IETF Logo Mail Archive

[Pqc] Re: [EXT] Re: [saag] Re: Re: [SAAG] A New Theory on Post-quantum Migration

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 04 November 2025 19:55 UTC

Return-Path: <prvs=54031b519f=uri@ll.mit.edu>
X-Original-To: pqc@mail2.ietf.org
Delivered-To: pqc@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3DF1282D95D2; Tue, 4 Nov 2025 11:55:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ll.mit.edu
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndf3JdLDjfkW; Tue, 4 Nov 2025 11:55:03 -0800 (PST)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) by mail2.ietf.org (Postfix) with ESMTP id E006282D93C2; Tue, 4 Nov 2025 11:54:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ll.mit.edu; h=content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=dkim1; bh=Bk2Zwg8pY69vmrgEn+2y2ZsCsz8Jke4C92kfB7Zc1Ew=; b=zIs9e3mDPqAgBUv0iWAjLNxqw3bVrkYaQ8MfjKzz39kuNNAXxNuvOICeVFyv0PT+ZOr9 97cRT5xPAH2UJe/F1TkHxMR+qA4NO9n9fcffXriGY3vJzpqCyAAv8Nif9NGmCkbZYZxd KM7YGa+azAmndHJNPgMqhf//Pmm3aRs3nm21rPeTihBNZ1rYZ8+lOoAzYbEKyeqko5e6 t0u7y6syo/TgmZincZ7SNsXGIEtrnd56EcqYRY3DRp0jfy/rBnJo73RHgbjjQ9zbhVh4 +K30uoOvUunMjLK3h5emS8lyX3nYUw758eEWW292HXfeqesMgrLZZLT2WHBHoWKmbQha 9w==
Received: from LLEX2019-02.mitll.ad.local (llex2019-02.llan.ll.mit.edu [172.25.4.98]) by MX2.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 5A4Jsl46061235 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 4 Nov 2025 14:54:47 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=unWPRM1HMXzHcK7x4wrRhud0WUdgTtdxEbYGuhKwJMAeHV23/52kEsEFnRHeQ2B05vxVOXAhXErf0T/tYo5h0kpQy9Wm1DtN5W9mMWhVWnq0zDkZBAa+PET1NxYie1zdhHzkys+aVn8mjnuy9fm21JMU8J9c6FOsT4RBC8gBY7fFB202Dec2VC3YLjwVll6Y2NDBM/Y7ZFlaMcsYktnp1KPEUWcsmQEWS0dnR8H4htjaJIBTTqzFh2gH49PFivG6DGa+9Uuz1Uk2qVyml/PoTUmoYgQ8Tb2ew2ZD3dZy0ODLoCWPJW/FdcN9in4lKUqz3yUpi5JI6zlfmKmBu1zsLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Cpn8kihiPa2Zab3rwHD3vXcAipHvQuANKaIk0NIBA0k=; b=S9VtInZyHn7fbEzVDgzuEO5OGlgQ+AnMT0qgKf98wJ+hEZ2e/cXgE4S6vU8cFFf+dvTQt/+1FliCo7c/fPpE7TpTotNOG7rwxNBxxVJifuqZ6BETPztuglNfafizODgREL5Ytv/doRt0pbr9gbQwCUYMMJqFvKbpyxaNBc23BL59lewUFOjjz7BPFl4gj93kAsUzYyKsgp9yOe88w8BtWIH+RBbgs/8cGvHuMuPY15kQSygaP5HZoCuqGi3A4XOILzVBWEMj7E+gEpLtfRTFZdTN8Mqj5xbcPhVXr+IYMnpeGZX+UAz7LgbMzx/Fjp69sK+rfkNm8MQVnrjbb9qJPw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "pqc@ietf.org" <pqc@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [EXT] [Pqc] Re: [saag] Re: Re: [SAAG] A New Theory on Post-quantum Migration
Thread-Index: AQHcTZMekZ+ptVUCBkKT91AOrP35zbTi3qmAgAAFVUo=
Date: Tue, 04 Nov 2025 19:54:45 +0000
Message-ID: <BN0P110MB1419BA852C5F5B91335D8C8190C4A@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <GVXPR07MB967869934DAD1A5715EA533589C4A@GVXPR07MB9678.eurprd07.prod.outlook.com> <20251104185745.1918322.qmail@cr.yp.to>
In-Reply-To: <20251104185745.1918322.qmail@cr.yp.to>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|SA1P110MB1598:EE_
x-ms-office365-filtering-correlation-id: b3c5505c-d01d-4d8c-79ef-08de1bdc011d
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|8096899003|4053099003|38070700021;
x-microsoft-antispam-message-info: g/0KUNdCkrKr/6CK0yLT43dT4y6CZIL30HORBABttqOYKCwCDbBJgiH1HWVFN5n4IKOqXrAsmkvRc4U8ycpmOGVpTHg6x66Y11spLG9d5Ew8UoPhcUsYS0gp5eoJRYSlsTkTOGi//e/cnmEBzYnAOfM8zyEPNJwAqLfGPYFSnwN/QoTgFrOC5Qkcs9Qad1Px7vmkcJyTE5ttuz/qBpG1sF2/weYI6mWdDDiuGoZ2/GFvGCj8amXh+UbMkxBbJo86sUUZkGV8YDOdue2WPFufnLzFe7ku4Vh16kYx6J/+7hgjq1AHyGjuO3vq1ITwEaoNmr1VJpV3LIRuXAekfgHxEJqoAX+/pTHpnnRDiwD8J+ywrhsQ5Q0K/ZXgB21w0AC7uweJEJ31OM10TvLMWVfeJ1ZElEBF494pU9AyAufIaYoSrwusKPTmiZrRtnoYq/8u/pOurQQ6EprVqrmYiwGnltdhudyxQ8PT45CXwNyuxIyS8Tp5KhwP9gLXZx8rRTTBna5r+ZC3kugA6tk0+4lpXbkTn7IG81bc4m4kj+HSalrnazxDLLUwxR5Tas2uez+cQxxGBKIpAuoiChALR8U528luXLj59wyhtAdCnW0aaM4zJkyGW5PJ1NCKqkGcox2HzVJb+raD7FOa8+V4zo1ZZ2pXzxgE+AW5ApZ5wBEk3vm3ytsfkM/0X5p8tsVI7dY3JBBfmR+CwXqFpRbGqcFNVO0e6GzaDi6sOoSD/+p6/oSJXjWGMy0Xj4SWcUkun4DUBM8uDC7I0EX5QuQoDSKAGVw9SajM2Uo8rHWszoaEilTIGa+kTggxMsdDHHEX9CC1OiVn5rqu4Sk3p3PDjy7cPc4Vq10/w87FC6NKN7irHmqE8oIipG/cVqJ+wnHai2ShEirn0XUous5HFn+THOV1Zx06tkiwLAKIZoG6hdUBnfVHZs507mzIwQKojvp22g4kZnoX4QYN4sySNF4TEcPw7EDbV7GcTC2r2DWyqhK530bNF2V233oEqxQsPRbpzwfHKyWVYUMXVgoyYQDIW7qwuZQzIj2UNur8ufIpJKbXHp1oi20lmERQZn5jQN1lRPW/e3BWV0kWtBVEEDhQIoFqJmyrC0QGGbT8pAhVUQvh7UYMwoRwCvS/D6u0g2QBuoyxg8Gwz/SOY9ug4SE8HwTF7VwaLg1vfxm9F8W3Y7kuBUNTk++A6k+3wjcpxHJHqELykpzA6VdcRyaKuKnWR3Nfw0CG5wQ0NZN+G58OxbHuLdo49x2hcc8b1Ockqzeuxs3qU0VVJdd0+qJIxfbjUg8DpMasWy62LUnzUMb9yktXM/SIO4t/z2Jgh6DL85JUZaB4p5xk8xWz8x5SL1kthf6Y8AhCmJXaDXTV5WR0Oe3uhUVKuQ+/zty0R1eBZeh6p5T0P1ABGUD6JYxT3wJ5icl7Z85RUZxi4Y9Wfxym+2hmu3lPL2RRtwpvwg0KHRpWzP54jNoV1rFqz/RR4i3sLAnXgg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(8096899003)(4053099003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UNbWysN5O8ENn5A7zC8eLYnxpmS/jjuyeKrWnnNfpSpgI4wS9xCIrKmqRMRH5WrZpic4+owd0YkWNbVXACGPhYOvdAz+lLQH2knaR63Noo+eMbgseZ7BjoEqAovh+Rqg9IDXmpPGi4w1SdvD8K2ZDGgayuKz2fLZHTnrrIxMF23hPL5AXpwjgBq9q/wkJf0xVvSuWDAbe18ulpKeE2P258tltzPkdieVjU1Ob6rxy+i4z/QSiFsE2fQOuQDF3pyVMMm0ZSunagbRSfYRtn1p8u7VNaa19tnOPmvQDykSBajfGe1RbfEZ2pOkA1OokrkEGE6kB0sPB2WLrYTcs+TWdsxcWQXsuYz80IHm0nXzgSi2XnXRsGTFq34+Z09HP65D0J2po5+/7l2tpwSEjR4vvIC9ON3+KnIgUJy7lHXg3lgNNW1tXqCMCTHX/tfG+YOB6GbQdla8BNiCS8tRGuU31vwfWKnPTY2ycrwGn4h/pB2AQP+H4UxySFAmJrX49mQsw2/MJVzTCuVT0VPmYwtaVZrrjk0uA/wLymUWBfabWv/XlPGljkfDwHLEi+Qqe+OCAIolH3yUF+DtyZpZm9m+ZHmiP5KN/z7AhAx88vSErMv5oImI06/odpirgxURGpxFtv5Ox8LltWL9bKILuINDXPsw9Gyv0z8MTUGhJuwuT7BIUQbbpuC6pYEZs4GruJHJK3PL/JYKuvIhJXIbWUS3r+uh7rUAizaKzhY/r9si/vLmjH7gOn1tvc/4kSPInMWEn9k/yMZ755BH0VEKs3CV4QNH1CCXnneUHbrhfa27cm2h2867J29M3AP8Z8rZhIF8JQ9EWpeq6eyWnPybYCiSLAes9cOTMQkjUNGzMNjJ9px5HGYT7Raqt4qtBaz8bMEREwEoXnq/trCHrKXXLbP3nWAEHPYTAGEWW1qh8/4SzkJsf8WZbGt86MLV6O7qjZP/1e6hInp8EV4h0UbTOxzz+PVbZbYUq94ZUGs9wjulSJ/6zLK2A4Sjv/gROMTjZ0zuMLiQ0G9flQVDHnBrbF6NJZJkHekDkHgwKigpIR/BBxAmxVeQfONe5F3ER41KcmFZ2naCA6dyZeKVt5DcxEHB46lILfdE+ThV3yJVzoj+HYrQDRIAs49GYX0U+3uC6WBgMM62mEPFmwdhlOd5URIUj8ogjRJmBBJ+IPGepee5GvSHViUBV6kPFQ8Z0LWCkXZuzeg9p8loPFAx3oVv4dmvUxin8P/UUxPA6VMqz8ASbnjaGm7tqvZNUkIy7eiOQtDMnpucONGdM/tfK+UZFstJOpvmKjsTl+dW4RhHtQmTIRRphULSRmQNjHNyAT24hgE/zop16DB1+V+2Ctzl0vfzTk+D5GUdTrQh8WhHn3HLpK/d2TjKwYQ7P6e3E4zYujax2qLNyG03O9u6DzhWPR0WzJnGJp7H5KsF+T5oETmxEsALlDExoPQhgocapdvytkxdaiKqoh59yQpRoK5T0PVD7wQ3l+mWGELDktmZcrt+pznd9vCXawZLDKPTJbyJJuVo
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_D80E6A37-414E-1140-BC64-A60741DC16D1_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b3c5505c-d01d-4d8c-79ef-08de1bdc011d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2025 19:54:45.8329 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1P110MB1598
X-Proofpoint-GUID: 6q4bC_povomCE-c2J4JZnSofJ2kgAk0k
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTA0MDE2NyBTYWx0ZWRfXytij8HXMNx2C wnUMKABIu6m04mkT3svp4+nh0qaHtQzVJk/RQgEn7/dO914FzF7gOZmR2zs+Wt2XLuxFqDXp29v Bz1WAiIOvt+EQhqeAradBzvCk8HnuDQXPcsYbs4SPNXMgaRQ1aT5BJdIeUeKlqrCgDpguSy33ot V6TT7bMbyhy5lZ89GowcmaKDfBjHih86X/xtfl26SiQbqNItvN4hxAxvlIsg7RpTTNY9dl8rc1d 47mtuJS820IbSzp/nOe6qriyg31Y84G0lDXZoXNEajm2TzZin7tQ==
X-Proofpoint-ORIG-GUID: 6q4bC_povomCE-c2J4JZnSofJ2kgAk0k
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-04_03,2025-11-03_03,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 spamscore=0 mlxlogscore=966 mlxscore=0 adultscore=0 malwarescore=0 suspectscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2510240000 definitions=main-2511040167
Message-ID-Hash: K33N4MF3CHC6MILGLEDC4MZHHYCWXZCR
X-Message-ID-Hash: K33N4MF3CHC6MILGLEDC4MZHHYCWXZCR
X-MailFrom: prvs=54031b519f=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Pqc] Re: [EXT] Re: [saag] Re: Re: [SAAG] A New Theory on Post-quantum Migration
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/milo8FvdvDa7lt2J4hdsLEM_-3k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Owner: <mailto:pqc-owner@ietf.org>
List-Post: <mailto:pqc@ietf.org>
List-Subscribe: <mailto:pqc-join@ietf.org>
List-Unsubscribe: <mailto:pqc-leave@ietf.org>

My take. 

Does this mean ECC+PQ can be declared insecure on the basis of, e.g.,
declaring that small code size is a "security property" and that ECC+PQ
is more code than just PQ? The only good cipher is the null cipher? 

Yes, it can. An extra attack surface is an extra attack surface. 

Here's an example. There's a problem right now of attackers recording
data to decrypt with future quantum computers. 

In that case, ECC part is irrelevant – helping at best only until CRQC. 

There are protocols such
as TLS responding to this by rolling out ECC+PQ concatenation:

* Maybe the PQ part holds up. If so, big step forward!
* Maybe the PQ part ends up as another disaster. If so, at least
ECC+PQ isn't worse than current normal usage of ECC. 

If the data sensitivity persists through the appearance of CRQC – which is the main purpose of the governments driving PQC rollout – then ECC+PQ is exactly as secure as PQ alone, not counting for implementation bugs that could make it worse. 

Skipping the ECC part would fail horribly on the second point. 

Not at all. It might only help for “short-lived” data. If that’s all you care for – then ECC+PQ (or ECC alone) would work fine for you. Otherwise – it’s a waste of time and resources to even argue about it.

v2.40.1 | Report a Bug | By Email | System Status