Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
"A. Huelsing" <ietf@huelsing.net> Tue, 16 April 2019 09:02 UTC
Return-Path: <ietf@huelsing.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0179312046E for <cfrg@ietfa.amsl.com>; Tue, 16 Apr 2019 02:02:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o7Lkx8VJpwsP for <cfrg@ietfa.amsl.com>; Tue, 16 Apr 2019 02:02:25 -0700 (PDT)
Received: from www363.your-server.de (www363.your-server.de [78.46.179.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F9E12046B for <cfrg@irtf.org>; Tue, 16 Apr 2019 02:02:24 -0700 (PDT)
Received: from [78.46.172.3] (helo=sslproxy06.your-server.de) by www363.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from <ietf@huelsing.net>) id 1hGJbL-000171-3I for cfrg@irtf.org; Tue, 16 Apr 2019 10:37:59 +0200
Received: from [2a02:8070:18d:9c00:6dee:3027:f8f9:ecfe] by sslproxy06.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <ietf@huelsing.net>) id 1hGJbK-0002oa-Ti for cfrg@irtf.org; Tue, 16 Apr 2019 10:37:58 +0200
To: cfrg@irtf.org
References: <155231848866.23086.9976784460361189399@ietfa.amsl.com> <CAEseHRrVomCo6KD7gidCRBzKJDzFZRQ+q0+PjfBr8tQT4dVpMQ@mail.gmail.com> <b016d1f6-68e4-9728-c738-ab72c593dfd1@lepidum.co.jp> <CAEseHRoLGFbf74HT9n2beryc9Liqf2Hz+_rh-yo6Q8hNqwCvNQ@mail.gmail.com> <CAMCcN7RTQU=a+SYVkGUHZ4enOhkA9j9i6ivMRDUwb+aXPZ9hBg@mail.gmail.com> <7AE82BE8-768D-4B70-B7F1-EAF6894E428E@ll.mit.edu> <9CABDAD4-AAB7-46BF-BED7-6A917F828F11@inf.ethz.ch> <27F5D9B6-A44D-4A12-B81D-C4FB01052113@ll.mit.edu> <810C31990B57ED40B2062BA10D43FBF501DB4A31@XMB116CNC.rim.net> <B79CBA86-3C81-4973-84C2-7DAD7B659CB4@ericsson.com> <CADPMZDCHgsP6=ssJymeoq7RP1eshWf4zk+N9Cf1DY-fk+ntCgA@mail.gmail.com> <1554167337418.62603@cs.auckland.ac.nz> <1A5915E5-E50A-426E-B8F5-6CCCA47AB392@ll.mit.edu> <DB8PR05MB599359EAB383B467DBE6DDB283570@DB8PR05MB5993.eurprd05.prod.outlook.com> <1555299362578.89262@cs.auckland.ac.nz> <2C14A5F0-641D-4B5A-B455-A0B90B2DA371@ll.mit.edu> <1555376274178.98178@cs.auckland.ac.nz>
From: "A. Huelsing" <ietf@huelsing.net>
Message-ID: <b95eaf34-c86a-bfe9-ab9e-c41e61202a7a@huelsing.net>
Date: Tue, 16 Apr 2019 10:37:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <1555376274178.98178@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="------------5A00D6F77E8AFDC9F0BDA550"
Content-Language: en-US
X-Authenticated-Sender: ietf@huelsing.net
X-Virus-Scanned: Clear (ClamAV 0.100.3/25421/Tue Apr 16 09:57:17 2019)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vL6BgdzG5z_6s9urZa8TuNo_BMc>
Subject: Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-friendly-curves-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 09:02:28 -0000
I am not sure if this reference already came up but let me add a large group of people with their opinion. The National Academies of Sciences, Engineering, and Medicine published the following consensus report: Quantum Computing <https://www.nap.edu/read/25196> Progress and Prospects (2019) Contributors are National Academies of Sciences, Engineering, and Medicine; Division on Engineering and Physical Sciences <https://www.nap.edu/author/DEPS>; Computer Science and Telecommunications Board <https://www.nap.edu/author/CSTB>; Intelligence Community Studies Board; Committee on Technical Assessment of the Feasibility and Implications of Quantum Computing <https://www.nap.edu/initiative/committee-on-technical-assessment-of-the-feasibility-and-implications-of-quantum-computing>; Emily Grumbling and Mark Horowitz, Editors Freely available at https://www.nap.edu/catalog/25196/quantum-computing-progress-and-prospects While it generally is an interesting read, I would like to draw your attention to key finding 10 which says: "Even if a quantum computer that can decrypt current cryptographic ciphers is more than a decade off, the hazard of such a machine is high enough—and the time frame for transitioning to a new security protocol is sufficiently long and uncertain—that prioritization of the development, standardization, and deployment of post-quantum cryptography is critical for minimizing the chance of a potential security and privacy disaster." There also is the urgency caused by the problem that things sent encrypted today can be stored and decrypted when a sufficiently large quantum computer is available. But who would store all the encrypted traffic on the Internet.... I do agree that there are a lot of things to get wrong when rolling out new crypto and that established schemes should be strictly preferred to old schemes as long as those are still providing the necessary security guarantees. Admittedly, I am not a pairings person but my impression is that pairings are not really an example of a long established scheme that we totally figured out how to implement. However, my feeling is that it will still take some time till PQC algorithms for advanced functionalities are mature enough to be selected and, hence, if people are already starting to use conventional algorithms of this kind it is probably a good idea to agree on the right ones. I would just argue that we should make sure that we can easily replace the conventional schemes we define now with PQC schemes in the somewhat near future. Andreas Am 16-04-19 um 02:58 schrieb Peter Gutmann: > Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> writes: > >> While not a quantum physicist myself, I do think you are downplaying the risks: > Nor am I, but this guy is, or at least he's a theoretical physicist: > > https://spectrum.ieee.org/computing/hardware/the-case-against-quantum-computing > > with expected "case against the case" responses, the main one being that as a > theoretical physicist he focuses on somewhat red-herring issues like the issue > of working with continuous parameters rather than the more pressing practical > issues of decoherence and error control, which is what's actually killing it > at any scale beyond "toy lab experiment". > >> https://www.insidequantumtechnology.com > That's sort of like going to Russia Today for news about Russia... I chose the > IEEE ref as an example not because it's the perfect critique (it's actually > somewhat flawed) but because they get technically knowledgeable people while > not being outright QC cheerleaders. > >> that's not an excuse to ignore the upcoming threat on the algorithmic level. > Sure, but you need to keep in mind when doing that that anything standardised > by the CFRG will be immediately rushed into production by people with no > understanding of how to correctly implement it, deploy it, and apply it, > simply because it's trendy. > > Prediction: As soon as any significant standards body like the CFRG > standardises PQC algorithms, there will be not just one but multiple PQC forks > of Bitcoin/blockchain tech and/or new cryptocurrencies built on PQC, not > because it's required or useful but just because it's there. And the moment > it's done there, the herd will follow because anything that BTC does has to be > good. > > Anyone want to make a bet with me on this? I'll take anything from "dinner at > Tony's Steak House" to "your research funding for the next five years" as the > stake, depending on how strongly you believe in PQC :-). > > Peter. > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Marek Jankowski
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- [Cfrg] Fwd: I-D Action: draft-yonezawa-pairing-fr… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… David Wong
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Marek Jankowski
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Dan Brown
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… denis bider
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Björn Haase
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… William Whyte
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Watson Ladd
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… John Mattsson
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Damien Miller
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Ruslan Kiyanchuk
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… mcgrew
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… mcgrew
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Peter Gutmann
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… A. Huelsing
- Re: [Cfrg] I-D Action: draft-yonezawa-pairing-fri… Paul Hoffman
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Salz, Rich
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Blumenthal, Uri - 0553 - MITLL
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Paterson Kenneth
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Shoko YONEZAWA
- Re: [Cfrg] Fwd: I-D Action: draft-yonezawa-pairin… Michael Scott