kNa9qvjFOFU5W5rKtPUMDHD4YaWyMtKAVXDAizK3LBPB54cGXVB0YwRC?= =?us-ascii?Q?uc7XhQMh+RVUaE29aej7sNjFSqmOP0x7RexGK/1RE+UDViM5LvUchg3a/Wp+?= =?us-ascii?Q?JR/lZLZGWQMwz9DKDW7dIn+0rt5X2EznqXAk/vHLA5ajVE2KDCYJj02f/kpk?= =?us-ascii?Q?i5mXsMTD9o96oGpJLpH+14LfTXnVpsNhHxBZKNewkZEp8mI1Q572qe7UU0uL?= =?us-ascii?Q?pGPNnqSlbhrKTjRn6JVPQrL3bfKiaEOdhhqdUIBlQ7Phf5vkgn1X2Y6LemmZ?= =?us-ascii?Q?p/T6mXtao1WM9Vq/dTI3T4/eg1QRq3yrCxM/zj8SjgDZKQwVPvVPoDd1LN8f?= =?us-ascii?Q?y+PbtBKGNpF7v/AXLtWWRNWmvbETDqMyrasYkOpXm9XJBhBtlUiJ2ghRonss?= =?us-ascii?Q?JFZX8qvV6173S6mVQGuhiM/KSyvu7Qh5rb3zm38RGlHlTIKpV5NY3yulUbJb?= =?us-ascii?Q?nridSAi5/lw1vxvpfDT4Q+8is/oN8O4U5FWiYKlhNnZCnjjQ35wTcXqPQvop?= =?us-ascii?Q?JEfUarycHtllHKFzYXKb0x8bPHP8t1zKUNYQ2D7d6Xq5Z+0jPOtfDdV23tvq?= =?us-ascii?Q?QVgTVQv41TaIxZbLNDVN3nNKtSPysfrHgNw+wPODYhB8JwucV16WMQcDjsK3?= =?us-ascii?Q?wLtYO/BnmPpdCvRzrn3CpkZp9zktkQ5BleETId+96UTg64FDONf3eAAghaHc?= =?us-ascii?Q?cll7vGvqVKIIrsQO2FbrtYwPbuwCmiz8qcezF1dDRqFesy5q8TgTk4ZX5vZp?= =?us-ascii?Q?VJHEjP/nXjkE24AhKdoFDj0j+4fN8QwPs6gL/g1/XRwPlTfSu1Z4fxvTdzvy?= =?us-ascii?Q?Ow2/BpsaDL2G5uKs3biVM1gydKbgc5Tfta1RANoKoCfKJNmBWwxbpRbZH3N7?= =?us-ascii?Q?tirEatPjfNjwjIlqqlScaJitepuFUFQZQpJWpwuDUT8Jo48vxjLivG8A5ima?= =?us-ascii?Q?hSK6u5rshk2WdHLrYVktmBsqByqHhfLhyoE+br+aqYPVV+VSmf0TZA15agpz?= =?us-ascii?Q?kUye6+AMBw0uDi7Gvic7GeSSL8TDM14VaFQR/cx9YAqnolrWrW6DbjeTVgDg?= =?us-ascii?Q?djHAsxpqSUSZxj0bJODBLL/2MAVtvRwQ77I31C3bblmkk8zMvdVZlISkr8fA?= =?us-ascii?Q?8eLMx5jPgK5XlYI88P9t2IgyluSG/oxIV3gpWWO9wvhQTA=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30505B718236FFFF4CAC9DBB89AB9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d196f833-0bfa-435c-efe0-08d984ba5743
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2021 09:03:31.1689 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7+St0xIoQt0HvO8i2t0buvUfcDvwI0BSBzB/kOlfdvbP4WsX35N6DnTDz8rzWKrKRo6F8r+QKuEu7b81FqKW8s79HQiu8+fl+4TNkWVkZlg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2938
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/v-grJ0gb4Q_Lv9iwMCWG3guP5jo>
Subject: Re: [CFRG] CFRG and crypto-threatening quantum computers
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2021 09:03:45 -0000

Hi,

I think US government (NSA) has a quite good stance on this for protection of US NSS systems expressed in their recent FAQ:

"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist."

Yet they plan to begin transition very soon:

"Our preferred parameter set is Section 4.2, LMS with SHA-256/192"

"The intention is to update CNSA to remove quantum-vulnerable algorithms and replace them with a subset of the quantum-resistant algorithms selected by NIST at the end of the third round of the NIST post-quantum effort."

End of the third round will be close to the end on 2021 if I remember correctly.

https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF

Note that NSS is very high-security where TOP SECRET information needs protection for decades. Many other systems should take a slower wait-and-see approach where PQC is phased in when the quantum threat is more emminent. All information does not need to be secure for decades. Current PQC algorithms have limitations and the sizes would be problematic in many IoT systems.

I think Quantum is an area where CFRG also need to filter out things from academia. You can find statements from academia that quantum cryptography will magically secure the Internet and that that quantum computers will soon practically break AES-128 ...

I think CFRGs current approach is great. CFRG specified LMS and XMSS for systems that want to consider risks decades into the future. CRFG also works on ECC and RSA for systems that do not want to consider risks decades into the future, or for for the possible outcome that Cryptographically Relevant Quantum Computer (CRQC) will never be built.

Cheers,
John