Re: [IPsec] Modp-12288 and Modp-16384
Tero Kivinen <kivinen@iki.fi> Wed, 18 July 2018 15:35 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A09130F63 for <ipsec@ietfa.amsl.com>; Wed, 18 Jul 2018 08:35:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVlO982p9AbM for <ipsec@ietfa.amsl.com>; Wed, 18 Jul 2018 08:35:18 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C750E1311AC for <ipsec@ietf.org>; Wed, 18 Jul 2018 08:35:17 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id w6IFYivd016646 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 18 Jul 2018 18:34:44 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id w6IFYhot011911; Wed, 18 Jul 2018 18:34:43 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23375.24083.491329.962989@fireball.acr.fi>
Date: Wed, 18 Jul 2018 18:34:43 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer=40cisco.com@dmarc.ietf.org>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, paul.hoffman@icann.org
In-Reply-To: <573c2a4d6ecf41459726db7a976b1846@XCH-RTP-006.cisco.com>
References: <23374.2088.627941.395947@fireball.acr.fi> <bae851bfe5544c3b88d6dfbc8a84a5e0@XCH-RTP-006.cisco.com> <23374.23762.892194.932776@fireball.acr.fi> <573c2a4d6ecf41459726db7a976b1846@XCH-RTP-006.cisco.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 11 min
X-Total-Time: 22 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/oTcTKosPGm7Q1Qr__USHIXDEuhI>
Subject: Re: [IPsec] Modp-12288 and Modp-16384
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 15:35:20 -0000
Scott Fluhrer \(sfluhrer\) writes: > > That we do not know until we know what those quantum computers can > > really do... I have not seen anybody saying how many qbits you need to > > break MODP-2048. > > It's about twice as many as you need to factor a 2048 bit composite; > so about 4k (logical) qubits. > > > Most of the things I have seen talks about factoring RSA, > > and even then they do not provide numbers. > > How about https://arxiv.org/abs/quant-ph/0205095 - to factor an n > bit number, you can do it with circa 2n qubits. > > If you want other references, we have > https://arxiv.org/abs/1611.07995 and > https://arxiv.org/pdf/1706.07884.pdf both with similar results. We > also have https://arxiv.org/abs/quant-ph/0601097 which suggests a > way with 1.5n qubits; however that paper makes some assumptions > about errors that might not be true. It would be good idea to get draft-hoffman-c2pq updated with these references. > Of course, these papers are focusing in on minimizing the number of > qubits; it's quite possible a trade-off that increases the number of > qubits, while decreasing the number of (say) T gates, would be > advantageous; we don't know enough about the relative costs to know. Yep, and how many bits we need more because of error correcting stuff etc. > > draft-hoffman-c2pq also says that we might have machines breaking > > AES-128 before than we have machines that can break Diffie-Hellman, i.e., it > > is most likely easier to make machine running Grover's algorithm than > > machine running Shor's algorithm. > > That work totally ignores the amount of time we're talking about > with O(2**64) computations (and parallelization is less helpful than > usual; Grover's becomes less efficient the more we parallelize it). Any idea how many computations needs to be done for the shor's algorithm, i.e., breaking 2048 bit Diffie-Hellman. I have just seen text saying it is polynominal time, but I have not really seen any guesses what the actual numbers are going to be. And I understand that there is also quite big classical computation pre- and post-processing steps too. > Also, the interesting algorithms in Quantum Chemical modelling are > significantly different from Grover's. It's possible that there are > some proposed protein folding problems that would use Grover's... -- kivinen@iki.fi
- [IPsec] Modp-12288 and Modp-16384 Tero Kivinen
- Re: [IPsec] Modp-12288 and Modp-16384 Valery Smyslov
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Tero Kivinen
- Re: [IPsec] Modp-12288 and Modp-16384 Tero Kivinen
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Paul.Koning
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Tero Kivinen
- Re: [IPsec] Modp-12288 and Modp-16384 Graham Bartlett (grbartle)
- Re: [IPsec] Modp-12288 and Modp-16384 Yoav Nir
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Yoav Nir
- Re: [IPsec] Modp-12288 and Modp-16384 Tero Kivinen
- Re: [IPsec] Modp-12288 and Modp-16384 Michael Richardson
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Valery Smyslov
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)
- Re: [IPsec] Modp-12288 and Modp-16384 Dan Brown
- Re: [IPsec] Modp-12288 and Modp-16384 Paul.Koning
- Re: [IPsec] Modp-12288 and Modp-16384 Scott Fluhrer (sfluhrer)