Re: [Cfrg] Europe's "Quantum Manifesto" and QKD snake oil

Aaron Zauner <> Mon, 02 May 2016 07:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BEC8C12B04A for <>; Mon, 2 May 2016 00:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l-4uokbDCPuC for <>; Mon, 2 May 2016 00:05:12 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D1D9B12B040 for <>; Mon, 2 May 2016 00:05:12 -0700 (PDT)
Received: by with SMTP id iv1so70455393pac.2 for <>; Mon, 02 May 2016 00:05:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=5M/SgslUQO/iPWq0Y82Ww7AX8Nv7gUY57FcdK5RqS+c=; b=VQEjMgFldVyWe1XdIJ8ooTpUQurbdrVc+WZe8EqIqr4MzXYecwc5Ly+FKZOWhhfdFm VkPMNbPrNjzuYxwd23FqVDqo7Zf0c46eoX/diNhuubA/PujE29PoBrnQa6H4POdmOde6 j5D2YtQz2tGQOs3lgA4Rq43rEutH3tOPAaniY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=5M/SgslUQO/iPWq0Y82Ww7AX8Nv7gUY57FcdK5RqS+c=; b=QCnmrWfS8ZXFAS/XFmCAI32zZS65pXDZNgZsudvMVuhRk1EZK4DMmumdNNBhDM7BWZ EFefB4MTcV8ElK1BVd+nvXWvlanCKAf30Aff84aV0+3ZyfVD4fgPjmYjIJH6iKq0UuOk O8xFs8iuhsRWthFVJpuw1f77TTiRMHm6t2f1TM2fqfnm6/ww+Rq2HWb/Y8HwG4tfOG2+ +CKvJLwiOg3JNcgUjkr3oGYH0SAsY7k51G7cJA0y9h+wAB41FtkNhyw8GkLeSXX/qZf7 2r3DMuQF1Xu/eFQqj53blfSjsbkgLxW0WxkLw+wU8/DqxiPZS8SkI3jgoTRy8ULbPnqS XnUA==
X-Gm-Message-State: AOPr4FX4ZNUApOHKj1fm0yDtIF2cewFNNtEys59QxVWI5D8JJHZYBz/COoVRjJ/Q3s+DXA==
X-Received: by with SMTP id bz14mr49442337pac.41.1462172712375; Mon, 02 May 2016 00:05:12 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id 82sm42316139pfb.64.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 02 May 2016 00:05:11 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_BB78E26B-AB66-46A3-9B81-4DA05AD61E29"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <>
In-Reply-To: <>
Date: Mon, 2 May 2016 14:05:04 +0700
Message-Id: <>
References: <>
To: "D. J. Bernstein" <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Subject: Re: [Cfrg] Europe's "Quantum Manifesto" and QKD snake oil
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 May 2016 07:05:15 -0000


> On 30 Apr 2016, at 22:28, D. J. Bernstein <> wrote:
> There's a serious push---a draft manifesto endorsed by fairly high-level
> politicians and 1000 signatories---to get the European Commission to
> spend 1 billion EUR on "quantum technologies":
> I'm not sure how long the public-comment page will stay open:

Spot on comments, BTW.

> My understanding is that there's some interest in having CFRG become
> more proactive and systematic in publicly reviewing the security level
> of cryptographic technologies that are proposed _to IETF_. I realize
> that merely labeling something as a "quantum Internet" and telling
> people to spend huge amounts of money on it is not the same as making
> current proposals to IETF, but there does seem to be a large risk of
> future proposals to IETF, and maybe this justifies current CFRG action.

I'm not sure there will ever be any serious drafts to IETF w.r.t. QKD or quantum information/computation, as it seems to be entirely science fiction outside a lab setting. They may end up in the independent submissions stream ( Is anybody aware of existing publications or drafts in that direction within IETF/IRTF?

> Or maybe what this manifesto is illustrating is that the public
> cryptographic community needs to organize a bigger mechanism, outside
> any particular standardization organization, for systematic security
> evaluations (with some way of deciding priorities). Many current crypto
> failures can be traced to a denial-of-service attack against the public
> security-evaluation process---there are too many organizations with far
> too many crypto proposals for us to effectively review---and a more
> centralized process could help solve this.

JP Aumasson suggested a petition against this manifesto on Twitter yesterday, I think that would be a good idea -- if the signatories are well received cryptographers (and maybe even physicists).