IETF Logo Mail Archive

Re: [saag] [EXTERNAL] [Secdispatch] Clarification on my PQC remarks.

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 27 July 2022 03:08 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD5FC1345EC; Tue, 26 Jul 2022 20:08:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDjnBJn5XxbI; Tue, 26 Jul 2022 20:08:01 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F1DC165651; Tue, 26 Jul 2022 20:07:58 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26QH4AM9011236; Tue, 26 Jul 2022 22:07:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=Yn0tbrGfuQsz75YrL2+pqiZfrFnOpSJif9K1hv3D/bc=; b=EcVLMUhireZOV0RvQ2RlwQRwqzobdy9eayfeyoK0e0UWUr+SN7IfW/qYR5saOgBDZCd9 YsZOywWc4vrIUalITFwSmCI1dT/nYhGnwYIIv+5b0y0zv11vd/nOGAZDE6vOXTf0vBMx c8yRdpXfMWBKHQ2TgCcoGAr89jvh+9gUXMV2rVhF6gFw+HXYRB95cctCC5SUkmC+8r3Y oO4r09b7OhwZV8oVxFRlvPqCOKZP4zyrzsH1CGByVPryldTVq/FM9Kpiz6ZoFIVPSN/q UYWhMiz7WWPseKdzNvMedbRS5yUeGMDPX7uuonEbMhU45B5kERnvR6qsG5pVoEdSvg1i /Q==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2109.outbound.protection.outlook.com [104.47.58.109]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3hgbyr3dkd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Jul 2022 22:07:53 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dv0EGw7nMicXltLTT5rEaUQM9ldKyI6/OcU/xd+4eG5caKIBXMBO70gamOkNOA9RUh3s8/nbaT5KhefDi8UmjFm72qLpx4IR+L8LnFZ8hCV00+I1M2GlyF21ZeCvgwEWPXuVfu1o27Ly9mzaNVIkhfYFWH0KyKbhKqQc9q42NyJaVbulPlQ9rrIixjZAm2zrN9of+QKKUI/XEtOm85Wv+Cu4vCMKlvCHeNqNjUx3MbA1HzA3iJCzG49kLKfFiyS/eGAJyYUOfX39TW6Evc+MSuXXdJJDE9DtRPtIEB6aWiTf/IPhMIBmV2vD5f2SA9EgH8P3qXHMzIWlQ+BwdSDlTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Yn0tbrGfuQsz75YrL2+pqiZfrFnOpSJif9K1hv3D/bc=; b=Gq+TnUSiTW7GmybKqjKG21VRWHLPw55J0TRFBWb+rCPfx4VTdOxzUPH+FQsFGg8cFotwFMFSk5jXy9Dn751jdCPZg5b7Y+GmGWKfGomWn/fmLu0umwLfk6W1NGPlxG1nCUz52WabVfeqiI/BEdgGi+FB/Y11g9DDfck9Kpd7qMBORlahiR+QUjVhZTwFJXHOY708KNs7wd3za/dpzpczUKzehYAPKLv4j8nIWudZm419ynkhy2Uvm8RiH8LOptyvDkmV9X66VrT6HW9rcXUigVNC6S5niYvntuGYLeFcHxeGTB9o8vq+G7EsGZtVeWYKOlR/sbUqZTmNhQVx+ymG+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by BYAPR11MB3624.namprd11.prod.outlook.com (2603:10b6:a03:b1::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.20; Wed, 27 Jul 2022 03:07:48 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::28d0:f946:27df:f27a]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::28d0:f946:27df:f27a%7]) with mapi id 15.20.5458.025; Wed, 27 Jul 2022 03:07:48 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, IETF SAAG <saag@ietf.org>, IETF SecDispatch <secdispatch@ietf.org>
Thread-Topic: [EXTERNAL] [Secdispatch] Clarification on my PQC remarks.
Thread-Index: AQHYoWEn8bBSp/FlzkaKTHm/2JAIsK2RgvHP
Date: Wed, 27 Jul 2022 03:07:47 +0000
Message-ID: <CH0PR11MB57399776B2FF918B74FB70759F979@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CAMm+LwhD+y+NM0GxgtqEGc-v6rGj+323peD2MTtsOQ3seW5RWQ@mail.gmail.com>
In-Reply-To: <CAMm+LwhD+y+NM0GxgtqEGc-v6rGj+323peD2MTtsOQ3seW5RWQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bb57ab6f-ea4f-473c-9f62-08da6f7d2f37
x-ms-traffictypediagnostic: BYAPR11MB3624:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: X7xvKnzVW96hifIitdrNm/FbXh+LkckDBz2m8DgHRJ7oFuulfH27N8+2CymO/k5r2J0j1C/ea4Sg1JdPuWC/xKnZ61Ef0Bi5KTIouB9wq5ISnX+xN7K5SV2lnb9twvMF6yh9hQBqa0KdrBLMyC8FijLDHcDmfHpDK+lPIzJDvsN5miivh6LNOZ1jAJWzX3e6HbUEZEB2S4AwLRLjVlJUz1bzs4mLsgCoda+sj35L+U5EGATsyVYJnaDyM+8MOwcMPhvdDxXDnlk/wejJ+D6Zss+SlmweH5PbSuOWlz7IchKzrabZDE5ZfJlqj0F7IDUBTh3ccmZZYSbL/Bfvd6wYEktKiobDE1TQ+ifpIa4OLTiXlwsmtiznJrYjIjJMNDMmbgh0SZLDCAE4PfjZWfH1nN49R7Ohz3hOgQg3SpIdgN8GFuMphpmw/yIzmx5l1OI3lE+OJlvpYGRykM6DYwU/+C5/fq8EaBGQtk11zHPLJqdb7QvcCklZWlhlmQii4Bqx4ly7xmdbHQOqhxTtbIjCTGI7YkCSmRjCD65rlzQtT50C3cbwkq0iczVvmSk/nefWod+CW+M4OR4BGzvmVA8LOKnIY7VtZ5sKyj3hgp9yMfJY6GlX8wCR0B+KewpglzMkPXruC08dIenJzDNEXRbxQaU1Hs0b1xAStrwr9Oe6lAQVIngWIzObzGx/veriTeWZc/eM3q6WIWhbUn19WcskoiK5tU4v0tHOVeOdrgM9rJCqGmEp9ZmfYQp7O9WmagEHIA0opnOdG0iAbn3lRCzORX4iVKpFEBv5TCpv98SwToOGUBwX9LaCQQdwDWzQEVikif5EsevPCyZo0EXq73hdig==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(39850400004)(396003)(366004)(346002)(136003)(376002)(38070700005)(8936002)(76116006)(66446008)(66476007)(5660300002)(91956017)(33656002)(66556008)(186003)(110136005)(66946007)(64756008)(8676002)(86362001)(316002)(7696005)(166002)(6506007)(2906002)(52536014)(41300700001)(53546011)(83380400001)(478600001)(26005)(71200400001)(45080400002)(38100700002)(122000001)(9686003)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PqlDQ/+3pw3x9kZq6/13/m7saiUSm3NyV0La8av3LTtmA39iPgZqTzhzBHxX9hlnmRbDU3qUU6IIGqE2JI4fyqvaEObhWi9ckOQ/SYdVMgQyrDDA7NBC+EdIllhXoQ39PMaURYfIUCasvTmGZo2GXyukwM7x6ECtsHygz9cVk9ii7FNP9df4rJ4qWb35uwjaFgigG19+Wg/j56Stz4uI4eBk/j+Y9lPujmMuz5a2HF/KziCPwYO9tjfeUJfIJOaU/8JK4fWa2hVVeiABElSW3H323ngGa1moGmCJ2CYISI/lg2V+PqV1C3k7ajLbfsSdNvr5O3L+ok+dVXSsdoQOie9OmBrl0y4RnAeccHklGltk7o8XX5Flj32X779cBdOvddDwEjoqBwHSPWRdMIGjrMcNUzACPCXCdPcm30i2P5IXHf+1J0CAiZAMRYDpm1WtbXWbfy9Xyvu5fG2HYGasrVEx3cLYZjdNIEXSd7dVbxbqpfnoKevA1oydUn7s0PdxDNDqnjV8WdVltuweMgEWvYkcC36DCdOnZyukWc0aJXuSH/La/NI7M1NXuWC8HX84O9yTjaMB+MGOv3hALKNmK62D5AeounSTlr/ekTHdh/opo/qEML6ZwrGJNUvwINKk95nI+JaT9k2wtqK0+9I3e1oeKg5qvcfiPM1cEUtdWhvxybY07+JVtfYtcMrhuvE0fxO9kGgQmlSAzwVuJUvCbASfUzkwvqS3yo4GUH/d+TrrbVggGso3aY53H0eTCKh1b8mHo2AayRRWuZqGYQXa3aQJvQaRY7l1JTdpIOy6Yb9Gu1fiezNvrFbO83PH8gGxMEOtxEyibjm9hvkLTYpnnu+BASWBB3mHohjqnshWe7+mG4uHz+CDh35gFHaUbN4qms3USKfXooIeSyUnA+Kfs6H1qgTroBx3ilT/eZzPosKMOEGpgoHbblpt5Z2K90PCAOLIhAJck5GSasjNg/NXetzstYwH7eylWNZhZzZeWngBU/6UCGPpiFqtMrubjuF8kw42slPqqZVWkzLvavtBCVJn1pYXh/VthvCEhQFqCvBUEmsEWiRpNcv3xzfDGmRg3dO/LdcfaUSXrFLYfbm6uVvedf0flhsPXup/mSVUOJfkkGFr4CeyLX1alfRzG59VjafilPdhz7416OlWzaEYCoS74XBR8s70zgb+XruuuwxunfQV2Ji3CksRCeHKbBJFasjzpHUMZyTxbokjIIaasjbO/0fsNzXl5WiYCrtEMspzayBnFGdkcLlQ7Ha2XMktZrsiWIf1tc1d895tyidj+u5FVONAgS+FDNbvOHfugBQbSV/WctTsesRFXnQm4WyCLd7739vM5ciVcSi82BVIs4HgcgJUdn/RXCf1UJEnj7vHAZEnds0k9NRW7RaRBA4zw54ZJ/UmQf5ffIxgjvmuYO+9enqdqYxWuCuB1H6w8oC0fFhFfRMlFkIAaCee1FfW0gwi3AZJeAvPqmzuhUG5P56seqlS1PEQ2hq2vuSWzWALS1Q5XRTLNKb8TWeONa4z+DMo8s2qlxvYKlIignafJtHNU/axJZLjvr77kGlcYkqN9E2ePwh01Qjn+5X5NscoDOWJf81Q4Yqqlwb7EW3DLLYiZugRNef9gmICqlNfU+k=
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB57399776B2FF918B74FB70759F979CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb57ab6f-ea4f-473c-9f62-08da6f7d2f37
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2022 03:07:47.9647 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: e0KlBY61dMTvgrlyWi9MM8f4kNW9RIvGGila+dR9Li9i1RQHZl9QTZw7PTIbWaMR6O8Mv40iA57NGOwVOcbvNXDEq3ofVLVQ1Rf5xhMD7XQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3624
X-Proofpoint-GUID: jcPuTOl2twXWV7GBTXL7BL6lKYD2qVi-
X-Proofpoint-ORIG-GUID: jcPuTOl2twXWV7GBTXL7BL6lKYD2qVi-
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-26_07,2022-07-26_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1011 lowpriorityscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 bulkscore=0 mlxscore=0 phishscore=0 priorityscore=1501 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207270009
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/kS-uXdANpsMEPh8qUwkIL_YoHZw>
Subject: Re: [saag] [EXTERNAL] [Secdispatch] Clarification on my PQC remarks.
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 03:08:05 -0000

Hi Phillip,

Can you clarify some of your comments?


> I do expect the process of transitioning to PQC to take a very long time and not least because we don't even have a key exchange that works for static data yet.

I assume by that you mean a PQ asymmetric primitive that behaves like a Key Transport mechanism in that it will take pre-existing key material and securely transport it to a recipient?


> ... I have an approach that works for the Mesh. It is a hybrid scheme because that is the only way I can achieve the necessary separation of roles

I assume you mean an HPKE-like thing that uses a block cipher in between the KEM and the secret you're trying to transport?




I fundamentally agree with your openness to exploring all options at this point, but I also lean towards standardizing mechanisms that we have now as building blocks for those who want to implement sooner -- which should in no way preclude continuing to search for better mechanisms. Where a draft depends on the outcome of the NIST competition, I like the approach of adopting drafts, getting them "ready", and then pausing them to wait for the final version of whatever NIST standard they depend on. That gets the bulk of the wok done in advance so we can pivot quickly after NIST publications, while also giving early adopters something to implement against. (The counter-argument is that early adoption here could be dangerous (worse than doing nothing?) and the IETF should not give people the rope to hang themselves with, but I will leave that argument for others to make).



Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Secdispatch <secdispatch-bounces@ietf.org> on behalf of Phillip Hallam-Baker <phill@hallambaker.com>
Sent: Tuesday, July 26, 2022 10:32:17 PM
To: IETF SAAG <saag@ietf.org>; IETF SecDispatch <secdispatch@ietf.org>
Subject: [EXTERNAL] [Secdispatch] Clarification on my PQC remarks.

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
So to clarify my remarks at the mic on the likely arrival time of Quantum Computers. I believe two things to be true:

1) It is highly unlikely that a Quantum Computer capable of doing quantum cryptanalysis of current industry standard algorithms will be publicly deployed in the immediate future

2) There is no time to waste in developing PQC systems.

My concern about overstating the likelihood of a near term threat is that I have seen many past efforts predicated on a very very short timeline (12 months) take much much longer than they needed to (7 years) as a result. Oh there is no time to consider your proposal, this has to be done immediately!

I do expect the process of transitioning to PQC to take a very long time and not least because we don't even have a key exchange that works for static data yet. Unless there is a clever El-Gamal type approach to turn an interactive exchange into a static one. I have an approach that works for the Mesh. It is a hybrid scheme because that is the only way I can achieve the necessary separation of roles which I actually consider to be a much bigger issue than PQC right now.

On the Quantum Computing technology side, it is probably a mistake to take too much notice of the rate of progress in super cooled Josephson junction machines. Those teams will likely continue to add Qbits or extend their coherence times incrementally but at exponentially increasing cost.

Trapped ion machines offer an approach that is fundamentally much easier to scale. They can be made in regular silicon foundries and the problem of building a 10 Qbit machine is really no different from that of building a thousand or a million. Fortunately, there are fundamental problems to be solved before that can happen (if you are going to operate it for longer than a second, it gets much harder). But if they do, the time interval between 'barely functional quantum computer' to 'quantum computer breaking any public key crypto system' is likely to be rather short.

So I agree with Russ and everyone else who says that we have to start now. There is no time to waste. But if we want to move fast, we need to start off by getting a broad base of people up to speed on these new technologies and not be afraid to look at multiple approaches to retrofitting existing protocols.

In some cases, adapting protocols to the PQC algorithms is going to be straightforward but others are likely to require substantial adaptation and in some cases the best approach will be to start from scratch.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email