Re: [Cfrg] matching AES security
Andy Lutomirski <luto@amacapital.net> Wed, 30 July 2014 19:43 UTC
Return-Path: <luto@amacapital.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6188E1A033E for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 12:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OmaKljIxLyPl for <cfrg@ietfa.amsl.com>; Wed, 30 Jul 2014 12:43:02 -0700 (PDT)
Received: from mail-la0-f44.google.com (mail-la0-f44.google.com [209.85.215.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E9091A0158 for <cfrg@irtf.org>; Wed, 30 Jul 2014 12:43:02 -0700 (PDT)
Received: by mail-la0-f44.google.com with SMTP id e16so1291117lan.31 for <cfrg@irtf.org>; Wed, 30 Jul 2014 12:43:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-type; bh=yllpn+WauxR214aFwZ6TVP83wwdDRJarj05BJLmOnH8=; b=kI3o/78KSf58Pe6AB4eTQn9Bjnss/pGv44vr5RQBXvQEDw1gbTakY3HdndN86vEM/U OPwBACtUCYozWyBBaWV4YjFQi13d7JYXlJcMLLvtgH6rHbcQFGHqEgXQYi7Xi5SpLWDT 8hlAh73zIL5yKJcJptqecDbaJEAr8o2WNWsHxMUWZBQm+BE4LJ8cLOoa0RvX/0sgdwkw 3G4qqd3uaDOBBmDfLPMgZrSNkfx2ZEIHi02a5svgTzVf0KjPTxTqAV6p67PY3ilVQVhV x17aD/ooZMCMcKZem4nZfbvOnjJc4rz9hOgZRi14DLosDu00Ci5q5Lb4VU7TqzY422KX Gv2Q==
X-Gm-Message-State: ALoCoQlH/70487UUwvmAgS1HFuX8UI7xFQg7ajKc2WT4zOWS2/e+BvQtYWDYFyNgUIFJWmi3V3pi
X-Received: by 10.112.63.65 with SMTP id e1mr6623894lbs.81.1406749380410; Wed, 30 Jul 2014 12:43:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.36.106 with HTTP; Wed, 30 Jul 2014 12:42:40 -0700 (PDT)
From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 30 Jul 2014 12:42:40 -0700
Message-ID: <CALCETrXnuXkYz0sQvMk_tQrGCBUxuM+mDP4pDLh4SwDVZKxV2g@mail.gmail.com>
To: Andrey Jivsov <crypto@brainhub.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/w0wJIG9wlyhG7SotHxPhQbLZlkA
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] matching AES security
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 19:43:04 -0000
On Wed, Jul 30, 2014 at 12:26 PM, Andrey Jivsov <crypto@brainhub.org> wrote: > On 07/30/2014 11:47 AM, Michael Hamburg wrote: >> >> * Quantum computation. More bits of AES buys you more resistance, but >> more bits of ECC does not. > > > Wouldn't more qubits mean substantially higher cost and it will take some > time (decades?) to get from 5 (?) to 256 qubits and beyond? Good luck. In my view, either you have a scalable quantum computer or you don't. If it's scalable, then you can spend a bunch of money and scale it. If it's not scalable (and the current things that factor 15 aren't), you can throw as many fancy refrigerators and copies of the machine at it as you want, and you won't get anywhere. The asymptotic complexity of Shor's algorithm is *really* good. > > If so, higher bit curves have an advantage, esp. for persistent structures > like CA certificates that cannot count on fast crypto upgrade. > When someone has a quantum computer, I will consider all crypto based on Abelian groups to be dead, full stop. (There's some reason to believe that crypto based on elliptic curve isogenies might survive a little bit longer, but the quantum algorithms there haven't been all that well studied, and IIRC they're already decent.) --Andy
- [Cfrg] matching AES security D. J. Bernstein
- Re: [Cfrg] matching AES security Robert Moskowitz
- Re: [Cfrg] matching AES security Natanael
- Re: [Cfrg] matching AES security Tanja Lange
- Re: [Cfrg] matching AES security Paul Lambert
- Re: [Cfrg] matching AES security Benjamin Black
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Michael Hamburg
- Re: [Cfrg] matching AES security Andrey Jivsov
- Re: [Cfrg] matching AES security Andy Lutomirski
- Re: [Cfrg] matching AES security Andy Lutomirski
- Re: [Cfrg] matching AES security Michael Hamburg
- Re: [Cfrg] matching AES security Sandy Harris
- Re: [Cfrg] matching AES security James Cloos
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Nico Williams
- Re: [Cfrg] matching AES security Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Johannes Merkle
- Re: [Cfrg] matching AES security Robert Moskowitz
- Re: [Cfrg] matching AES security Brian Smith
- Re: [Cfrg] matching AES security Peter Gutmann
- Re: [Cfrg] matching AES security Andrey Jivsov
- Re: [Cfrg] matching AES security Watson Ladd
- Re: [Cfrg] matching AES security Alex Elsayed
- Re: [Cfrg] matching AES security Peter Gutmann
- Re: [Cfrg] matching AES security Alyssa Rowan
- Re: [Cfrg] matching AES security Phillip Hallam-Baker
- Re: [Cfrg] matching AES security Dan Brown
- Re: [Cfrg] matching AES security Dan Harkins
- Re: [Cfrg] matching AES security Ilari Liusvaara
- Re: [Cfrg] matching AES security D. J. Bernstein