NIST is accepting proposals for public-key algorithms immune to quantum computing techniques. Details here. Deadline is the end of November 2017.
I applaud NIST for taking the lead on this, and for taking it now when there is no emergency and we have time to do this right.
Slashdot thread.
Carl 'SAI' Mitchell • December 23, 2016 11:32 AM
@Andrew
There are existing schemes [1] that have been proposed, this is NIST trying to start a standardization process and increase the scrutiny such systems receive.
eg NewHope https://eprint.iacr.org/2015/1092.pdf and NewHope-Simple http://eprint.iacr.org/2016/1157.pdf look promising for key exchange IMO.
SquidCuddles • December 23, 2016 12:06 PM
And it’s important to note: they’re not just proposed. New Hope is implemented in Chrome already.
The more scrutiny on this class of algorithms, the better.
Andrew • December 23, 2016 1:03 PM
@carl I knew about elliptic curves attemps, still nothing close to simplicity of rsa, I guess this is what they expect.
Ross Snider • December 23, 2016 1:45 PM
They appear to be making the same mistakes as with prior standards.
For instance:
primitives for key agreement should include options for authentication.
crypto agility away from standards should be a primary feature.
NIST doesn’t appear to have learned its lesson. We’re going to get a bunch of ‘influenced’ and impossible-to-implement primitives from this exercise.
A Nonny Bunny • December 23, 2016 3:01 PM
@Ross Snider
– primitives for key agreement should include options for authentication.
Isn’t authentication something you could do after you have a secure channel? Seems like two things that can be separated quite well.
Ted • December 23, 2016 3:47 PM
Dr. Dustin Moody of NIST’s Cryptographic Technology Group offers a timeline for the post-quantum cryptography standard development process at PQCrypto 2016, the seventh international conference on post-quantum cryptography, at minute 6:40. [1] He estimates that following the November 2017 submission deadline there will be a 3-5 year analysis phase, after which NIST will report its findings. Draft standards are scheduled to be composed two years after that point. [2] He says this will be similar to the SHA-3 competition that was held from 2007-2012. [3]
[1] Dustin Moody – “Post-Quantum Cryptography: NIST’s Plan for the Future” YouTube video</a href>
Anura • December 23, 2016 4:49 PM
@A Nonny Bunny
You generally want to at least perform key confirmation to prevent certain attacks (it really simplifies security proofs if you can guarantee that both sides have the same key).
CarpetCat • December 26, 2016 9:44 AM
The road to hell…
Too much convenience, too much complexity…It’s not a good thing.
Some things should be hard to do. How else do you know if you’re doing it right?
Let’s take a moment to reflect on these ‘experts’ who will be implementing these ‘standards’:
Most, nay, all the programmers just used the default P and Q settings, despite the documention.
RSA, et al, implemented the kitchensink and lied about it.
The whole effort is pointless. Even Bruce shats upon PGP like it’s the trendy thing to do. We forget our roots, we repeat our errors, we forget what’s worth fighting for.
The only good thing about NIST is the early start. They have much work to restore confidence. I have always said that whatever you learn is useless if not put into practice. And whatever you practice is useless if not practical and simply in its implimentation.
But what the heck do I know? Most of you overfocus on the esoteric minutiae while the world spins circles around us all. All the while, Bruce waxes poetic about his politcal feelings. I’LL ASK YOU AGAIN, what is your purpose people? You have to do something more then just post on this forum. Group up, organize, plan and change the world. Soon, power will concentrate, and it will be too late to stop it.
Zomarta • December 29, 2016 2:03 PM
@Carl @SquidCuddles: Google does not want to push their New Hope implementation as the de-facto standard: “We do not want to promote CECPQ1 as a de-facto standard and so a future Chrome update will disable CECPQ1 support. It’s likely that TLS will want a post-quantum key-agreement in the future but a more multilateral approach is preferable for something intended to be more than an experiment.”
https://www.imperialviolet.org/2016/11/28/cecpq1.html
After which Jacob Alperin-Sheriff from NIST replied “Thanks for leaving standardization to us at NIST, Google. I mean that sincerely!”
And here we are, NIST is accepting proposals for public-key algorithms immune to quantum computing techniques. Deadline is the end of November 2017.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Andrew • December 23, 2016 8:14 AM
Basically they ask people to replace Diffie-Hellman with something equally genius, in several months. Things like this just happen, you never know who, when and where will invent something like this again.