IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 09 December 2021 16:38 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 298263A0EAF for <cfrg@ietfa.amsl.com>; Thu, 9 Dec 2021 08:38:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lIYa7AV1wp36 for <cfrg@ietfa.amsl.com>; Thu, 9 Dec 2021 08:38:52 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E29763A0EB7 for <cfrg@irtf.org>; Thu, 9 Dec 2021 08:38:51 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B9FL0hj000718; Thu, 9 Dec 2021 10:38:40 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=rkhSfY6yRVwBS/DbspQMeLyjlOX1HSs2rHruzvgn+F0=; b=HjcmaLUVBd1ZGny9DGSu+ZPHbOKzL8oGPZ+xI3a9GrnBtabNIKS2KDeLzimlBn9XwKiB 5exsYYQWI9w7wwfw+Tk9WeVau6gqRuoFXLT4R9Lbj+ygfUSlGHuMd6Ulgyy2rCSHEN60 Rs055wPbW4DLL66oyC5PHyYX3rnM+n9csNdU10ovPsusG7+7Heye0Ahj8pAE6ZmMnzPo gPwhOm5yr3sQcif6ngq4Q1RG1bADoNbmIAPublMuCL6o2ZjBe08lAWphVSCjO2TM+5yF Nh+GiAJe9qZWximzrsuXL2fmZYDDIFR3eBQK0n+ApACr999Lbp/YYl+73JQfbiCTllKX LA==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2176.outbound.protection.outlook.com [104.47.57.176]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3cubfnhfbu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 09 Dec 2021 10:38:40 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nH/GWFg/OvgIZODYxBE8t5acPvWauKY9/BFaXf+YpoDkn1wEkn9txtGQSXYyedUew62D040m8AzRaIaaBX6DOug5nOqyOnbsmTEtMsR6llzzxerw0hqwQQGIADwd+wwJd6zTzSh/tvGCk9+zWgy3d1xeypDxjX1nVJphtuTlRqfdrlwbLgzdE63FSNDU+LHXzJNl9+Dq7dm+fOn8p+wID7RXFganqPM1j9ue4CLEQ1mkANe/NS7Ciq5gqLCWDFKb7X94UquoL1BFziBTrqmaG0kDtsU6gTBV0bdW44bmCZJBtPlE5fu6yrI9SNa7Qb7+6IgEecu10VSlBuqSilchlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rkhSfY6yRVwBS/DbspQMeLyjlOX1HSs2rHruzvgn+F0=; b=GLBDHHPKj6QIQ3VXVFbnk87+8jISxCxrDYZ6kNjQHSyioGfqSSddJacT1n9OeQSODU5Fm58ECcn0bUs/3zp7/1Ou1FXDNVXLd5viLdqIolebGprT+9R+xQHma0kis3RwcQ0gIuM8oOUskftqxTyE29g4xKAGTOUiDhrYizmRBUP0nPmmlivgaf0p3tgfcwxtR38EyxccgN7n9i/cquZVWfoE6CXbSiWkXC7Xwp3roEljbn5YnSz+xQnJs0YwEFgCtSV2ZdThVrZ9k75BIk2NFDLk2bj3UP9T1CIE1V6bmnWGxa0zyInlO46FTDB0MOOlCZFInbE94Xc8p3pqAzpMdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from BL3PR11MB5732.namprd11.prod.outlook.com (2603:10b6:208:353::14) by BL3PR11MB5747.namprd11.prod.outlook.com (2603:10b6:208:354::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.13; Thu, 9 Dec 2021 16:38:37 +0000
Received: from BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9]) by BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9%7]) with mapi id 15.20.4690.027; Thu, 9 Dec 2021 16:38:37 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Christopher Peikert <christopher.peikert=40algorand.com@dmarc.ietf.org>
CC: Richard Outerbridge <outer@interlog.com>, Loganaden Velvindron <loganaden@gmail.com>, CFRG <cfrg@irtf.org>
Thread-Topic: [CFRG] [EXTERNAL] Re: NSA vs. hybrid
Thread-Index: AQHX7QulQ48dXQZS6E+Y9gNKXseZPqwqW+1g
Date: Thu, 09 Dec 2021 16:38:37 +0000
Message-ID: <BL3PR11MB57320C7AF69BF237BB0193EC9F709@BL3PR11MB5732.namprd11.prod.outlook.com>
References: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com> <310998F0-F6A8-46D0-AF14-A85367169396@ll.mit.edu> <e8e80662-ac81-4845-8f8c-64ac81e30890@www.fastmail.com> <CAOp4FwQTyYGWLRoMYA_+kaGAzGjTb1Z=6kcQfGkmrw_7oEHqhQ@mail.gmail.com> <2213E164-231B-4D95-9CEE-5808E5EE8034@interlog.com> <BL3PR11MB57323BB269FE39E9BB19BC029F6F9@BL3PR11MB5732.namprd11.prod.outlook.com> <CAJ9Arpgo0TEo8Fc2oqqt2-7fe29_O5OeH3W5+uPXXpa7yog-8A@mail.gmail.com>
In-Reply-To: <CAJ9Arpgo0TEo8Fc2oqqt2-7fe29_O5OeH3W5+uPXXpa7yog-8A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bb376f8c-5174-4f6c-f95b-08d9bb32597c
x-ms-traffictypediagnostic: BL3PR11MB5747:EE_
x-microsoft-antispam-prvs: <BL3PR11MB5747E213EA428FF1E18DFCA19F709@BL3PR11MB5747.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4XORVE40Vg8fXwWObYFAXcjgDTd7Wc/48+wUGLyPEVQ0ToR3Le399Rm0ESd3kkglB+zK/6hjUO7Elhj2uFCuoFQgWMytqcrwPJ2io7iOYEsA79U9fXfV8PH3LMXQJXGeKUeGyviUfmkA7MIRkjC8TX/bpd7CCFtYtPEPB0eARwADY3om29TUUuYgxT530xLw1NljQH8QeWTdqBeEmICi4ETq3gtHEA9fEO2ofNoU8pHypuUZahuGhU4mpPweTtvInuPMyweAsE3ko14/Ogr9h3pPDKPQ+D17zTYHR4qglHWTKTY0m8eUi5HqeNzBQbeV6OqIk0+8oWcjLNX2M8xAAjlzP7sLjDl6dUlzVdWjMG3sKG9GGIciNcx8y237c8w6CovRrnU/QkDym/UJBYPR53XXSoR9DkiPGGs30dO5uyQwg1voWUZEz1uw8QEXmdipRiEWfEDyC4ddrXRv36bL+VXsFDt6hCEF7LECrZxueMUkCv5/KkvVmSAHisiKrZ5EhgwbfRQzyhw9zLcdAf49KX3d0zTeaFnNJNs0c8isJtMz79PD3MlV99tyQnTEd8o/D/XgNw7FvTNWqcC0lS4FOfNzuKEfJbf0Q+X7rCSi5iFSIXpfbh78vQU4ZccjmFBdBwRtV3bG3VkjdFa5347l4cCixkbiBRXHYBoqSsRCrbsH5x+A/hGGs65sUZ2NWeKu5cv2WmQJjaDVKegAVITqmA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB5732.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(186003)(8936002)(55016003)(4326008)(52536014)(7696005)(26005)(83380400001)(53546011)(6506007)(8676002)(71200400001)(54906003)(2906002)(33656002)(316002)(66446008)(66946007)(76116006)(9686003)(508600001)(66476007)(86362001)(38070700005)(38100700002)(64756008)(122000001)(66556008)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 51TwPaLVqQiw2gO/ZAVXXqxuBNulGhActV8YXK7snyjuh0Q0dzpsk1E2AIdt39HznpdVlEFAAoSKxRKftTUgz94TTEu1zoYrFTs15rbOH9LqOW3zksrqN9mlH6zmh0gO6FBloY745dxlJZiSHiLjrb8OvIRX59Ep7o+kHQUZuSVI3wlH5K5Np8hvD5rvQFzN4+OvitRcPm9M6B2hLG3S5dDlhGAYqLmdeWbDN0dsz1nNh80fczJO1L4LTL7guMAAvNdEH4NVhoLD2a2ZWsy9gPCEbsDavkJtTyb3fPUUFs189LiiCSU2NkIL9W5eP0rk8q2e0duPk2yQUDBQvns5IXXo2V5UzCHXlQGs7TGj+cITIAjRnNqxjHEtuE15IGL5kQCg5/EI5o2SZXE2T5V1tzMRjiaEfR6XSdAe3S8ZEUZDgcMgW4dog27yFlm7GSkjv534Dd1o7JZuYkUBDA2jDJeu7b54YzMajw81TgYxyDPnIPW7eFzDUkrGBq8lsWn0zHZNVe5cwCegczJIVCcnlHElr30tpZpg6UXktWFaVZsOd2630lvaj+2pNu2ONKWeo2gTRRz/idvCq0eF0XMtNTw61565hcIfIMhYhRjsDTk86t2q2LmlZ9hhKF6fWw5B3Ea6TIfAuS58DQ/aZLu/QlWReQ/nz30ljSKv7KpSwvFkK6G3hIyVSjtfRaSL0sDT2cMyV+M9DZcTOLRjgbwLGHrMWvrN01lMVxTJGNnBqc0q3yQ75NSX9W24tL7ZI+iRNn13xyHnxkC+U1UCf+yfs7SoBS6XVTUPv3N9HFYvmoxmLk7iy/zb9IdRgV5NvzYyPiDHtyEPnHX7YKU5c0bFsaIvI2DQ7BCl6u+e63QcvvNI7EwUinbWtVemd+Bzpog5esPJ7fV1DrRpx5eckT4Jy30cuAynTm3OzSQV17TLAbr0xDQ0aI9/TG6XwsPQMd8DpA6pYrI8n3/xk1Apws13EGXTJcWZKDl9DRw5saKRGUF4kuX/14gO6hzK4NlarHJSXMxN+er+9M2oh27khC44t5eX3UrKFhJl2RuAvXRGcUGiFa/1TDy0MZAz+0Z7MTXvBm3tsjbYRN4+i+HWqWC+O90lGV2x7RQJ7+1cNpVz1TRckofqohwcIx8KP28dBKgkyfmOhhyHYkZ2dttgeBpsfIOq4iciqcy7VtAzvTKQ4Ik5+MKeICLHfugRVjv0+mnblPn0tUe1icPk9hfvGyPUXtUdvokKWzqV0mo8adHSdITAl+aO1Wss0M2RWQyCi+vcN2DLi7vRTWhTbzXAOx2TORcA72lRBUulBIowkyNwozQoXVFX/e5o5/WdCcQDXCSIfpD0wTK7pgIqUJLxLzJHWvPAkj1F/wAywvNycEOVunLcbVNds9HyBqHE+GnxWjOsz1hHL4E3eb4BqzX1IzsDUQ4jieEb+SpUUdNA3hlY7Q4Q+/KfqSv4K0jyYbAjwjHOi/GUU2np7pF/IxuZVI/64Pnr2FiAXbQKOQ6BisdT0nN9CsFB+nf3UX7phNE/fT/c5z4OayI+6p9FauCo+ecMLo/z1x72xo71kV5f3na2jzVk/1P6R4/VDs7x/kD6OsNLivIUGOSaqDw3zSCdngatFQQgU+lQ2FDkJrg5uvyFHGqLvR++olCeKRnxxxzJnSBfiOPBxLbQ3iPNtdxpvlFopw==
Content-Type: multipart/alternative; boundary="_000_BL3PR11MB57320C7AF69BF237BB0193EC9F709BL3PR11MB5732namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB5732.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb376f8c-5174-4f6c-f95b-08d9bb32597c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2021 16:38:37.3189 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KMig0nmbXeMBvVdo5IT4/3cE1UlY/+GYjJeYniuFVTnWl5XXE3ojK1y9gEQpdMWjvQTBEamBVWN7CwW48gm1CnaaC/I5N8mslFnan3knOb0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR11MB5747
X-Proofpoint-ORIG-GUID: PSwHWBZxhaCY19rcXY-WbzSgvuBajTly
X-Proofpoint-GUID: PSwHWBZxhaCY19rcXY-WbzSgvuBajTly
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-09_07,2021-12-08_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxlogscore=913 adultscore=0 lowpriorityscore=0 phishscore=0 suspectscore=0 impostorscore=0 clxscore=1011 malwarescore=0 priorityscore=1501 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112090088
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/yxgOBC3YI2f7ZdKqZH-GM6Co3jQ>
Subject: Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 16:38:56 -0000

Thanks for the correction Chris!

In that case, I’ve probably been over-weighting that comment from Steven Galbraith in how I think about when lattice cryptosystems will have had “enough review”.

---
Mike Ounsworth

From: Christopher Peikert <christopher.peikert=40algorand.com@dmarc.ietf.org>
Sent: December 9, 2021 8:47 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: Richard Outerbridge <outer@interlog.com>; Loganaden Velvindron <loganaden@gmail.com>; CFRG <cfrg@irtf.org>
Subject: Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid

On Wed, Dec 8, 2021 at 6:43 PM Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:40entrust.com@dmarc.ietf.org>> wrote:
> As has been noted, so has NTRU gone through a good amount of review, even more perhaps than Rinjdael by this point in the competition for AES.

I'm probably gonna embarrass myself, but here goes ... The argument that I've heard made is that there's a quantum leap (pun intended) between the complexity of the mathematics of RSA/ECC and NTRU. You can mostly wrap your brain around RSA if your highschool teaches modular arithmetic, and the attacks if you take 2nd year uni group theory. ECC also 2nd year group theory. Lattices, LWE, R-LWE, and especially module-LWE are this esoteric combination of rings, fields, and linear algebra that requires a very specific trajectory of graduate studies (likely over-simplified, apologies in advance).

It's unfortunate that people have this impression, because it's not true at all.

Understanding NTRU or (even easier) R-LWE encryption requires just basic polynomial arithmetic. They can be taught in about an hour to early undergraduates, or even talented high schoolers (I've handled both).

Understanding ECC seems at least as difficult: one needs the curve equation and its solutions, the group operation (how points are "added"), the repeated-doubling algorithm, and Diffie-Hellman-style agreement. This isn't super-advanced stuff, but it probably takes a couple of hours to convey a thorough understanding to someone who already knows modular arithmetic.

Comprehending the best *attacks* is an entirely different matter, but that's true for all of RSA, ECC, and lattices. How many people are experts in the Number Field Sieve factoring algorithm -- the best attack on RSA? This is not undergrad-level stuff, by any means. Nor are the best attacks on lattices, though many experts have been working on them for decades.

No matter the area, the best attacks turn out to be a lot more complicated than the cryptosystems themselves. But you don't need to understand the attacks to understand how the schemes work, nor why they appear to be secure.

Sincerely yours in cryptography,
Chris
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email