https://access.redhat.com/blogs/766093/posts/3031361?sc_cid=7016000000127ECAAY
The SSL/TLS protocol uses RSA, Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) primitives for the key exchange algorithm.
RSA is based on the fact that when given a product of two large prime numbers, factorizing the product (which is the public key) is computationally intensive, but a quantum computer could efficiently solve this problem using Shor’s algorithm. Similarly, DH and ECDH key exchanges could all be broken very easily using sufficiently large quantum computers.
For symmetric ciphers, the story is slightly different. It has been proven that applying Grover’s algorithm the strength of symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover’s algorithm that AES-128 has against classical brute-force search. Hashes are also affected in the same way symmetric algorithms are.
Therefore, we need new algorithms which are more resistant to quantum computations. This article introduces you to 5 proposals, which are under study.
228 Comments
Tomi Engdahl says:
https://www.microsoft.com/en-us/research/project/post-quantum-tls/
Tomi Engdahl says:
https://blog.cloudflare.com/kemtls-post-quantum-tls-without-signatures
The Transport Layer Security protocol (TLS), which secures most Internet connections, has mainly been a protocol consisting of a key exchange authenticated by digital signatures used to encrypt data at transport[1]. Even though it has undergone major changes since 1994, when SSL 1.0 was introduced by Netscape, its main mechanism has remained the same. The key exchange was first based on RSA, and later on traditional Diffie-Hellman (DH) and Elliptic-curve Diffie-Hellman (ECDH). The signatures used for authentication have almost always been RSA-based, though in recent years other kinds of signatures have been adopted, mainly ECDSA and Ed25519. This recent change to elliptic curve cryptography in both at the key exchange and at the signature level has resulted in considerable speed and bandwidth benefits in comparison to traditional Diffie-Hellman and RSA.
TLS is the main protocol that protects the connections we use everyday. It’s everywhere: we use it when we buy products online, when we register for a newsletter — when we access any kind of website, IoT device, API for mobile apps and more, really. But with the imminent threat of the arrival of quantum computers (a threat that seems to be getting closer and closer), we need to reconsider the future of TLS once again. A wide-scale post-quantum experiment was carried out by Cloudflare and Google: two post-quantum key exchanges were integrated into our TLS stack and deployed at our edge servers as well as in Chrome Canary clients. The goal of that experiment was to evaluate the performance and feasibility of deployment of two post-quantum key exchanges in TLS.
NIST post-quantum standardization process use mathematical objects that are larger than the ones used for elliptic curves, traditional Diffie-Hellman, or RSA. As a result, the overall size of public keys, signatures and key exchange material is much bigger than those from elliptic curves, Diffie-Hellman, or RSA.
How can we solve this problem? How can we use post-quantum algorithms as part of the TLS handshake without making the material too big to be transmitted? In this blogpost, we will introduce a new mechanism for making this happen.
TLS 1.3 was introduced in August 2018, and it brought many security and performance improvements (notably, having only one round-trip to complete the handshake). But TLS 1.3 is designed for a world with classical computers, and some of its functionality will be broken by quantum computers when they do arrive.
We can estimate the impact of such a replacement on network traffic by simply looking at the sum of the cryptographic objects that are transmitted during the handshake. A typical TLS 1.3 handshake using elliptic curve X25519 and RSA-2048 would transmit 1,376 bytes, which would correspond to the public keys for key exchange, the certificate, the signature of the handshake, and the certificate chain. If we were to replace X25519 by the post-quantum KEM Kyber512 and RSA by the post-quantum signature Dilithium II, two of the more efficient proposals, the size transmitted data would increase to 10,036 bytes[4]. The increase is mostly due to the size of the post-quantum signature algorithm.
KEMTLS, therefore, achieves the same goals as TLS 1.3 (authentication, confidentiality and integrity) in the face of quantum computers. But there’s one small difference compared to the TLS 1.3 handshake. KEMTLS allows the client to send encrypted application data in the second client-to-server TLS message flow when client authentication is not required, and in the third client-to-server TLS message flow when mutual authentication is required. Note that with TLS 1.3, the server is able to send encrypted and authenticated application data in its first response message (although, in most uses of TLS 1.3, this feature is not actually used). With KEMTLS, when client authentication is not required, the client is able to send its first encrypted application data after the same number of handshake round trips as in TLS 1.3.
Cloudflare and KEMTLS: the implementation
As part of our effort to show that TLS can be completely post-quantum safe, we implemented the full KEMTLS handshake in Golang’s TLS 1.3 suite.
Tomi Engdahl says:
Kvanttisalaus vaatii jo ensimmäisiä toimia
https://www.uusiteknologia.fi/2024/06/06/kvanttisalaus-vaatii-jo-ensimmaisia-toimia/
Suomalaisen kriittisen verkko- ja muun infrastruktuurin toimijoista vasta murto-osa on varautunut kvanttitietokoneiden tulevaisuuden kykyyn murtaa salaukset tietoliikenteestä. Tämä ilmenee tutkimuskeskus VTT:n Huoltovarmuuskeskukselle tekemästä selvityksestä, jonka oheen on tehty myös alan yrityksille tietopaketti ja tiekartta tarvittavista muutoksista salausalgoritmeihin ja kriittiseen tiedonsiirtoon.
Kvanttitietokoneiden arvioidaan saavuttavan 5–15 vuoden kuluttua kyvyn murtaa tietoliikenteen salaukset. Vaikka aikaa näyttäisi olevan, siirtymistä uudenlaiseen salaukseen ei ole VTT:n selvityksen mukaan syytä lykätä. Maailmantilanne on myös muuttunut. Vihamieliset valtiot ja kyberrikolliset voivat jo nyt tallentaa kannaltaan kiinnostavien organisaatioiden tietoliikennettä odottamaan aikaa, jolloin salaukset voidaan purkaa. Kvanttikoneiden kehitys voi myös edetä ennakoitua nopeammin.
Selvityksen yhteyteen VTT ja Huoltovarmuuskeskus ovat laatineet kvanttiturvallisiin algoritmeihin siirtymisestä ohjeistavan varautumistiekartan, joka näyttää miten ja missä järjestyksessä kannattaa edetä, jos toimii kriittisen infrastruktuurien alalla. Siirtymä kvanttiturvalliseen salaukseen täytyy suunnitella ja sen toteuttamiseen täytyy varata resursseja. Tiekartan alkupuoleen kuuluu myös avainhenkilöstön koulutus ymmärtämään, miksi ja miten siirtyä kvanttiturvallisiin algoritmeihin.
VTT:n selvityksen mukaan Yhdysvalloissa ja Britanniassa suositellaan, että siirrytään kerralla. Euroopassa Ranskassa ja Saksassa halutaan käyttää hybridimenetelmiä, jotka kuitenkin hidastavat toimintoja. Ne ovat myös mutkikkaampia, jolloin virheiden riski on suurempi. Suomessa valmius on selvästi jäljessä naapurimaista. Koko Eurooppa taas laahaa Yhdysvaltojen ja muiden englanninkielisten maiden perässä.
Kriittisen infrastruktuurin haasteena on myös se, että uudet kvanttiturvalliset algoritmit vaativat nykyistä salausta enemmän muistia ja suorituskykyä.
Tomi Engdahl says:
Quantinuum inches closer to fault-tolerant quantum with a 56 qubit machine
This one only produces errors 65 percent of the time. Woo-hoo!
https://www.theregister.com/2024/06/07/quantinuum_new_computer/
Tomi Engdahl says:
SSH:n kvanttiturvalliselle NQX-salausratkaisulle kansallinen huipputason turvaluokitus
Anna Helakallio16.7.202407:41SALAUSTURVALLISUUSTIETOTURVATULEVAISUUDEN TEKNIIKAT
Uusi turvaluokitus kestää kolme vuotta
https://www.tivi.fi/uutiset/sshn-kvanttiturvalliselle-nqx-salausratkaisulle-kansallinen-huipputason-turvaluokitus/f00fcbd3-49b8-403b-b4c1-135d2911e7e7
Tomi Engdahl says:
NIST Announces Post-Quantum Cryptography Standards Three security standards are ready for use, with a fourth on the way
https://spectrum.ieee.org/post-quantum-cryptography-2668949802
Today, almost all data on the Internet, including bank transactions, medical records, and secure chats, is protected with an encryption scheme called RSA (named after its creators Rivest, Shamir, and Adleman). This scheme is based on a simple fact—it is virtually impossible to calculate the prime factors of a large number in a reasonable amount of time, even on the world’s most powerful supercomputer. Unfortunately, large quantum computers, if and when they are built, would find this task a breeze, thus undermining the security of the entire Internet.
Luckily, quantum computers are only better than classical ones at a select class of problems, and there are plenty of encryption schemes where quantum computers don’t offer any advantage. Today, the U.S. National Institute of Standards and Technology (NIST) announced the standardization of three post-quantum cryptography encryption schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning to post-quantum security as soon as possible.
“Now our task is to replace the protocol in every device, which is not an easy task.”
—Lily Chen, NIST
“Today, public key cryptography is used everywhere in every device,” Chen says. “Now our task is to replace the protocol in every device, which is not an easy task.”
Why we need post-quantum cryptography now
Most experts believe large-scale quantum computers won’t be built for at least another decade. So why is NIST worried about this now? There are two main reasons.
First, many devices that use RSA security, like cars and some IoT devices, are expected to remain in use for at least a decade. So they need to be equipped with quantum-safe cryptography before they are released into the field.
Second, a nefarious individual could potentially download and store encrypted data today, and decrypt it once a large enough quantum computer comes online. This concept is called “harvest now, decrypt later“ and by its nature, it poses a threat to sensitive data now, even if that data can only be cracked in the future.
Security experts in various industries are starting to take the threat of quantum computersseriously, says Joost Renes, principal security architect and cryptographer at NXP Semiconductors. “Back in 2017, 2018, people would ask ‘What’s a quantum computer?’” Renes says. “Now, they’re asking ‘When will the PQC standards come out and which one should we implement?’”
NIST announced a public competition for the best PQC algorithm back in 2016. They received a whopping 82 submissions from teams in 25 different countries. Since then, NIST has gone through 4 elimination rounds, finally whittling the pool down to four algorithms in 2022.
These four winning algorithms had intense-sounding names: CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+, and FALCON. Sadly, the names did not survive standardization: The algorithms are now known as Federal Information Processing Standard (FIPS) 203 through 206. FIPS 203, 204, and 205 are the focus of today’s announcement from NIST. FIPS 206, the algorithm previously known as FALCON, is expected to be standardized in late 2024.
Two out of the three schemes already standardized by NIST, FIPS 203 and FIPS 204 (as well as the upcoming FIPS 206), are based on another hard problem, called lattice cryptography. Lattice cryptography rests on the tricky problem of finding the lowest common multiple among a set of numbers. Usually, this is implemented in many dimensions, or on a lattice, where the least common multiple is a vector.
The third standardized scheme, FIPS 205, is based on hash functions
central problem at the heart of all cryptography schemes: There is no proof that any of the math problems the schemes are based on are actually “hard.” The only proof, even for the standard RSA algorithms, is that people have been trying to break the encryption for a long time, and have all failed.
NIST’s announcement is exciting, but the work of transitioning all devices to the new standards has only just begun. It is going to take time, and money, to fully protect the world from the threat of future quantum computers.
“We’ve spent 18 months on the transition and spent about half a million dollars on it,” says Marty of LGT Financial Services. “We have a few instances of [PQC], but for a full transition, I couldn’t give you a number, but there’s a lot to do.”
Tomi Engdahl says:
Announcing Approval of Three Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography
August 13, 2024
https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved
The Secretary of Commerce has approved three Federal Information Processing Standards (FIPS) for post-quantum cryptography:
FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
FIPS 204, Module-Lattice-Based Digital Signature Standard
FIPS 205, Stateless Hash-Based Digital Signature Standard
These standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers, which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project.
FIPS 203 specifies a cryptographic scheme called the Module-Lattice-Based Key-Encapsulation Mechanism Standard, which is derived from the CRYSTALS-KYBER submission.
FIPS 204 and 205 each specify digital signature schemes, which are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. FIPS 204 specifies the Module-Lattice-Based Digital Signature Standard, which is derived from CRYSTALS-Dilithium submission. FIPS 205 specifies the Stateless Hash-Based Digital Signature Standard, which is derived from the SPHINCS+ submission.
Tomi Engdahl says:
Frederic Lardinois / TechCrunch:
The US NIST publishes its first three post-quantum cryptography standards; IBM’s director of research thinks quantum will hit an inflection point around 2030 — It’ll still be a while before quantum computers become powerful enough to do anything useful, but it’s increasingly likely …
The first post-quantum cryptography standards are here
https://techcrunch.com/2024/08/13/the-first-post-quantum-cryptography-standards-are-here/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAAJMZevVzp3QppLycVFq9mC8mKfDsE6GEexiHjfz1qpzSoosAyNScqQo4kwG2bTBQLDtqSbwsVloEnNt8XJzMPJ4l1cKFKNvfm-fM-QiEy7ze3m4wE8xysv1KWMznO3_y2Oqauulp13ARgChyYx3dmqGG4FLZp9WOBJznI31uGyS6
It’ll still be a while before quantum computers become powerful enough to do anything useful, but it’s increasingly likely that we will see full-scale, error-corrected quantum computers become operational within the next five to 10 years. That’ll be great for scientists trying to solve hard computational problems in chemistry and material science, but also for those trying to break the most common encryption schemes used today. That’s because the mathematics of the RSA algorithm that, for example, keep the internet connection to your bank safe, are almost impossible to break with even the most powerful traditional computer. It would take decades to find the right key. But these same encryption algorithms are almost trivially easy for a quantum computer to break.
“Then the question is, from that point on, how many years until you have systems capable of [breaking RSA]? That’s open for debate, but suffice to say, we’re now in the window where you’re starting to say: all right, so somewhere between the end of the decade and 2035 the latest — in that window — that is going to be possible. You’re not violating laws of physics and so on,” he explained.
One excuse for this, he said, is that there weren’t any standards yet, which is why the new standards announced Tuesday are so important (and the process for getting to a standard, it’s worth noting, started in 2016).
Even though many CISOs are aware of the problem, Gil said, the urgency to do something about it is low. That’s also because for the longest time, quantum computing became one of those technologies that, like fusion reactors, was always five years out from becoming a reality. After a decade or two of that, it became somewhat of a running joke. “That’s one uncertainty that people put on the table,” Gil said. “The second one is: OK, in addition to that, what is it that we should do? Is there clarity in the community that these are the right implementations? Those two things are factors, and everybody’s busy. Everybody has limited budgets, so they say: ‘Let’s move that to the right. Let’s punt it.’ The task of institutions and society to migrate from current protocols to the new protocol is going to take, conservatively, decades. It’s a massive undertaking.”
It’s now up to the industry to start implementing these new algorithms. “The math was difficult to create, the substitution ought not to be difficult,” Gil said about the challenge ahead, but he also acknowledged that that’s easier said than done.
Indeed, a lot of businesses may not even have a full inventory of where they are using cryptography today. Gil suggested that what’s needed here is something akin to a “cryptographic bill of materials,” similar to the software bill of materials (SBOM) that most development teams now generate to ensure that they know which packages and libraries they use in building their software.
Like with so many things quantum, it feels like now is a good time to prepare for its arrival — be that learning how to program these machines or how to safeguard your data from them. And, as always, you have about five years to get ready.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16483-nyt-ne-ovat-valmiit-salausstandardit-kestaevaet-kvanttikonehyoekkaeykset
Tomi Engdahl says:
Race to develop quantum-resistant encryption intensifies: https://ie.social/Njw2d
Breakthrough quantum algorithm can break advanced data encryption
https://interestingengineering.com/science/quantum-algorithm-mit-crack-advanced-encryption?utm_source=facebook&utm_medium=article_image
The widely-used RSA encryption system relies on the difficulty of factoring extremely large numbers, a task that classical computers cannot accomplish in a reasonable timeframe.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16543-suomalaistekniikka-tuo-laitteisiin-kvanttiturvallisen-kaeynnistyksen
Kryptografiaratkaisuja kehittävä suomalainen Xiphera on esitellyt uusimman tuotteensa, joka tuo kvanttiturvallisen todennuksen käynnistyskuville ja laiteohjelmistopäivityksille. Tuote on nimeltään nQrux Secure Bootin, ja se tulee osaksi yhtiön nQrux Hardware Trust Engines -perhettä.
Tomi Engdahl says:
Meta warns of looming ‘quantum apocalypse’ for modern encryption, cryptography standards
Meta said that protecting asymmetric cryptography used by blockchains is the company’s top priority related to quantum computing.
https://cryptoslate.com/meta-warns-of-looming-quantum-apocalypse-for-modern-encryption-cryptography-standards/
Tomi Engdahl says:
‘Unbreakable’ quantum communication closer to reality thanks to new, exceptionally bright photons
https://www.livescience.com/technology/communications/unbreakable-quantum-communication-closer-to-reality-thanks-to-new-exceptionally-bright-photons
Scientists build a new light source for quantum communications by combining existing technologies together to create a stronger and more robust quantum signal.
Tomi Engdahl says:
The Register: Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption > https://go.theregister.com/feed/www.theregister.com/2024/10/14/china_quantum_attack/, 2024-10-14 06:30:09 +0000
Tomi Engdahl says:
Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption
https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/
Chinese researchers, using a D-Wave quantum computer, claim to have executed what they are calling the first successful quantum attack on widely used encryption algorithms, posing a “real and substantial threat” to sectors like banking and the military, as reported by SCMP.
The D-Wave Advantage, initially designed for non-cryptographic applications, was used to breach SPN-structured algorithms but has not yet cracked specific passcodes, highlighting the early-stage nature of this threat.
Despite the advance, the researchers acknowledge limitations such as environmental interference, underdeveloped hardware and the inability to develop a single attack method for multiple encryption systems still hinder quantum computing’s full cryptographic potential.
According to SCMP, the research team employed the D-Wave Advantage quantum computer to target the Present, Gift-64, and Rectangle algorithms, called key representatives of the Substitution-Permutation Network (SPN) structure. This structure is foundational for advanced encryption standards (AES), a system widely deployed in military and financial encryption protocols, according to the newspaper. While AES-256 is often labeled as military-grade and considered the most secure encryption standard available, the study suggests that quantum computers may soon threaten such security.
“This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today,”
Tomi Engdahl says:
Chinese Hackers Use Quantum Computer to Break Military Grade Encryption
https://futurism.com/the-byte/hackers-quantum-computer-military-encryption
It’s “the first time that a real quantum computer has posed a real and substantial threat.”
As The Register notes, details of the hackers’ techniques remain pretty murky. The quantum-aided attacks were also implemented against a much shorter encryption key than is usually used in the real world, meaning that the alleged findings are, at best, a promising though still theoretical start to cracking these algorithms out in the wild.
All in all, though the paper comes with a heavy grain of salt, its findings may warrant a pulse check on the efficacy of modern encryption standards — not to mention fuel efforts to devise the cryptography standards of the future.
Tomi Engdahl says:
https://www.dna.fi/yrityksille/blogi/-/blogs/aloita-yrityksesi-siirtyma-kvanttisalaukseen-jo-tanaan?utm_source=facebook&utm_medium=social&utm_content=LAA-artikkeli-aloita-yrityksesi-siirtyma-kvanttisalaukseen-jo-tanaan&utm_campaign=AK_LAA_24-40-43_kyberturva2025_artikkelikampanja_&fbclid=IwZXh0bgNhZW0BMAABHYwVOMnd5Oss2ZdhPxKhWILiyV0BhUlbiqN-3r5uUgOoWsOcHI9rQg_IAw_aem_j4FIkBvcwvcOBEMYtSdc8A
Tomi Engdahl says:
Bittiumin Mobile VPN sai kvanttiturvan
https://www.uusiteknologia.fi/2024/10/22/bittiumin-mobile-vpn-sai-kvanttiturvan/
Oululainen teknologiayhtiö Bittium on toteuttanut tietoliikenneyhteyksien salaamiseen käytettävään SafeMove Mobile VPN -ohjelmistoonsa ML-KEM-algoritmilaajennuksen, jonka myötä Bittium voi tarjota kvanttiturvalliset yhteydet ja suojata ne tulevilta kvanttilaskennan uhilta.
Siirtymällä kvanttiturvallisten algoritmien käyttöön voidaan välttää tilanne, jossa klassisilla algoritmeilla salattuja tietoja on mahdollista kerätä myöhempää kvanttitietokoneella tehtävää analyysia varten. Klassiset algoritmit ovat haavoittuvia tehokkaalle kvanttilaskennalle, joten niiden korvaamiseksi tarvitaan kvanttiturvallisia algoritmeja.
Kvanttiturvallisten algoritmien toteuttaminen on tullut ajankohtaisemmaksi kvanttitietokoneiden kehityksen edetessä. Suomessakin kansallinen kryptotyöryhmä on linjannut, että NIST:n standardoimat kvanttiturvalliset algoritmit, kuten ML-KEM, tullaan lisäämään salaustuotteiden arvioinnissa hyödynnettävään kansalliseen kryptokriteeristöön.
Bittiumin IPsec-tietoliikenneprotokollaa käyttävässä SafeMove Mobile VPN -ohjelmistossa salaus toteutetaan niin kutsuttuna hybridimenetelmänä eli kahden algoritmin yhdistelmänä; klassisen julkisen avaimen algoritmin ja kvanttiturvallisen algoritmin. Hybridimenetelmän etuna on, että tiedon turvallisuus ei vaarannu, vaikka kvanttiturvallisesta algoritmista löytyisikin haavoittuvuus algoritmitutkimuksen ja kvanttitietokoneiden kehityksen yhä edetessä.
SafeMoveMobile VPN on käytössä esimerkiksi NATO Restricted ja TL III -tason tiedon suojaukseen hyväksytyssä Bittium Tough Mobile 2 C -militarikännykässä, ja se on mahdollista ottaa käyttöön muissa Android- ja Microsoft Windows -laitteissa.
https://www.bittium.com/defense-security/bittium-safemove-mobile-vpn/
Tomi Engdahl says:
Microchipin uusimmat RISC-V-mikroprosessorit tukevat kvanttiluokan salausta
https://etn.fi/index.php/13-news/16754-microchipin-uusimmat-risc-v-mikroprosessorit-tukevat-kvanttiluokan-salausta
Kvanttitietokoneiden odotettu saapuminen aiheuttaa merkittävän uhan, sillä ne saavat nykyiset tietoturvamenetelmät tehottomiksi. Microchipin RISC-V-pohjainen PIC64HX on yksi markkinoiden ensimmäisistä mikroprosessoreista, joka tukee äskettäin standardoituja kvanttitason salausalgoritmeja.
Kyse on NIST-järjestön standardoimista FIPS 203- ja FIPS 204-algoritmeista. FIPS 203 (ML-KEM) on avainten vaihtoon tarkoitettu kryptografinen algoritmi, joka tarjoaa suojan kvanttitietokoneiden laskentatehoa vastaan. FIPS 204 (ML-DSA) puolestaan on digitaalinen allekirjoitusalgoritmi, joka varmistaa tiedon eheyden ja autentikoinnin kvanttiturvallisella tavalla.
PIC64HX on korkean suorituskyvyn moniytiminen 64-bittinen RISC-V -mikroprosessori, joka kykenee kehittyneeseen tekoälyn (AI) ja koneoppimisen (ML) prosessointiin. Se on varustettu aikakriittistä verkotusta tukevalla TSN Ethernet -yhteys sekä puolustusluokan tietoturvalla.
Prosessorille integroitu Ethernet-kytkin sisältää TSN-ominaisuuksia
Tomi Engdahl says:
Quantum Technology Is a Threat to Data Security. It’s Also Part of the Solution
https://sponsored.bloomberg.com/quicksight/nokia/quantum-technology-is-a-threat-to-data-security-it-s-also-part-of-the-solution?utm_medium=social&utm_id=customcontent-PowerofN&utm_source=Facebook&utm_campaign=Business-Paid&utm_content=USEU-Ad3&fbclid=IwZXh0bgNhZW0BMABhZGlkAAAGAHqcVEgBHS1X1_kN91ffAXPn5oKh4nImD7UuKhLlW2-3c9bjIoeHgg2V-P9lPryghQ_aem_rkYl85JtEJeM4PJ-F8HJxg
As digital technology becomes more sophisticated, so do the associated risks. The average cost of a data breach is now almost $4.5 million, and ensuring data security and privacy are rapidly escalating business priorities. Companies are being forced to rethink their digital security strategies to minimize risks to their operations, employees and customers.
Fast-evolving quantum computers may further increase these risks
The Impact
It will take between five and 10 years for the necessary developments in hardware, software and error correction to bring quantum computing into the mainstream. While not yet mature, the technology is making faster progress than initially expected
The Global Risk Institute estimates that by 2030, there will be an 11% to 31% probability that quantum computers will be able to break our most prevalent cryptographic methods, which are based on the factorization of large prime numbers. And this probability will only increase.
This poses a tremendous threat to every enterprise or organization that relies upon trusted data as its lifeblood
For mission-critical industries such as defense, transportation, energy and utilities, security breaches can prove catastrophic. They can involve state actors, nation-to-nation conflicts and the disruption of critical systems. But the effects can be equally serious for financial institutions, research facilities and health care operations.
“That is where we are seeing a lot of momentum right now
“That is where we are seeing a lot of momentum right now, because those industries have the kind of sensitive information that has been—and needs to remain—private for a very long time,” Charbonneau says.
According to Mohapatra, “The key to overcoming this challenge lies in leveraging quantum computing to develop more robust cryptographic systems.”
Adopting a defense-in-depth strategy, which incorporates multiple layers of complementary and additive quantum-safe cryptography across both applications and networks, will make it harder for threat actors to compromise our data. And this is what quantum-safe networks—an outcome-based solution—aim to achieve.
Quantum-safe networks provide essential protection for quantum computing. By integrating quantum-safe technologies, such networks are fortified against future cyber threats, hindering malicious actors.
Investing in quantum-safe networks will reduce the risks faced by organizations due to quantum computers’ encryption-busting abilities.
Tomi Engdahl says:
Here’s the paper no one read before declaring the demise of modern cryptography
The advance was incremental at best. So why did so many think it was a breakthrough?
https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/#gsc.tab=0
Tomi Engdahl says:
Merkittävä askel: kvanttisalaus kaupallisen operaattorin verkkoon
https://www.uusiteknologia.fi/2024/11/14/merkittava-edistysaskel-kvanttisalaus-vietiin-kaupallisen-operaattorin-verkkoon/
Tietoliikenneyhtiö Telia on ensimmäisenä kaupallisena operaattorina testannut uudenlaista kvanttisalaustekniikkaa omassa verkossaan. Tällä viikolla Helsingissä tehty kokeilu on merkittävä edistysaskel kansallisessa hankkeessa, jossa rakennetaan kvanttiturvallista salausverkkoa.
Uudenlainen kvanttiavainjakelu (QKD, quantum key distribution) on uusi kvanttimekaniikkaan pohjautuva menetelmä varmistaa turvallinen tietoliikenne. Hanke kuuluu osana EU:n EuroQCI-aloitteeseen, jossa ollaan luomassa erityisesti kriittisen infrastruktuurin turvaksi kattava kvanttisalausverkko unionin alueelle kuluvan vuosikymmenen loppuun mennessä.
Suomessa tutkimuslaitos VTT vetää Suomessa kansallisen kvanttiturvallisen verkon NaQCI.fi-hanketta yhdessä superkoneisiin keskittyneen Tieteen tietotekniikan CSC-keskuksen, valtion pääosin omistamien Cinia Oy:n ja Suomen Erillisverkot Oy:n kanssa. Siihen liittyen teleoperaattori Telian testi kuuluu vaiheeseen, jossa rakennetaan julkista koeverkkoa pääkaupunkiseudulle. Vastaavia kansallisia koeverkkoja on tulossa jokaiseen EU-maahan.
”Telian demo on merkittävä askel kohti Suomen kvanttiturvallisen verkon rakentamista ja sen laajempaa hyödyntämistä yrityksissä ja organisaatioissa. Nyt pääsimme näkemään, miten uusi ja vaativa teknologia toimii kaupallisen operaattorin verkossa”, VTT:n erikoistutkija Kari Seppänen sanoo.
We enable future security -
we enable the security of the future.
Petrus coordinates the deployment of EuroQCI, a secure quantum communication infrastructure spanning the whole EU, including its overseas territories.
https://petrus-euroqci.eu/
Tomi Engdahl says:
Telia testasi kvanttiavaintenvaihtoa
https://etn.fi/index.php/13-news/16852-telia-testasi-kvanttiavaintenvaihtoa
Telia on ensimmäisenä kaupallisena operaattorina testannut äärimmäisen turvallista kvanttisalaustekniikkaa omassa verkossaan Helsingissä. Viime viikolla toteutettu testi on merkittävä edistysaskel kansallisessa hankkeessa, jonka tavoitteena on rakentaa Suomelle kvanttiturvallinen salausverkko.
Kvanttiavainjakelu (QKD, quantum key distribution) on kvanttimekaniikkaan perustuva menetelmä, joka takaa äärimmäisen turvallisen tietoliikenteen. Testi liittyy Suomen kansalliseen hankkeeseen, joka on osa EU EuroQCI-aloitetta. Aloitteen tavoitteena on rakentaa Euroopan laajuinen kvanttisalausverkko vuoteen 2030 mennessä erityisesti kriittisen infrastruktuurin suojaamiseksi.
Suomessa kansallista kvanttiturvallista verkkoa kehittää NaQCI.fi-hanke, jota johtaa VTT yhteistyössä CSC:n, Cinian ja Suomen Erillisverkot Oy:n kanssa. Telian testi on osa hankkeen ensimmäistä vaihetta, jossa rakennetaan julkista koeverkkoa pääkaupunkiseudulle. Vastaavia verkkoja on kehitteillä kaikissa EU-maissa.
Tomi Engdahl says:
Check Point uudisti palomuurinsa: tekoäly mullistaa kyberturvan
https://etn.fi/index.php/13-news/16895-check-point-uudisti-palomuurinsa-tekoaely-mullistaa-kyberturvan
Check Point Software Technologies on julkistanut uuden Quantum Firewall Software R82 -ohjelmistonsa, joka tuo markkinoille ennennäkemättömiä tekoälyyn pohjautuvia kyberturvallisuusratkaisuja. Ohjelmiston tarkoituksena on vastata organisaatioiden kohtaamaan maailmanlaajuiseen kyberuhkien kasvuun, joka on yltänyt jopa 75 prosenttiin. R82 hyödyntää edistynyttä tekoälyteknologiaa ja tarjoaa tehokkaita ratkaisuja nollapäivähyökkäysten, tietojenkalastelun, haittaohjelmien ja DNS-haavoittuvuuksien torjumiseen.
Check Pointin tuotepäällikkö Nataly Kremer korostaa, että uhkien monimutkaistuessa organisaatiot tarvitsevat älykkäitä ja ketteriä ratkaisuja pysyäkseen askeleen edellä. Uusi ohjelmisto ei vain tarjoa maailmanluokan turvallisuusinnovaatioita, vaan tekee niiden käyttöönotosta helppoa ja skaalautuvaa, mikä on elintärkeää nykypäivän liiketoimintaympäristössä.
Quantum Firewall R82 -ohjelmisto hyödyntää neljää uutta tekoälymoottoria, joiden avulla se pystyy estämään jopa 99,8 prosenttia kaikista nollapäivähyökkäyksistä. Tämä tarkoittaa yli 500 000 lisähyökkäyksen torjumista kuukausittain. Lisäksi ohjelmisto on suunniteltu tukemaan datakeskusten ja sovelluskehityksen ketteryyttä. Virtuaalipalvelimien käyttöönotto on nyt jopa kolme kertaa nopeampaa, mikä mahdollistaa sovelluskehityksen nopean etenemisen ja monikäyttöympäristöjen vaivattoman hallinnan.
Merkittävä parannus on myös ohjelmiston hyödyntämä NIST-hyväksytty Kyber-salaus, joka tarjoaa kvanttitietokoneiden kestävää tietoturvaa. Tämä varmistaa, että organisaatioiden salattu tieto pysyy turvassa myös tulevaisuudessa, kun kvanttitietokoneet mahdollisesti uhkaavat nykyisiä salausstandardeja.
Check Point on myös lisännyt ohjelmistoonsa useita tekoälyyn pohjautuvia innovaatioita, kuten Infinity AI Copilot -avustajan, joka nopeuttaa uhkien ratkaisemista ja turvallisuuden hallintaa, sekä GenAI Protect -ratkaisun, joka mahdollistaa generatiivisen tekoälyn turvallisen käytön yrityksissä. Lisäksi yritys tarjoaa Infinity External Risk Management -palvelun, joka seuraa ja estää uhkia reaaliajassa.
Tomi Engdahl says:
Google unveils new quantum computing chip: Clock ticking for crypto encryption?
One expert says while Willow is a significant development, it’s still far short of being a threat to crypto encryption, at least for now.
https://cointelegraph.com/news/google-unveils-new-quantum-computing-chip-clock-ticking-crypto-encryption
Google’s Quantum AI team says its new quantum computing chip is capable of solving a computational problem in less than five minutes — the same problem that would take one of the best supercomputers about 10 septillion years to solve.
The chip, known as Willow, can exponentially correct errors and process certain computations at a mind-boggling pace, Hartmut Neven, Google’s Quantum AI lead, said in a Dec. 9 blog.
“This mind-boggling number exceeds known timescales in physics and vastly exceeds the age of the universe,” he said.
Is Willow a threat to crypto encryption?
Advances in quantum computing have long been feared as an inflection point for the crypto industry. Computers capable of breaking encryption could expose user funds to thieves in large volumes and at rapid rates.
Tech entrepreneur and former senior product manager for Google, Kevin Rose, said in a Dec. 9 statement on X that Willow was still far short of being a threat to crypto.
According to Rose, estimates for compromising Bitcoin’s encryption would require a quantum computer with approximately 13 million qubits to achieve decryption within 24 hours.
“In contrast, Google’s Willow chip, while a significant advancement, comprises 105 qubits,” he said.
Tomi Engdahl says:
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google’s Willow quantum chip marks a transformative moment in quantum computing development.
https://www.securityweek.com/googles-willow-chip-signals-the-urgency-of-post-quantum-cryptography-migration/
Forget the 10 septillion years needed for a classical computer to solve this problem, and focus instead on the falling number of necessary error correction qubits.
Google announced its latest quantum computing advance, the Willow chip, on December 9, 2024. The announcement focuses on two aspects: current power and future potential.
The power is demonstrated by large numbers: Willow can solve a problem in less than five minutes that would take a classical supercomputer 10 septillion years to solve. Now, even though the supercomputer and the length of time it would take are not factual but obviously simulations, and even though the problem may have been developed specifically to be solved by Willow, this is mighty impressive.
Karl Holmqvist, founder and CEO of Lastwall, explains the process. “What Google achieved with Willow involves something called random circuit sampling (RCS), which generates random quantum circuits specifically designed as a benchmark for quantum computers,” he told SecurityWeek.
“RCS is about creating complex pseudo-random quantum circuits, making it extremely difficult for classical computers to process. In that sense, it’s a contrived problem because it’s built specifically to test quantum systems. However, it is also an accepted benchmark for evaluating whether a system can harness quantum effects.”
It is and is meant to be impressive. Note that in 2019 Google bragged about achieving ‘quantum supremacy’ with a quantum computer that could solve a different problem that would take a supercomputer 10,000 years to solve in around 200 seconds. Willow shows a remarkable improvement in just five years.
But it is perhaps not as impressive as we are meant to assume. There is no apparent dramatic decrease in the time to a cryptographically relevant quantum computer (CRQC) – that point at which a quantum computer will be able to decrypt current PKE encryption. To put it bluntly, it is specifically CRQC rather than quantum computing in general that is of current concern to cybersecurity professionals.
It is the other part of the Willow announcement that is of greater importance — Google appears to have made a breakthrough in quantum error correction. Qubits are so inherently fragile (prone to errors from environmental noise, decoherence, and operational imperfections) that each ‘functioning’ qubit requires many more qubits to correct the errors. Without that error correction, a quantum computer effectively decays into a classical computer.
Willow has 105 qubits. IBM’s Osprey says it has 433 qubits. “What’s the use of a high qubit count if error rates are so high the results cannot be trusted?” asks Skip Sanzeri, co-founder and COO, QuSecure. “I think it’s safe to say that IBM and others have not yet achieved these error correction milestones or most likely we would have heard about them. We can bet that all eyes will be on Google as other companies and nation-states will attempt to mimic Willow’s error correction.”
Google has demonstrated with Willow that it can increase the number of qubits while simultaneously reducing the reliance on error correcting qubits.
“This is a major watershed moment for quantum computation design, marked by the demonstration of below-threshold scaling capabilities,”
It is impossible to say that Willow and Google’s below threshold error correction brings the day of CRQC any closer, but it does have that potential. The real lesson for security folk is that we no longer dare delay our cryptographic migration to NIST’s post quantum and agile encryption algorithms. To do so goes beyond folly.
https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/
Tomi Engdahl says:
https://u.today/googles-new-quantum-chip-wont-kill-bitcoin-expert-says
Tomi Engdahl says:
Nokia demosi ensimmäisenä kvanttiturvallista mobiiliverkkoa
https://etn.fi/index.php/13-news/16981-nokia-demosi-ensimmaeisenae-kvanttiturvallista-mobiiliverkkoa
Nokia ja Turkcell ovat yhteistyössä saavuttaneet maailman ensimmäisenä kvanttiturvallisen IPsec-verkkosalauksen toteutuksen mobiiliverkkojen käyttöön. Tämä merkittävä saavutus edustaa kriittistä askelta mobiiliverkkojen suojaamisessa tulevaisuuden kvanttitietokoneiden aiheuttamia uhkia vastaan. Nokia ja Turkcell käyttävät uusimpia kryptografisia standardeja varmistaakseen, että mobiiliviestintä pysyy turvassa nykyisissä ja tulevissa uhkatilanteissa.
Kvanttitietokoneiden kehittyessä perinteiset kryptografiset menetelmät, kuten RSA ja ECC, voivat tulla haavoittuvaisiksi tehokkaille kvanttihyökkäyksille, jotka voivat murtaa perinteisen salauksen. Tämä tuo merkittäviä haasteita tietoturvalle, erityisesti kriittisissä infrastruktuureissa kuten mobiiliverkoissa. Nokian ja Turkcellin yhteinen demonstraatio kvanttiturvallisen IPsec-salauksen käyttöönotosta mobiiliverkossa asettaa uuden standardin verkkojen suojaukselle.
Demonstraatiossa hyödynnettiin AES-256-salausta (Advanced Encryption Standard 256-bit), joka on symmetrinen salausalgoritmi. Symmetriset algoritmit, kuten AES-256, ovat kvanttiturvallisia, koska ne kestävät kvanttitietokoneiden tunnetut hyökkäysmenetelmät, kuten Groverin algoritmin, joka ainoastaan puolittaa algoritmin tehollisen avainpituuden (256 bittiä -> 128 bittiä). AES-256 tarjoaa edelleen riittävän turvatason jopa kvanttitietokoneiden aikakaudella.
Datan siirto reitittimien välillä perustuu MACsec-standardin (Media Access Control Security) käyttöön. MACsec on Ethernetin Layer 2 -salausstandardi, joka suojaa verkkoa varmistaen datan luottamuksellisuuden ja eheyden. Yhdistettynä AES-256-salaukseen MACsec takaa turvallisen datan ja avainten siirron verkossa.
Nokian FP5-prosessori toimii demonstraation teknisenä selkärankana. FP5 tukee sekä AES-256-salausta että MACsec-standardia