Re: [IPsec] New Liaison Statement, "Quantum Safe Cryptographic Protocol Inventory"

Wang Guilin <Wang.Guilin@huawei.com> Mon, 26 February 2024 15:05 UTC

Return-Path: <Wang.Guilin@huawei.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 250DAC15108E for <ipsec@ietfa.amsl.com>; Mon, 26 Feb 2024 07:05:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.325
X-Spam-Level:
X-Spam-Status: No, score=-1.325 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, INVALID_MSGID=0.568, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3HZVq0GGBGYO for <ipsec@ietfa.amsl.com>; Mon, 26 Feb 2024 07:05:27 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 855DEC151068 for <ipsec@ietf.org>; Mon, 26 Feb 2024 07:05:27 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.31]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Tk3hf1ydVz6JBTL; Mon, 26 Feb 2024 23:00:50 +0800 (CST)
Received: from lhrpeml500003.china.huawei.com (unknown [7.191.162.67]) by mail.maildlp.com (Postfix) with ESMTPS id 1A61D140FFD; Mon, 26 Feb 2024 23:05:24 +0800 (CST)
Received: from sinpeml100006.china.huawei.com (7.188.194.124) by lhrpeml500003.china.huawei.com (7.191.162.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 26 Feb 2024 15:05:23 +0000
Received: from sinpeml500005.china.huawei.com (7.188.193.102) by sinpeml100006.china.huawei.com (7.188.194.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 26 Feb 2024 23:05:21 +0800
Received: from sinpeml500005.china.huawei.com ([7.188.193.102]) by sinpeml500005.china.huawei.com ([7.188.193.102]) with mapi id 15.01.2507.035; Mon, 26 Feb 2024 23:05:21 +0800
From: Wang Guilin <Wang.Guilin@huawei.com>
To: ipsec <ipsec@ietf.org>, "john.mattsson" <john.mattsson@ericsson.com>
CC: Wang Guilin <Wang.Guilin@huawei.com>
Thread-Topic: [IPsec] New Liaison Statement, "Quantum Safe Cryptographic Protocol Inventory"
Thread-Index: AQHaaMU314ioH1b06UKoCJxZ5YocNw==
Date: Mon, 26 Feb 2024 15:05:20 +0000
Message-ID: B4303849-D0AA-4B72-A692-19D530A759B5
References: <mailman.40943.1708785641.4452.ipsec@ietf.org>
In-Reply-To: <mailman.40943.1708785641.4452.ipsec@ietf.org>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_B4303849D0AA4B72A69219D530A759B5_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/t4LMi-VAN_CtaNpmkBYO_opvEik>
Subject: Re: [IPsec] New Liaison Statement, "Quantum Safe Cryptographic Protocol Inventory"
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 15:05:32 -0000

Hi, John

The first "C" in the term of CRQCs seemingly stands for "Cryptographically".

The suggested feedback to ETSI looks great, in my opinion.

Cheers,

Guilin
________________________________

Wang Guilin
Mobile: +65-86920345
Email: Wang.Guilin@huawei.com

From:ipsec-request <ipsec-request@ietf.org<mailto:ipsec-request@ietf.org>>
To:ipsec <ipsec@ietf.org<mailto:ipsec@ietf.org>>
Date:2024-02-24 22:43:24
Subject:IPsec Digest, Vol 238, Issue 10

Send IPsec mailing list submissions to
        ipsec@ietf.org<mailto:ipsec@ietf.org>

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.ietf.org/mailman/listinfo/ipsec
or, via email, send a message with subject or body 'help' to
        ipsec-request@ietf.org<mailto:ipsec-request@ietf.org>

You can reach the person managing the list at
        ipsec-owner@ietf.org<mailto:ipsec-owner@ietf.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of IPsec digest..."


Today's Topics:

  1. ipsecme - Requested session has been scheduled for IETF 119
      ("IETF Secretariat")
  2. Re: New Liaison Statement, "Quantum Safe Cryptographic
      Protocol Inventory" (John Mattsson)


________________________________


Message: 1
Date: Fri, 23 Feb 2024 14:53:56 -0800
From: "\"IETF Secretariat\"" <agenda@ietf.org<mailto:agenda@ietf.org>>
To: <ipsecme-chairs@ietf.org<mailto:ipsecme-chairs@ietf.org>>, <kivinen@iki.fi<mailto:kivinen@iki.fi>>
Cc: ipsec@ietf.org<mailto:ipsec@ietf.org>, rdd@cert.org<mailto:rdd@cert.org>
Subject: [IPsec] ipsecme - Requested session has been scheduled for
        IETF 119
Message-ID: <170872883663.41839.18417660557099050710@ietfa.amsl.com<mailto:170872883663.41839.18417660557099050710@ietfa.amsl.com>>
Content-Type: text/plain; charset="utf-8"

Dear Tero Kivinen,

The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request.


    ipsecme Session 1 (1:30 requested)
    Tuesday, 19 March 2024, Session III 1530-1700 Australia/Brisbane
    Room Name: P1 [Breakout 2] (size: 125)

________________________________



iCalendar: https://datatracker.ietf.org/meeting/119/sessions/ipsecme.ics

Request Information:


________________________________
________________________________

Working Group Name: IP Security Maintenance and Extensions
Area Name: Security Area
Session Requester: Tero Kivinen


Number of Sessions: 1
Length of Session(s):
Number of Attendees: 50
Conflicts to Avoid:




Participants who must be present:
  Paul Wouters

Resources Requested:

Special Requests:

________________________________
________________________________





________________________________
________________________________
------

Message: 2
Date: Sat, 24 Feb 2024 14:40:32 +0000
From: John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>>
To: "ipsec@ietf.org<mailto:ipsec@ietf.org>" <ipsec@ietf.org<mailto:ipsec@ietf.org>>, "spasm@ietf.org<mailto:spasm@ietf.org>"
        <spasm@ietf.org<mailto:spasm@ietf.org>>, "pqc@ietf.org<mailto:pqc@ietf.org>" <pqc@ietf.org<mailto:pqc@ietf.org>>, "TLS@ietf.org<mailto:TLS@ietf.org>"
        <tls@ietf.org<mailto:tls@ietf.org>>, IRTF CFRG <cfrg@irtf.org<mailto:cfrg@irtf.org>>
Subject: Re: [IPsec] New Liaison Statement, "Quantum Safe
        Cryptographic Protocol Inventory"
Message-ID:
        <GVXPR07MB9678A769864B5AA50B2F118D89542@GVXPR07MB9678.eurprd07.prod.outlook.com<mailto:GVXPR07MB9678A769864B5AA50B2F118D89542@GVXPR07MB9678.eurprd07.prod.outlook.com>>

Content-Type: text/plain; charset="utf-8"

Hi,
Even if JOSE WG is not included in the recipients, I looked at this LS and TR 103 619 that the LS refer to. In addition to the requested information, I think IETF should send ETSI CYBER comments on TR 103 619 that the LS is based on. My suggestions:

________________________________
---
IETF kindly suggests that ETSI CYBER makes the following updates/corrections in the next revision of TR 103 619:

  *   IETF suggests that ETSI CYBER uses the established term Cryptanalytically Relevant Quantum Computers (CRQCs). It is important that readers understand that there is a huge difference between current quantum computers and CRQCs.

  *   IETF suggests that ETSI CYBER uses another term than ?classical cryptography?. Quantum-resistant cryptography like ML-KEM and ML-DSA runs on classical computers and code-based cryptography and hash-based cryptography was invented in the late 1970s.

  *   As ETSI CYBER mentions that Quantum Key Distribution is not vulnerable to attacks from CRQCs, ETSI CYBER should also mention that Quantum Key Distribution is neither a practical nor a secure solution [1-2].



  *   IETF advice ETSI CYBER to update and correct the information regarding symmetric cryptography. The idea that symmetric cryptography will be practically affected by CRQCs is now seen as a misconception. The ?bits of security? concept does not work with algorithms that are not parallelizable and NIST is therefore transitioning to quantum-resistant security levels based on symmetric algorithms where level 1 is equivalent with AES-128, level 2 is SHA-256, etc. [3]. UK government assesses that ?symmetric algorithms with at least 128-bit keys (such as AES) can continue to be used? [4]. While classical supercomputers might be able to brute force AES-128 around the year 2090 [5-6], a huge cluster of one billion CRQCs (according to one estimate costing one billion USD each) would take a million years of uninterrupted calculation to find a single AES-128 key. Algorithms with quadratic (?2) speedup like Grover?s algorithm (which is proven to be optimal) will not provide any practical quan
 tum advantage for breaking symmetric cryptography and likely not for any other problems [7-8].



  *   The name of the X.509 field is ?Subject Public Key Info?, not ?Subject Key Info?.

[1] ANSSI, BSI, Netherlands NCSA, Swedish NCSA, ?Position Paper on Quantum Key Distribution?
https://cyber.gouv.fr/actualites/uses-and-limits-quantum-key-distribution
[2] NSA, ?Quantum Key Distribution (QKD) and Quantum Cryptography (QC)?
https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/
[3] NIST, ?Comments Requested on Three Draft FIPS for Post-Quantum Cryptography?
https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography
[4] UK NCSC, ?Next steps in preparing for post-quantum cryptography?
https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography
[5] CRYPTEC, ?Cryptographic Technology Evaluation Committee Activity Report?
https://www.cryptrec.go.jp/symposium/2023_cryptrec-eval.pdf
[6] CRYPTEC, ?Japan CRYPTREC Activities on PQC?
https://events.btq.li/Japan_CRYPTREC_Activities_on_PQC_Shiho_Moriai.pdf
[7] Hoefler, H?ner, Troyer, ?Disentangling Hype from Practicality: On Realistically Achieving Quantum Advantage?
https://cacm.acm.org/magazines/2023/5/272276-disentangling-hype-from-practicality-on-realistically-achieving-quantum-advantage/fulltext
[8] Babbush, McClean, Newman, Gidney, Boixo, Neven, ?Focus beyond Quadratic Speedups for Error-Corrected Quantum Advantage?
https://arxiv.org/pdf/2011.04149.pdf
________________________________
---
Cheers,
John Preu? Mattsson
________________________________
-- next part
________________________________
--
An HTML attachment was scrubbed...
URL: <https://mailarchive.ietf.org/arch/browse/ipsec/attachments/20240224/4e271a88/attachment.htm>

________________________________
________________________________
------

Subject: Digest Footer

_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec


________________________________
________________________________
------

End of IPsec Digest, Vol 238, Issue 10
**************************************