public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Simo Sorce <simo@redhat.com>,
	Ignat Korchagin <ignat@cloudflare.com>,
	 David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	Stephan Mueller <smueller@chronox.de>,
	torvalds@linux-foundation.org, Paul Moore <paul@paul-moore.com>,
	Lukas Wunner <lukas@wunner.de>, Clemens Lang <cllang@redhat.com>,
	David Bohannon <dbohanno@redhat.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	keyrings@vger.kernel.org,  linux-crypto@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	 linux-kernel@vger.kernel.org
Subject: Re: Module signing and post-quantum crypto public key algorithms
Date: Fri, 13 Jun 2025 13:50:22 -0400	[thread overview]
Message-ID: <3081793dc1d846dccef07984520fc544f709ca84.camel@HansenPartnership.com> (raw)
In-Reply-To: <de070353cc7ef2cd6ad68f899f3244917030c39b.camel@redhat.com>

On Fri, 2025-06-13 at 13:33 -0400, Simo Sorce wrote:
> Premise: this problem can't be ignored, even if you think Quantum
> Computers are BS, various government regulations are pushing all
> commercial entities to require PQ signatures, so we have to deal with
> this problem.

I agree it's coming, but there's currently no date for post quantum
requirement in FIPS, which is the main driver for this.

> On Fri, 2025-06-13 at 16:21 +0100, Ignat Korchagin wrote:
> > Hi David,
> > 
> > On Fri, Jun 13, 2025 at 3:54 PM David Howells <dhowells@redhat.com>
> > wrote:
> > > 
> > > Hi,
> > > 
> > > So we need to do something about the impending quantum-related
> > > obsolescence of the RSA signatures that we use for module
> > > signing, kexec, BPF signing, IMA and a bunch of other things.
> > 
> > Is it that impending? At least for now it seems people are more
> > concerned about quantum-safe TLS, so their communications cannot be
> > decrypted later. But breaking signatures of open source modules
> > probably only makes sense when there is an actual capability to
> > break RSA (or ECDSA)
> 
> We do not know when Q-day (or Y2Q if you prefer) will strike, "never"
> is still a possibility.
> 
> But, as a data point, IBM just announced a roadmap for a contraption
> with 200 error corrected logic qubits. That is substantial progress,
> so we cannot assume it will never happen, the risk is too high (it is
> not me saying this, it is the cryptography community consensus).

Current estimates say Shor's algorithm in "reasonable[1]" time requires
around a million qubits to break RSA2048, so we're still several orders
of magnitude off that.  Grover's only requires just over 2,000 (which
is why NIST is worried about that first).

Regards,

James

[1] you can change this by a couple of orders of magnitude depending on
how long you're willing to wait


  reply	other threads:[~2025-06-13 17:50 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-13 14:54 Module signing and post-quantum crypto public key algorithms David Howells
2025-06-13 15:21 ` Ignat Korchagin
2025-06-13 15:42   ` David Howells
2025-06-13 17:33   ` Simo Sorce
2025-06-13 17:50     ` James Bottomley [this message]
2025-06-13 17:55       ` Stephan Mueller
2025-06-16 14:02       ` Simo Sorce
2025-06-16 15:14         ` James Bottomley
2025-06-16 17:27           ` Simo Sorce
2025-06-19 18:49             ` Stefan Berger
2025-11-07 10:03               ` David Howells
2025-11-07 10:23                 ` Stephan Mueller
2025-11-07 19:19                 ` Stefan Berger
2025-11-07 23:10             ` Elliott, Robert (Servers)
2025-11-08  7:46               ` David Howells
2025-11-09 19:30                 ` Elliott, Robert (Servers)
2025-11-11 16:14                   ` Simo Sorce
2025-11-11 18:38                     ` David Howells
2025-06-13 15:43 ` Linus Torvalds
2025-06-13 16:13 ` James Bottomley
2025-06-13 16:32   ` Roberto Sassu
2025-06-13 16:34   ` Stephan Mueller
2025-06-13 17:04 ` Eric Biggers
2025-06-19 12:31 ` Lukas Wunner
2025-06-19 23:22   ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3081793dc1d846dccef07984520fc544f709ca84.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=cllang@redhat.com \
    --cc=dbohanno@redhat.com \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=ignat@cloudflare.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=simo@redhat.com \
    --cc=smueller@chronox.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox