> Drip feeding arms, arms meant to intimidate through the prospect of overwhelming force no less, into air defenses below replacement rates is just dumb.
That probably depends on the cost of the arms, the cost of the interceptors, and any number of other externalities or indirect goals. If you can reliably induce high end interceptors to fire against cheap rockets (granted, that's a big if) you are definitely winning the immediate economic exchange.
Weren't those tankers operating under false flags? Additionally, the US action in Venezuela led to that stream ceasing. I'm not sure what the deal was with Mexico, I read that the US asked them to stop doing business with Cuba but they didn't seem entirely willing to cooperate.
When a properly flagged Russian tanker came through it was left alone.
My impression is that the situation with Cuba is much more complex than the mass media portrayal of a straightforward blockade. Not that I believe the US is free of guilt here; clearly harm is being caused and the motivations seem suspect at best.
Interesting question. I assume piracy and various other law breaking but I'm not certain. AFAIK the only requirement is a legitimate registration. Again AFAIK the vessels that were directly interfered with (ie by force) all had either falsified registrations or were flagged under countries that aren't currently in any state to actually manage registrations.
Then there's also their participation in what's been termed a shadow fleet, the associated falsification of origin of sanctioned oil, the accessing of ports where they otherwise wouldn't be permitted berth, the lack of insurance in case of environmental damage, etc. As I said previously, much more complex than the mass media portrayal.
That's an excellent comparison and it raises an interesting question. When cooking a basic understanding of chemistry techniques will generally prove quite useful but when it comes to music I'm not so sure about math. Maybe some electronic artists who write their own tools?
I'm certainly no chef, and am only somewhat familiar with one particular side of chemistry (physical chemistry) but I don't see how it would be useful in cooking. Unless you count boiling water as chemistry.
Does it? That one is different because IPv4 with CGNAT largely "just works" except for P2P type stuff. As a result there's a strong incentive for anyone who has a working setup to just not care.
I can use myself as an example here. IPv6 is supported by all my hardware, all the software I use, and my ISP provides it. Yet my LAN intentionally remains IPv4 only with NAT. Why? Because adding IPv6 to my LAN would require nonzero effort on my part and has (at least for now) quite literally zero upside for me. If I ever need something it offers I will switch to it but that hasn't happened yet.
PQC is entirely different in that the existence of a CRQC immediately breaks the security guarantee.
Perhaps you would care to enlighten us ignorant plebs rather than taunting us?
My understanding (obviously as a non expert) matches what cyberax wrote above. Is it not common wisdom that the pursuit of new and exciting crypto is an exercise filled with landmines? By that logic rushing to switch to the new shiny would appear to be extremely unwise.
I appreciate the points made in the article that the PQ algorithms aren't as new as they once were and that if you accept this new imminent deadline then ironing out the specification details for hybrid schemes might present the bigger downside between the two options.
I mean TBH I don't really get it. It seems like we (as a society or species or whatever) ought to be able to trivially toss a standard out the door that's just two other standards glued together. Do we really need a combinatoric explosion here? Shouldn't 1 (or maybe 2) concrete algorithm pairings be enough? But if the evidence at this point is to the contrary of our ability to do that then I get it. Sometimes our systems just aren't all that functional and we have to make the best of it.
"taunt" in the sense that you dangle some knowledge in front of people and make them beg, not "taunt" in the sense of "insult".
You said:
>"[...] don't even get what the real argument is."
and then refuse to explain what the "real" argument is. someone then asks for clarification and you say:
"It's definitely not [...]""
okay, cool! you are still refusing to explain what the "real" argument is. but at least we know one thing it isnt, i guess.
you haven't even addressed the "mistaken assertion". you just say "nah" and refuse to elaborate. which is fine, i guess. but holy moly is it ever frustrating to read some of your comment chains. it often appears that your sole goal in commenting is to try and dunk on people -- at least that is how many of your comments come across to me.
I was explicit about what the real argument isn't: the notion that lattice cryptography is under-studied compared to RSA/ECC.
I understand what your takeaway from this thread is, but my perspective is that the thread is a mix of people who actually work in this field and people who don't, both sides with equally strong opinions but not equally strong premises. The person I replied to literally followed up by saying they don't follow the space! Would you have assumed that from their preceding comment?
(Not to pick on them; acknowledging that limitation on their perspective was a stand-up move, and I appreciate it.)
You do "XYZ isn't the right argument, ABC is" on a thread like that, and the reply tends to be "well yeah that's what I meant, ABC is just a special case of XYZ". No thanks.
I'm not a professional cryptographer, but I _am_ really interested in opinions of experts in the field and I do have a lot of prior experience with crypto (the actual kind, not *coin). From my point of view, I just don't see what's the fuss is all about.
There's no shared understanding, just a snarky expert claiming (in effect) "I know better than all you simpletons but I'm not going to share". At best it's incredibly poor behavior. At worst it's the behavior of someone who doesn't actually have a defensible point to make.
> I'm really concerned by the current rush for PQ solutions and what are the real intentions behind it.
You had written. As long as we're in agreement that rushing PQ appears to be the appropriate choice. The only question is the precise form it should take, with the author arguing that hybrid would be unacceptably slow to roll out due to various social and bureaucratic reasons.
He's also pointing out that the only scenario in which hybrid is of benefit is one in which crypto related QC remains either relatively ineffective or extremely expensive in the medium term. Since that assumption is looking increasingly suspect it calls into question the point of hybrid to begin with. In the face of cheap QC hybrid adds zero value.
I think it is pretty direct from my comment that if you use a hybrid approach (done correctly) you can rely on the hardness of dlog based assumption and therefore my comment on potential weakness of PQ assumptions can be ruled out.
In this way we disagree that rushing PQ is the appropriate choice if it rules out dlog based security.
> He's also pointing out that the only scenario in which hybrid is of benefit is one in which crypto related QC remains either relatively ineffective or extremely expensive in the medium term. Since that assumption is looking increasingly suspect it calls into question the point of hybrid to begin with. In the face of cheap QC hybrid adds zero value.
This is exactly what I'm pointing out as extremely dangerous. My take was that the risk of seeing a quantum computer breaking dlog in a near future isn't stronger than breaking PQ assumptions in a near future.
You seem to just be rehashing what we already clearly agree on. Obviously if you view classically breaking PQ algorithms as higher likelihood than QC breaking classical then you are going to disagree with the premise.
Can you actually back up your prediction that crypto related QC will remain either relatively ineffective or extremely expensive in the medium term?
The requirement for favoring hybrid isn't that "you view classically breaking PQ algorithms as higher likelihood than QC breaking classical", but you think that the likelihood than QC breaking classical is less than a billion times more than the likelyhood of classically breaking PQ.
Hybrid has essentially no cost, so we should favor it as long as it has a greater than negligible chance of providing protection. IMO the likelihood of CRQCs breaking ECC is pretty high (>50% by 2040) and the odds of classically breaking lattices is low (<1% by 2050), but creating a 0.5% chance of breaking cryptography for the entire world seems way to high when we have a free mitigation right here.
Not so. One of the core premises of the article that we're discussing here is that hybrid is proving to be quite difficult for entirely nontechnical reasons.
I agree that my previous wording was sloppy to the point of error. The point I was trying to communicate was that we already had agreement that an elevated assessment of the chance of a classical attack against a given PQ algorithm would lead to one disagreeing with the aforementioned premise that we should switch to a PQ only scheme making use of said algorithm. Rehashing that is just stating the obvious.
What wasn't presented was any reasoning to back an elevated risk assessment for any particular PQ algorithm, of which there are several. So at that point the "argument" amounts to little more than "nuh-uh, that risk assessment is wrong" which isn't exactly convincing or insightful.
That probably depends on the cost of the arms, the cost of the interceptors, and any number of other externalities or indirect goals. If you can reliably induce high end interceptors to fire against cheap rockets (granted, that's a big if) you are definitely winning the immediate economic exchange.
reply