Skip to main content
  • New Internet Architecture Board, IETF Trust, IETF LLC and Internet Engineering Task Force Leadership Announced

    Members of the incoming Internet Architecture Board (IAB), the IETF Trust, the IETF Administration LLC (IETF LLC) Board of Directors, and the Internet Engineering Steering Group (IESG)—which provides leadership for the Internet Engineering Task Force (IETF)—have been officially announced, with new members selected by the 2021-2023 IETF Nominating Committee.

      13 Feb 2023
    • Informing the community on third-party correspondence regarding the W3C

      In accordance with our policy of transparency, this blog post is being published in order to keep the community informed about recent correspondence with lawyers acting on behalf of the Movement for an Open Web.

      • Lars EggertIETF Chair
      8 Feb 2023
    • Six Applied Networking Research Prizes Awarded for 2023

      Six network researchers have received Internet Research Task Force Applied Networking Research Prize (ANRP), an award focused on recent results in applied networking research and on interesting new research of potential relevance to the Internet standards community.

      • Grant GrossIETF Blog Reporter
      9 Jan 2023
    • Travel grants allow Ph.D. students to participate at IETF meeting in-person

      Sergio Aguilar Romero and Martine Sophie Lenders, both Ph.D. students in technology fields, attended and participated in the IETF 115 meeting in London with assistance through travel grants from the Internet Research Task Force.

      • Grant GrossIETF Blog Reporter
      7 Jan 2023
    • Impressions from the Internet Architecture Board E-Impact Workshop

      The IAB ran an online workshop in December 2022 to begin to explore and understand the environmental impacts of the Internet. The discussion was active, and it will take time to summarise and produce the workshop report – but the topic is important, so we wanted to share some early impressions of the outcomes.

      • Colin PerkinsIAB Member
      • Jari ArkkoIAB Member
      6 Jan 2023

    Filter by topic and date

    Filter by topic and date

    Internet Security vs. Quantum Computing

    • Russ Housley
    • David McGrew

    22 Apr 2015

    One of the great scientific challenges of our time is the construction of a practical quantum computer.

    Such a machine would use the counterintuitive principles of quantum physics, and it could rapidly explore an vast number of possible states. It could perform computational tasks that are far beyond our current capabilities, such as modeling molecules, designing new types of drugs, and of course, breaking most of the cryptographic systems that are in use today. Fortunately, no one has yet built a practical quantum computer, though many countries and companies are striving do just that. For example, the U.S. government has spent more than $80M USD on a project with that aim. Quantum computing is still an unproven technology, and it may not be practical for decades, but since it poses an existential threat to cryptography, we need to start preparing now for the possibility that one day quantum computing will become a reality. When that happens, we will be living in a post-quantum world.

    Without actually having a quantum computer in hand, we are using theories to make educated guesses about the capabilities of these yet-to-be-realized machines. It is widely believed that the public key cryptography that is in widespread use today will easily be broken by a quantum computer. It is also believed that the symmetric encryption algorithms and hash functions will remain largely secure, perhaps requiring the larger key sizes that are already widely implemented.

    Can we begin the work to replace the algorithms that we depend on today, including RSA, DSA, ECDSA, DH, and ECDH? The research community is hard at work identifying algorithms that will be secure against the threat of quantum computing. Significant progress has been made, and some public algorithms are believed to be secure. When this work is ready, the IETF will need to adapt protocols to make use of the new algorithms.

    The U.S. National Institute for Standards and Technology (NIST) recently organized a Workshop on Cybersecurity in a Post-Quantum World. It brought together people from the research community, government, and industry from all around the world to start the work on the development and standardization of cryptography that will still be secure in a post-quantum future. NIST deserves a round of applause for this well-planned event, and the presentations and discussions showed that good work has been done, but more is needed.

    We favor of a pragmatic systems engineering approach, in which we embrace algorithms that are the most mature and well-reviewed, and thus are the most deserving of our confidence, and that we then use systems engineering to mitigate the issues associated with those algorithms, such as large public keys. These algorithms have very large keys, and practical techniques are needed to handle them.

    In our view, the first post-quantum secure algorithm to be standardized will be hash-based signatures. The security of hash-based signatures is well established. A well-engineered proposal for this type of signature was recently made to the IRTF Crypto Forum Research Group by Andreas Hülsing. If you are familiar with the original hash-based signatures proposed by Ralph Merkle in the late 1970s [1][2], you know that their main disadvantage is their long key generation time. The new proposal, called Extended Hash-Based Signatures or XMSS [3], uses multiple trees, in a hierarchical way, to solve that problem.

    Other work has been brought to the IRTF and the IETF on hash-based signatures, including [4] and [5].




    [3] draft-huelsing-cfrg-hash-sig-xmss-00 

    [4] draft-mcgrew-hash-sigs-02

    [5] draft-housley-cms-mts-hash-sig-02

    Share this page