[Mathmesh] Quantum Resilience.
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 04 December 2019 23:11 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: mathmesh@ietfa.amsl.com
Delivered-To: mathmesh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E69A912096E for <mathmesh@ietfa.amsl.com>; Wed, 4 Dec 2019 15:11:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.081
X-Spam-Level: *
X-Spam-Status: No, score=1.081 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TO_NO_BRKTS_PCNT=2.499] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocSqNjbMmvoy for <mathmesh@ietfa.amsl.com>; Wed, 4 Dec 2019 15:11:21 -0800 (PST)
Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80A7E1209A1 for <mathmesh@ietf.org>; Wed, 4 Dec 2019 15:11:21 -0800 (PST)
Received: by mail-ot1-f46.google.com with SMTP id r27so859492otc.8 for <mathmesh@ietf.org>; Wed, 04 Dec 2019 15:11:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6QNbPJRJGjaZ8YY0nrdgOA+MN1ua90QHvgaiNrI3XOk=; b=MvNT/iwr3LgM7zQJ2plXt5Dae+e5w5StC5cH7BiYWW3W/n/jv2F9d1BGuYkc34bWLx MJ2iqR4W4jr07I53SKnW+vPyJOPa1Yfi77XCTwKG4PUiF4ibBOdqhwbc3fwd9eGdXQC1 A42NimzoQC7rLYhFGSUO4IkghVsU2nTiPnul3eUmhgHPSTy2djbBwKq4yl6oSxMESPu3 VWyWdclD30tbGBIR4BdbWEOQaOTDx92RlFYeeka/+0xffcbuua32r6AZn8XyRhUT4iDb Lf4bXjvXTj7hLVY9dy0aotaV/6Na4wlpzkelYUIUOp68zoAHxnYY8A/UH4ddmxaBqbq9 /8Gw==
X-Gm-Message-State: APjAAAVfOOruBLnqLJcw5s+C3T2NwXJjlF+nrwYCERFq7t9lf6ipVm5/ qfGR4y510arJQWc2QZQ9f2KosMoWGam5cDO37zYbeQUF
X-Google-Smtp-Source: APXvYqzKZxU+KLBWzg9hDkC7i0NclS7wazwPGYTbDse/i4ljlLayvdma/1o7U9u6mvMiz0fUhKKZskmeUwzQoYnYtFk=
X-Received: by 2002:a05:6830:1cf:: with SMTP id r15mr4704446ota.231.1575501080034; Wed, 04 Dec 2019 15:11:20 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 04 Dec 2019 18:11:11 -0500
Message-ID: <CAMm+LwjZ=2v5NDTLTN+0qNRJz9pOPmyQDbDcuUEyO8XZSGOD1Q@mail.gmail.com>
To: mathmesh@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003801250598e8ee25"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mathmesh/JK_i50xETCuWoYUmIMAwfxW1JZY>
Subject: [Mathmesh] Quantum Resilience.
X-BeenThere: mathmesh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <mathmesh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mathmesh/>
List-Post: <mailto:mathmesh@ietf.org>
List-Help: <mailto:mathmesh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 23:11:25 -0000
NB: Please read to the end of this piece before beginning a response. To expand on the brief comments I made at the BOF on Quantum Computing. 1) Of course Quantum Resilience is a serious concern. Any technology that could potentially destroy the global trading system needs to be taken seriously even if there is a less than 1% chance of it being realized within the next 20 years. 2) The fact that Quantum Resilience is a concern does not make it the only design criteria in new cryptographic security protocol designs. My perspective here is that I did my doctorate in computer science in a Nuclear Physics lab working on a large physics experiment. This leads me to read the press releases from IBM and Google in a rather different light. Of course the number of QBits that they can print on a chip is impressive but their ability to make use of those QBits within the coherence time is quite another matter. And at the end of the day, the technologies they are using represent an attempt to scale a modality known to have scaling issues to the very limit rather than break new ground in modalities (e.g. trapped ion) that raise those limits entirely. So while practical quantum cryptanalysis within the next ten years is possible, it doesn't appear to be very probable. It certainly isn't such a sure thing that we should drop all crypto protocol development until we have a suite of quantum-safe algorithms. 3) It is not yet clear which 'post quantum' algorithms are secure, let alone which are the algorithms that we should choose. 4) It is certainly not clear that the key splitting and combination approaches used in the Mesh will be impossible. 5) Notwithstanding all the above, the existence of a solid framework allowing us to make client side PKI practical while it is still effective could well prove to be an invaluable resource for effecting the deployment of post-quantum infrastructures. For example, let us imagine that we establish a shared secret for each device connected to a user's personal Mesh. Alternatively, consider establishing a hash signature tree as a means of authenticating future updates in circumstances where traditional public key signature has failed. If we hit the type of situation we hit with Internet routing and RED where we needed to lash together a scheme to save the Internet within 36 months, then the Mesh provides quite a few of the tools I would want to make use of in putting out a solution. In particular the fact that every Mesh device a user connects is constantly re-synchronizing to the user's personal source of ground truth via a Hash chain/block chain structure (DARE Sequence). I am very interested in such issues and concerns and looking at ways in which they might be addressed. But any such effort is very clearly an IRTF effort that is entirely independent of any work that the IETF might be doing on the Mesh. If government or industry are seriously concerned about the threat of Quantum Cryptanalysis, there is a very easy means by which that concern can be demonstrated: Fund research into post quantum and Quantum Resilient Key Infrastructures: QRKI. I would be more than willing to discuss writing a SOW for such efforts.
- [Mathmesh] Quantum Resilience. Phillip Hallam-Baker