[Secdispatch] Clarification on my PQC remarks.
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 27 July 2022 02:32 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15DDBC13CCC3; Tue, 26 Jul 2022 19:32:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.413
X-Spam-Level:
X-Spam-Status: No, score=-1.413 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDAxPkLl43L3; Tue, 26 Jul 2022 19:32:29 -0700 (PDT)
Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90EBAC15BEC6; Tue, 26 Jul 2022 19:32:29 -0700 (PDT)
Received: by mail-oi1-f177.google.com with SMTP id n133so9217154oib.0; Tue, 26 Jul 2022 19:32:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OYppVNngSqK4UDzp9bj0BZ+dB0LEBPAVKM2jtZdeiAc=; b=1OtwWbIJjMorOX3vLV4ZLfF4f90ptg+IfmtXBLphm2elLMPSYBYPyA4rGSdyqFsjnZ 6QwbafuNRel+0Q5vAu8+el41GBHGKLu6lxg0RavlX/TE04cVGI+yvol73CG1TXXpiazf AdCXdovQ7Pa7ub91tfRfN3XPXaRHhTP0AuoiuYihC1DSY72Um1ZGecz/+eGPFnuBb4L3 qrrsgzQsuyYhT/g1Hmx8tww6tI2vG8MainmJH7QA3CBwKc7C8RkZOS4KF9ydJTLsNCsM fs5bEkyB3GeLDBZ3J8Bbmqmnk20Jk1exUy3d/VOuXWV57ResdvMWOpUtHbKs6bIKNtx6 +UGw==
X-Gm-Message-State: AJIora+Z7pXCs4WPtkEI6S8rAxcBoEjm5h6D6lsowCc7hE79bSwnE5Id EGWycgCJnVOdtOoLGhX7Zyjw4lr2KswM2PgGD0jx2AgURWk=
X-Google-Smtp-Source: AGRyM1sm5/ITjbq4ZlLzMOGKRzOnKBb02upcjambbAZFB7keGm9RV+ARUjTvEK1KaUk2JR2alc/q/PG/ppnFc6c6HFk=
X-Received: by 2002:a05:6808:124d:b0:322:3600:d84a with SMTP id o13-20020a056808124d00b003223600d84amr940654oiv.108.1658889148334; Tue, 26 Jul 2022 19:32:28 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 26 Jul 2022 22:32:17 -0400
Message-ID: <CAMm+LwhD+y+NM0GxgtqEGc-v6rGj+323peD2MTtsOQ3seW5RWQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006886bb05e4c03a07"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/8ymmXbzdTHJKskSik1iOcAOLc2o>
Subject: [Secdispatch] Clarification on my PQC remarks.
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 02:32:32 -0000
So to clarify my remarks at the mic on the likely arrival time of Quantum Computers. I believe two things to be true: 1) It is highly unlikely that a Quantum Computer capable of doing quantum cryptanalysis of current industry standard algorithms will be publicly deployed in the immediate future 2) There is no time to waste in developing PQC systems. My concern about overstating the likelihood of a near term threat is that I have seen many past efforts predicated on a very very short timeline (12 months) take much much longer than they needed to (7 years) as a result. Oh there is no time to consider your proposal, this has to be done immediately! I do expect the process of transitioning to PQC to take a very long time and not least because we don't even have a key exchange that works for static data yet. Unless there is a clever El-Gamal type approach to turn an interactive exchange into a static one. I have an approach that works for the Mesh. It is a hybrid scheme because that is the only way I can achieve the necessary separation of roles which I actually consider to be a much bigger issue than PQC right now. On the Quantum Computing technology side, it is probably a mistake to take too much notice of the rate of progress in super cooled Josephson junction machines. Those teams will likely continue to add Qbits or extend their coherence times incrementally but at exponentially increasing cost. Trapped ion machines offer an approach that is fundamentally much easier to scale. They can be made in regular silicon foundries and the problem of building a 10 Qbit machine is really no different from that of building a thousand or a million. Fortunately, there are fundamental problems to be solved before that can happen (if you are going to operate it for longer than a second, it gets much harder). But if they do, the time interval between 'barely functional quantum computer' to 'quantum computer breaking any public key crypto system' is likely to be rather short. So I agree with Russ and everyone else who says that we have to start now. There is no time to waste. But if we want to move fast, we need to start off by getting a broad base of people up to speed on these new technologies and not be afraid to look at multiple approaches to retrofitting existing protocols. In some cases, adapting protocols to the PQC algorithms is going to be straightforward but others are likely to require substantial adaptation and in some cases the best approach will be to start from scratch.
- [Secdispatch] Clarification on my PQC remarks. Phillip Hallam-Baker
- Re: [Secdispatch] [EXTERNAL] Clarification on my … Mike Ounsworth