OK so how about this: Quantum Annoyance: Using classical cryptography in ways that maximize the number of quantum processing cycles to attack. Quantum Hardening: Using PQC in parts of a system to prevent QCC resulting in a breach of stored data or communications. Quantum Secure: Using PQC in all parts of a system so that every security property is maintained against QCC.
We have a triad! We really should not reject Quantum Annoyance out of hand because it can be very powerful. Nobody can decrypt data they didn't store. The result of the TLS everywhere campaign is that the amount of encrypted data whizzing about the planet is in the Petabytes and there is absolutely no way anyone can store all of it if it is all encrypted under different keys. On Sat, Aug 6, 2022 at 7:01 AM Rob Sayre <say...@gmail.com> wrote: > On Fri, Aug 5, 2022 at 10:15 PM Benjamin Kaduk <bka...@akamai.com> wrote: > >> >> It's annoying to the attacker when they have to use their expensive and >> finicky >> hardware once (or multiple times) for each individual message/exchange >> they >> want to break, >> > > Well, I can agree with the term "expensive", but I'm not sure what you > mean by "finicky". Are you saying they only work sometimes? It seems a bit > hand-wavy to say that. > > I've seen quantum computers before. They are room-sized, but not that big. > I still find the term "quantum annoying" rather imprecise. > > thanks, > Rob > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls