Hi, John The first "C" in the term of CRQCs seemingly stands for "Cryptographically".
The suggested feedback to ETSI looks great, in my opinion. Cheers, Guilin ________________________________ Wang Guilin Mobile: +65-86920345 Email: [email protected] From:ipsec-request <[email protected]<mailto:[email protected]>> To:ipsec <[email protected]<mailto:[email protected]>> Date:2024-02-24 22:43:24 Subject:IPsec Digest, Vol 238, Issue 10 Send IPsec mailing list submissions to [email protected]<mailto:[email protected]> To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/ipsec or, via email, send a message with subject or body 'help' to [email protected]<mailto:[email protected]> You can reach the person managing the list at [email protected]<mailto:[email protected]> When replying, please edit your Subject line so it is more specific than "Re: Contents of IPsec digest..." Today's Topics: 1. ipsecme - Requested session has been scheduled for IETF 119 ("IETF Secretariat") 2. Re: New Liaison Statement, "Quantum Safe Cryptographic Protocol Inventory" (John Mattsson) ________________________________ Message: 1 Date: Fri, 23 Feb 2024 14:53:56 -0800 From: "\"IETF Secretariat\"" <[email protected]<mailto:[email protected]>> To: <[email protected]<mailto:[email protected]>>, <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Subject: [IPsec] ipsecme - Requested session has been scheduled for IETF 119 Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="utf-8" Dear Tero Kivinen, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. ipsecme Session 1 (1:30 requested) Tuesday, 19 March 2024, Session III 1530-1700 Australia/Brisbane Room Name: P1 [Breakout 2] (size: 125) ________________________________ iCalendar: https://datatracker.ietf.org/meeting/119/sessions/ipsecme.ics Request Information: ________________________________ ________________________________ Working Group Name: IP Security Maintenance and Extensions Area Name: Security Area Session Requester: Tero Kivinen Number of Sessions: 1 Length of Session(s): Number of Attendees: 50 Conflicts to Avoid: Participants who must be present: Paul Wouters Resources Requested: Special Requests: ________________________________ ________________________________ ________________________________ ________________________________ ------ Message: 2 Date: Sat, 24 Feb 2024 14:40:32 +0000 From: John Mattsson <[email protected]<mailto:[email protected]>> To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, IRTF CFRG <[email protected]<mailto:[email protected]>> Subject: Re: [IPsec] New Liaison Statement, "Quantum Safe Cryptographic Protocol Inventory" Message-ID: <gvxpr07mb9678a769864b5aa50b2f118d89...@gvxpr07mb9678.eurprd07.prod.outlook.com<mailto:gvxpr07mb9678a769864b5aa50b2f118d89...@gvxpr07mb9678.eurprd07.prod.outlook.com>> Content-Type: text/plain; charset="utf-8" Hi, Even if JOSE WG is not included in the recipients, I looked at this LS and TR 103 619 that the LS refer to. In addition to the requested information, I think IETF should send ETSI CYBER comments on TR 103 619 that the LS is based on. My suggestions: ________________________________ --- IETF kindly suggests that ETSI CYBER makes the following updates/corrections in the next revision of TR 103 619: * IETF suggests that ETSI CYBER uses the established term Cryptanalytically Relevant Quantum Computers (CRQCs). It is important that readers understand that there is a huge difference between current quantum computers and CRQCs. * IETF suggests that ETSI CYBER uses another term than ?classical cryptography?. Quantum-resistant cryptography like ML-KEM and ML-DSA runs on classical computers and code-based cryptography and hash-based cryptography was invented in the late 1970s. * As ETSI CYBER mentions that Quantum Key Distribution is not vulnerable to attacks from CRQCs, ETSI CYBER should also mention that Quantum Key Distribution is neither a practical nor a secure solution [1-2]. * IETF advice ETSI CYBER to update and correct the information regarding symmetric cryptography. The idea that symmetric cryptography will be practically affected by CRQCs is now seen as a misconception. The ?bits of security? concept does not work with algorithms that are not parallelizable and NIST is therefore transitioning to quantum-resistant security levels based on symmetric algorithms where level 1 is equivalent with AES-128, level 2 is SHA-256, etc. [3]. UK government assesses that ?symmetric algorithms with at least 128-bit keys (such as AES) can continue to be used? [4]. While classical supercomputers might be able to brute force AES-128 around the year 2090 [5-6], a huge cluster of one billion CRQCs (according to one estimate costing one billion USD each) would take a million years of uninterrupted calculation to find a single AES-128 key. Algorithms with quadratic (?2) speedup like Grover?s algorithm (which is proven to be optimal) will not provide any practical quan tum advantage for breaking symmetric cryptography and likely not for any other problems [7-8]. * The name of the X.509 field is ?Subject Public Key Info?, not ?Subject Key Info?. [1] ANSSI, BSI, Netherlands NCSA, Swedish NCSA, ?Position Paper on Quantum Key Distribution? https://cyber.gouv.fr/actualites/uses-and-limits-quantum-key-distribution [2] NSA, ?Quantum Key Distribution (QKD) and Quantum Cryptography (QC)? https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/ [3] NIST, ?Comments Requested on Three Draft FIPS for Post-Quantum Cryptography? https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography [4] UK NCSC, ?Next steps in preparing for post-quantum cryptography? https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography [5] CRYPTEC, ?Cryptographic Technology Evaluation Committee Activity Report? https://www.cryptrec.go.jp/symposium/2023_cryptrec-eval.pdf [6] CRYPTEC, ?Japan CRYPTREC Activities on PQC? https://events.btq.li/Japan_CRYPTREC_Activities_on_PQC_Shiho_Moriai.pdf [7] Hoefler, H?ner, Troyer, ?Disentangling Hype from Practicality: On Realistically Achieving Quantum Advantage? https://cacm.acm.org/magazines/2023/5/272276-disentangling-hype-from-practicality-on-realistically-achieving-quantum-advantage/fulltext [8] Babbush, McClean, Newman, Gidney, Boixo, Neven, ?Focus beyond Quadratic Speedups for Error-Corrected Quantum Advantage? https://arxiv.org/pdf/2011.04149.pdf ________________________________ --- Cheers, John Preu? Mattsson ________________________________ -- next part ________________________________ -- An HTML attachment was scrubbed... URL: <https://mailarchive.ietf.org/arch/browse/ipsec/attachments/20240224/4e271a88/attachment.htm> ________________________________ ________________________________ ------ Subject: Digest Footer _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec ________________________________ ________________________________ ------ End of IPsec Digest, Vol 238, Issue 10 **************************************
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
