Quantum Crypto redux Re: Boston Linux Meeting ... Crypto News, plus ...

Joshua Judson Rosen rozzin at hackerposse.com
Fri Sep 21 09:28:33 EDT 2018

On 09/19/2018 10:33 PM, Bill Ricker wrote:
> QuBits aren't QUITE on the Moore's Law 18-month doubling cycle yet; my back-of-the-envelope shows going from 7 QuBits to 72 QuBits in 16 years is doubling in 28 months.  Which is kinda close to Moore's law for RAM (24 months)...
> How soon the engineering will allow a growth spurt is unclear.
> So setting my ED25519 key expiration at 10 years was just about right, :-) that's just exactly when it should be doable commercially :-).
> A little shorter would have been more conservative!

Hmm. My understanding of key-expiries has been more that they're useful as a sort of
dead-man switch (since you can always publish *changes* to the expiration-dates
as long as you have still are capable of accessing and making use of the private key,
and haven't published a revocation); to help balance concerns about
things like long-term management of secrecy
(however low your likelihood of compromise is over the course of a year,
 if it's non-zero then it compounds over multiple years/decades--and larger probabilities
 compound more quickly; this is he concern that Schneier quoted from Filippo Valsorda
 a couple years ago, form example <https://www.schneier.com/blog/archives/2016/12/giving_up_on_pg.html>);
or what what happens to your key's validity after it becomes inaccessible to/by you
(for example if you become incapacitated or die unexpectedly...); or,
more generally, to establish key-migration timeframes.

To *those ends*, a 10-year expiry period is kind of crazy-sounding--especially if
you take a position like "my modern smartphone is the most easily-compromised keystore,
because someone could easily mug me for or I could fumble it into someplace where
I can't retrieve it before someone else has the opportunity; and my password
probably won't guard it for *that* long..., so maybe I should be giving the smartphone
short-lived subkeys on the order of 1 month or even less".

Connect with me on the GNU social network: <https://status.hackerposse.com/rozzin>
Not on the network? Ask me for an invitation to a social hub!

More information about the gnhlug-discuss mailing list