Quantum Contingency

What if someone builds a quantum computer?

If quantum computers could be built of sufficient size, it could perform an algorithm called Shor's algorithm fast enough to break all currently known public key cryptography systems.

Quantum cryptanalysis also reduces the difficulty of breaking a symmetric algorithms but to a lesser degree. A 128 bit key offers a work factor of 2^64 instead of 2^128. For this reason, the Mesh uses symmetric algorithms with a minimum work factor of 2^256 so that cryptanalysis remains infeasible even if quantum cryptanalysis becomes possible.

While work is proceeding on developing quantum resistant algorithms, it is quite possible that a quantum computer of the required size will be constructed before a replacement quantum resistant algorithm is developed and deployed. If building such a machine is possible at all it seems most likely that either it will be built long before quantum resistant algorithms become available or some fundamental obstacle will be encountered that limits the size of machine that can be built without a major change in approach.

As a contingency plan we propose the following approach.

  • Generate Lamport Hash Signature Trees for each party using or operating the Mesh for use as a contingency trust root.
  • If the state of quantum cryptanalysis warrant, configure Mesh portals to operate as a key distribution center in the Kerberos model.
  • The last entry in a hash signature tree is reserved for the sole purpose of authentication of the registration of a new, replacement trust root in the Mesh Linked Log.
  • Update all Web applications to use Kerberos key distribution in place of public key.
  • Update the connection mechanism to derive a shared secret from a key passed out of band.

Such an infrastructure would have many disadvantages over the public key based Mesh. Communications would be less efficient and less trustworthy. While the Mesh portals would remain untrusted with respect to non-repudiation, they would become trusted parties with respect to confidentiality and authentication. Such an infrastructure would however have notable advantages over using public key cryptography that had been broken.

It is most likely however that any quantum cryptanalytic breakthrough would be a gradual affair and that rather than there being a discontinuous shift to a kerberized key distribution, there would be a gradual change and the use of hybrid systems in which the Kerberized key exchanges provided supplemental security rather than being the sole control. Users would naturally shift from Mesh Portals that did not offer the necessary degree of security and trustworthiness to those that did.

While the development and deployment of a quantum resistant algorithm would take ten to twenty years in normal circumstances, it is likely that progress would be considerably faster in the case that the Quantum Contingency had to be used. Further the existence of the Quantum Contingency would provide users and operators with an unencumbered, royalty free alternative that would limit the (still considerable) negotiating leverage of the IPR holders in any licensing negotiations.