Post Quantum Cryptography

https://access.redhat.com/blogs/766093/posts/3031361?sc_cid=7016000000127ECAAY

The SSL/TLS protocol uses RSA, Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) primitives for the key exchange algorithm.

RSA is based on the fact that when given a product of two large prime numbers, factorizing the product (which is the public key) is computationally intensive, but a quantum computer could efficiently solve this problem using Shor’s algorithm. Similarly, DH and ECDH key exchanges could all be broken very easily using sufficiently large quantum computers.

For symmetric ciphers, the story is slightly different. It has been proven that applying Grover’s algorithm the strength of symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover’s algorithm that AES-128 has against classical brute-force search. Hashes are also affected in the same way symmetric algorithms are.

Therefore, we need new algorithms which are more resistant to quantum computations. This article introduces you to 5 proposals, which are under study.

223 Comments

  1. Tomi Engdahl says:

    Milloin kvanttitietokone pystyy murtamaan nykysalaukset?
    https://www.tivi.fi/uutiset/tv/9cca64ef-f419-4a18-8590-82480a165a66
    Tulevaisuuden kvanttitietokoneet mullistavat suurteholaskennan, mutta
    murtavat samalla internetin tärkeimmät salausmenetelmät. Uhkaan
    varaudutaan myös Suomessa.

    Reply
  2. Tomi Engdahl says:

    The Promise and Threat of Quantum Computing
    https://www.securityweek.com/promise-and-threat-quantum-computing
    Quantum computing promises future information security, but simultaneously threatens all information currently protected by 2048-bit RSA encryption. It is time to evaluate the threat and examine possible solutions.

    Reply
  3. Tomi Engdahl says:

    Milloin kvanttitietokone pystyy murtamaan nykysalaukset?
    https://www.tivi.fi/uutiset/milloin-kvanttitietokone-pystyy-murtamaan-nykysalaukset/9cca64ef-f419-4a18-8590-82480a165a66
    Tulevaisuuden kvanttitietokoneet mullistavat suurteholaskennan, mutta
    murtavat samalla internetin tärkeimmät salausmenetelmät. Uhkaan
    varaudutaan myös Suomessa. Kvanttitekniikka lupaa jättimäistä
    laskentakapasiteettia säätilojen ennustamiseen, geenitutkimukseen ja
    muihin suurteholaskentaa vaativiin tehtäviin. Samalla kvanttitekniikka
    herättää myös pelkoa. Yleiskäyttöinen kvanttitietokone voisi murtaa
    tärkeimmät internetissä käytetyt salausmenetelmät hetkessä. Siksi
    kvanttikoneiden uhkaan varaudutaan nyt myös meillä Suomessa.

    Reply
  4. Tomi Engdahl says:

    Quantum Computing is a Challenge for Cryptography
    https://www.eetimes.com/quantum-computing-is-a-challenge-for-cryptography/

    Quantum computing promises significant breakthroughs in science, medicine, financial strategies, and more, but it also has the power to blow right through current cryptography systems, therefore becoming a potential risk for a whole range of technologies, from the IoT to technologies that are supposedly hack-proof, like blockchain.

    Cryptography is everywhere — in messages from WhatsApp, online payments, eCommerce sites. Perhaps we cannot see it, but our data are transformed several times to avoid being tracked. “Simple” Wi-Fi is protected by the Wi-Fi Protected Access 2 (WPA2) protocol. Every credit card transaction is protected by the Advanced Encryption Standard (AES). These are different encryption methods with different mathematical problems to solve.

    In order to keep ahead of potential security problems, the length of the encryption keys is gradually increasing, and the algorithms are gradually becoming more sophisticated. The general principle is that the longer the key length, the more difficult it is for a brute force to attack and break it. These are attacks in which cyber criminals make thousands of attempts to force keys until they find the right one.

    All of this remains true with classic computers that operate with bits and bytes. If and when quantum computers that use qubits come into play, however, then the story changes. In the case of encryption keys, quantum computers are able to process an enormous number of potential results in parallel.

    Progress in quantum computing would jeopardize the use of PKI X.509 (RSA, ECDSA) certificates used today for authentication and digital signature algorithms: all must be protected by new quantum-resistant algorithms to remain secure.

    Reply
  5. Tomi Engdahl says:

    Intel Creating Cryptographic Codes That Quantum Computers Can’t Crack
    Intel researchers developed a hardware accelerator that helps IoT devices use post-quantum cryptography
    https://spectrum.ieee.org/tech-talk/computing/hardware/how-to-protect-the-internet-of-things-in-the-quantum-computing-era

    The world will need a new generation of cryptographic algorithms once quantum computing becomes powerful enough to crack the codes that protect everyone’s digital privacy. An Intel team has created an improved version of such a quantum-resistant cryptographic algorithm that could work more efficiently on the smart home and industrial devices making up the Internet of Things.

    The Bit-flipping Key Encapsulation (BIKE) provides a way to create a shared secret that encrypts sensitive information exchanged between two devices. The encryption process requires computationally complex operations involving mathematical problems that could strain the hardware of many Internet of Things (IoT) devices. But Intel researchers figured out how to create a hardware accelerator that enables the BIKE software to run efficiently on less powerful hardware.

    “Software execution of BIKE, especially on lightweight IoT devices, is latency and power intensive,” says Manoj Sastry, principal engineer at Intel. “The BIKE hardware accelerator proposed in this paper shows feasibility for IoT-class devices.”

    Intel has been working in cooperation with several other companies to develop BIKE as one possible quantum-resistant algorithm among the many being currently evaluated by the U.S. National Institute of Standards and Technology.

    Reply
  6. Tomi Engdahl says:

    Quantum computing may make current encryption obsolete, a quantum internet could be the solution
    https://www.zdnet.com/article/quantum-computing-may-make-current-encryption-obsolete-a-quantum-internet-could-be-the-solution/

    Sometime between now and 2030, the mathematical system that protects all of digital communications may fall victim to a superior quantum system. Preparing for that time may require us to reinvent the network itself.

    Reply
  7. Tomi Engdahl says:

    IBM aims for quantum computing safe encryption, security tools
    https://www.zdnet.com/article/ibm-aims-for-quantum-computing-safe-encryption-security-tools/

    Quantum computing will bring about a sea change and provide the means to thwart existing defenses easily. IBM is pitching enterprises on future proofing.

    Reply
  8. Tomi Engdahl says:

    A Swiss Company Says It Found Weakness That Imperils Encryption
    https://www.bloombergquint.com/onweb/a-swiss-company-says-it-found-weakness-that-imperils-encryption
    Now, a Swiss technology company says it has made a breakthrough by
    using quantum computers to uncover vulnerabilities in commonly used
    encryption. The company believes it’s found a security weakness that
    could jeopardize the confidentiality of the world’s internet data,
    banking transactions and emails. The company said that its research
    found vulnerabilities that affect symmetric encryption ciphers,
    including the Advanced Encryption Standard, or AES, which is widely
    used to secure data transmitted over the internet and to encrypt
    files. Using a method known as quantum annealing, the company said its
    research found that even the strongest versions of AES encryption may
    be decipherable by quantum

    Reply
  9. Tomi Engdahl says:

    Solving the Cryptography Riddle: Post-quantum Computing &
    Crypto-assets Blockchain Puzzles
    https://www.enisa.europa.eu/news/enisa-news/solving-the-cryptography-riddle-post-quantum-computing-crypto-assets-blockchain-puzzles
    The European Union Agency for Cybersecurity releases two reports on
    cryptography: one on the progress of post-quantum cryptography
    standardisation, and the other on exploring the technologies under the
    hood of crypto-assets.

    Reply
  10. Tomi Engdahl says:

    Quantum computing could make encryption algorithms obsolete, Swiss firm claims
    Quantum computers could in several years be used to break some widespread encryption algorithms, the company said
    https://www.telegraph.co.uk/technology/2021/02/08/quantum-computing-could-make-encryption-algorithms-obsolete/

    Reply
  11. Tomi Engdahl says:

    Migration to Post-Quantum Cryptography: Draft Project Description Available for Comment
    https://csrc.nist.gov/News/2021/migration-to-pqc-draft-project-description

    Reply
  12. Tomi Engdahl says:

    Researchers create an ‘un-hackable’ quantum network over hundreds of kilometers using optical fiber https://www.zdnet.com/article/researchers-created-an-un-hackable-quantum-network-over-hundreds-of-kilometers-using-optical-fiber/
    Researchers from Toshiba have successfully sent quantum information over 600-kilometer-long optical fibers, creating a new distance record and paving the way for large-scale quantum networks that could be used to exchange information securely between cities and even countries.

    Reply
  13. Tomi Engdahl says:

    The Story of Shor’s Algorithm, Straight From the Source | Peter Shor
    https://m.youtube.com/watch?v=6qD9XElTpCE

    Reply
  14. Tomi Engdahl says:

    The race is on for quantum-safe cryptography
    New techniques could stand up to the power of a quantum computer — if we implement them in time
    https://www.theverge.com/22523067/nist-challenge-quantum-safe-cryptography-computer-lattice

    Reply
  15. Tomi Engdahl says:

    Kvanttitietokoneet mullistavat salausmenetelmät kryptografian osaajista on nyt kasvava pula https://www.tivi.fi/uutiset/kvanttitietokoneet-mullistavat-salausmenetelmat-kryptografian-osaajista-on-nyt-kasvava-pula/a0c16f9f-3246-4cf5-9055-203f00e1901f
    Kysyntä kryptografian osaajille kasvaa. Asia käy ilmi Kyberala ry:n vuosittaisesta jäsenkyselystä, jossa kryptografian osaajat nousivat kolmen kärkeen kysyttäessä, minkä sektorin osaajista on pulaa työmarkkinoilla.

    Reply
  16. Tomi Engdahl says:

    RISC-V Chip Delivers Quantum-Resistant Encryption
    https://spectrum.ieee.org/risc-v-chip-delivers-quantum-resistant-encryption

    New chip aims to future-proof security against coming quantum computers

    This post-quantum cryptography chip relies on a tight combination of hardware and software to apply post-quantum encryption performant and energy-efficiently.

    Many new encryption techniques seek to resist powerful attacks that could be done using future quantum computers, but these methods often require enormous processing power. Now scientists in Germany have developed a microchip they say can implement such techniques very efficiently that could help make an era of “post-quantum cryptography” a reality.

    In theory, quantum computers can rapidly find the answers to problems it might take classical computers eons to solve. For example, much of modern cryptography relies on the extreme difficulty that classical computers face when it comes to mathematical problems such as factoring huge numbers, but quantum computers can run algorithms that can quickly solve these problems.

    To stay ahead of quantum computers, researchers around the world are designing post-quantum cryptography algorithms based on new mathematical problems that both quantum and classical computers find difficult to solve. Many of these algorithms rely on so-called lattice-based cryptography, which center around problems based on lattices of multiple points or vectors

    In a nutshell, a lattice-based cryptography algorithm usually selects a target point in a lattice on which a secret message depends. The algorithm then adds random noise so this point is close to, but not exactly on, a certain other lattice point. The problem of finding the original target point—and the corresponding secret message—without knowing what noise was added is challenging for both classical and quantum computers, especially when the lattice is extremely large, Sigl explains.

    However, lattice-based cryptography algorithms can require a lot of processing power when it comes to operations such as generating randomness and multiplying polynomials.

    Industrial partners on this work include German companies such as Siemens, Infineon Technologies, and Giesecke+Devrient.

    All in all, the new chip is roughly 10 times faster when encrypting with Kyber, one of the most promising post-quantum lattice-based cryptography algorithms, when compared to chips based entirely on software solutions, Sigl says. It also uses about eight times less energy.

    Moreover, the researchers say their microchip is flexible enough to also support SIKE, a different post-quantum algorithm that is not lattice-based and requires much more computing power than Kyber, but is seen as a promising alternative if lattice-based approaches no longer prove secure.

    Reply
  17. Tomi Engdahl says:

    NSA Releases Quantum Computing, Post-Quantum Cryptography FAQs
    https://thequantumdaily.com/2021/08/30/nsa-releases-quantum-computing-post-quantum-cryptography-faqs/

    Quantum computing and post-quantum cryptography concerns are moving more into the mainstream of cryptographic discussions, particularly in areas concerned with national defense. The National Security Agency (NSA) released a frequently asked questions document on Quantum Computing and Post-Quantum Cryptography.

    The 8-page document offers an overview of quantum computing, its relationship to cryptography, the Commercial National Security Algorithm Suite, Commercial Solutions for Classified (CSfC) and National Information Assurance Partnership (NIAP) and future algorithms and cryptography.

    Reply
  18. Tomi Engdahl says:

    AWS researcher merges the power of two quantum computers to help make cryptography keys stronger
    A researcher from AWS has combined two quantum processors to create near-perfect randomness. It could help improve modern cryptography protocols.
    https://www.zdnet.com/article/aws-researcher-merges-the-power-of-two-quantum-computers-to-help-make-cryptography-keys-stronger/

    Reply
  19. Tomi Engdahl says:

    DHS and NIST release post-quantum cryptography guidance https://therecord.media/dhs-and-nist-release-post-quantum-cryptography-guidance/
    The Department of Homeland Security and the Department of Commerce’s National Institute of Standards and Technology on Monday released a guide designed to help organizations prepare for risks introduced by advancements in quantum computing.

    Reply
  20. Tomi Engdahl says:

    Quantum Crypto Crams Into System-on-a-Chip
    Toshiba reports the first photonic chip to deliver full-stack quantum key distribution
    https://spectrum.ieee.org/quantum-cryptography-on-photonic-chips

    Reply
  21. Tomi Engdahl says:

    While they wrestle with the immediate danger posed by hackers today, US government officials are preparing for another, longer-term threat: attackers who are collecting sensitive, encrypted data now in the hope that they’ll be able to unlock it at some point in the future. The threat comes from quantum computers, which work very differently from…

    Hackers are stealing data today so quantum computers can crack it in a decade
    https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/?utm_source=Facebook&utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement

    The US government is starting a generation-long battle against the threat next-generation computers pose to encryption.

    Reply
  22. Tomi Engdahl says:

    Interesting development.
    What ever will the Competitive Intelligence companies do or tools NOW?

    US bans trade with security firm NSO Group over Pegasus spyware
    https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.engadget.com%2Fus-trade-ban-nso-group-145347522.html&h=AT0x53wNrr3pGAyXxxiZOieKP1aKlsY3X07CW9A9I6RABXEUrw0AiIS391LtkO5WW5bcYTG0FiAVrds92fzkaaWJLY3mOUuyV1ikuxjRtOce9AiFBommbEszUcorrMNevrfbHYvdeLxpHg4b-w

    NSO is accused of enabling ‘malicious’ surveillance of activists.

    Surveillance software developer NSO Group may have a very tough road ahead. The US Commerce Department has added NSO to its Entity List, effectively banning trade with the firm. The move bars American companies from doing business with NSO unless they receive explicit permission. That’s unlikely, too, when the rule doesn’t allow license exceptions for exports and the US will default to rejecting reviews.

    NSO and fellow Israeli company Candiru (also on the Entity List) face accusations of enabling hostile spying by authoritarian governments. They’ve allegedly supplied spyware like NSO’s Pegasus to “authoritarian governments” that used the tools to track activists, journalists and other critics in a bid to crush political dissent. This is part of the Biden-Harris administration’s push to make human rights “the center” of American foreign policy, the Commerce Department said.

    Reply
  23. Tomi Engdahl says:

    Quantum computing could eat bitcoin for lunch but regulation can save it
    https://www.cnbctv18.com/cryptocurrency/quantum-computing-could-eat-bitcoin-for-lunch-but-regulation-can-save-it-11736362.htm

    The rapid advances in quantum computing – the computing industry says mainstream quantum computers are less than a decade away – means regulation will be needed to protect cryptocurrencies such as bitcoin

    Backers of cryptocurrencies tout the digital tokens as the next evolution of currencies, pointing to the security features they offer.

    But experts say advances in quantum computing, which is poised to increase computing power by more than a thousandfold, could make light work of the security features of cryptocurrencies, upending the technology that many believe will disrupt finance.

    This technology, known as blockchain, works on a decentralised register – with millions of computers coming together to validate transactions.
    The process of validation, also called mining, uses immense power as computers rely on brute force to make complex calculations.
    But quantum computers, which use concepts from physics to process problems at a speed exponentially faster than conventional computers, could change the way cryptocurrencies work – for better or for worse.
    Here’s the worst-case scenario: a user with a quantum computer could easily break the encryption associated with cryptocurrency transactions allowing them to impersonate someone else on the network.

    “When the cryptography is broken, users could be losing their funds and the whole system will break,” Dawn Song, an entrepreneur and professor at the University of California, Berkeley, told the Collective

    In 2019, Google created Sycamore, a 54-qubit quantum computer. (A qubit is the unit of power on a quantum computer.) Sycamore took 200 seconds to solve a series of complex calculations that would have taken 10,000 years for the most powerful conventional supercomputer to crack.
    Recently, IBM unveiled the Eagle , a 127-qubit quantum computer.
    It is not that the cryptocurrency industry is not aware of the threat posed by quantum computing.

    For instance, makers of Ethereum, the world’s second-largest cryptocurrency, are working on developing what is called “post-quantum computing technology”.

    Post-quantum computing technology is an upgrade spearheaded by the US government’s National Institute of Standards and Technology (NIST). Experts say the upgrade is as massive as fixing the Y2K problem or upgrading the Internet from IPv4 to IPv6.
    Regulation for cryptocurrency is still being firmed up in many countries, including India.
    But as it is with technology, it will have to keep pace with evolving scenarios.
    For instance, as a CNET article points out, the very decentralised nature of cryptocurrencies could work against them when it comes to quantum computing.

    Major changes to any crypto blockchain require the permission of more than half of the users on the network

    Reply
  24. Tomi Engdahl says:

    How Big Does Your Quantum Computer Need To Be To Break Bitcoin Encryption or Simulate Molecules?
    https://scitechdaily.com/how-big-does-your-quantum-computer-need-to-be-to-break-bitcoin-encryption-or-simulate-molecules/

    “Different hardware platforms will vary greatly on key hardware specifications, such as the rate of operations and the quality of control on the qubits (quantum bits).”

    Quantum computers are exponentially more powerful at breaking many encryption techniques than classical computers. The world uses RSA encryption for most of its secure communication. RSA encryption and the one Bitcoin uses (elliptic curve digital signature algorithm) will one day be vulnerable to a quantum computing attack, but today, even the largest supercomputer could never pose a serious threat.

    The researchers estimated the size a quantum computer needs to be to break the encryption of the Bitcoin network within the small window of time it would actually pose a threat to do so — in between its announcement and integration into the blockchain. The greater the fee paid on the transaction, the shorter this window will be, but it likely ranges from minutes to hours.

    “State-of-the-art quantum computers today only have 50-100 qubits,” said Webber. “Our estimated requirement of 30 [million] to 300 million physical qubits suggests Bitcoin should be considered safe from a quantum attack for now, but devices of this size are generally considered achievable, and future advancements may bring the requirements down further.

    “The Bitcoin network could perform a ‘hard-fork’ onto a quantum-secure encryption technique, but this may result in network scaling issues due to an increased memory requirement.”

    “Four years ago, we estimated a trapped ion device would need a billion physical qubits to break RSA encryption, requiring a device with an area of 100-by-100 square meters,” said Webber. “Now, with improvements across the board, this could see a dramatic reduction to an area of just 2.5-by-2.5 square meters.”

    A large-scale error-corrected quantum computer should be able to solve important problems classical computers cannot.

    Reply
  25. Tomi Engdahl says:

    The race to save the Internet from quantum hackers
    The quantum computer revolution could break encryption — but more-secure algorithms can safeguard privacy.
    https://www.nature.com/articles/d41586-022-00339-5

    Reply
  26. Tomi Engdahl says:

    https://www.facebook.com/groups/majordomo/permalink/10162316866309522/

    The race to save the Internet from quantum hackers
    The quantum computer revolution could break encryption — but more-secure algorithms can safeguard privacy.
    Davide Castelvecchi

    In cybersecurity circles, they call it Q-day: the day when quantum computers will break the Internet.
    Almost everything we do online is made possible by the quiet, relentless hum of cryptographic algorithms. These are the systems that scramble data to protect our privacy, establish our identity and secure our payments. And they work well: even with the best supercomputers available today, breaking the codes that the online world currently runs on would be an almost hopeless task.
    But machines that will exploit the quirks of quantum physics threaten that entire deal. If they reach their full scale, quantum computers would crack current encryption algorithms exponentially faster than even the best non-quantum machines can. “A real quantum computer would be extremely dangerous,” says Eric Rescorla, chief technology officer of the Firefox browser team at Mozilla in San Francisco, California.

    The race to save the Internet from quantum hackers
    https://www.nature.com/articles/d41586-022-00339-5

    The quantum computer revolution could break encryption — but more-secure algorithms can safeguard privacy.

    In cybersecurity circles, they call it Q-day: the day when quantum computers will break the Internet.

    “A real quantum computer would be extremely dangerous,” says Eric Rescorla, chief technology officer of the Firefox browser team at Mozilla in San Francisco, California.

    As in a cheesy time-travel trope, the machines that don’t yet exist endanger not only our future communications, but also our current and past ones. Data thieves who eavesdrop on Internet traffic could already be accumulating encrypted data, which they could unlock once quantum computers become available, potentially viewing everything from our medical histories to our old banking records. “Let’s say that a quantum computer is deployed in 2024,” says Rescorla. “Everything you’ve done on the Internet before 2024 will be open for discussion.”

    Even the most bullish proponents of quantum computing say we’ll have to wait a while until the machines are powerful enough to crack encryption keys, and many doubt it will happen this decade — if at all.

    But the risk is real enough that the Internet is being readied for a makeover, to limit the damage if Q-day happens. That means switching to stronger cryptographic systems, or cryptosystems. Fortunately, decades of research in theoretical computer science has turned up plenty of candidates. These post-quantum algorithms seem impervious to attack: even using mathematical approaches that take quantum computing into account, programmers have not yet found ways to defeat them in a reasonable time.

    Which of these algorithms will become standard could depend in large part on a decision soon to be announced by the US National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland.

    Reply
  27. Tomi Engdahl says:

    Kova ennuste: asymmetrinen salaus murtuu 2035
    https://etn.fi/index.php?option=com_content&view=article&id=13206&via=n&datum=2022-02-21_14:11:39&mottagare=31202
    Infineon esitteli viime viikolla ensimmäisen kvanttikoneiden hyökkäyksiä kestävän TPM-moduulin. Siinä voidaan suojata sensitiivinen data tietokoneilla kaksinkertaisella allekirjoituksella. Motiivi on selvä: Infineon arvioi, että asymmetriseen salaukseen perustuva suojaaminen menettää merkityksensä 10-15 vuoden kuluessa.
    OPTIGA SLB 9672 -moduulia esitellyt tuotepäällikkö Guillaume Raimbault arvioi, että kvanttitietokoneiden kehitys johtaa nykyvauhdilla siihen, että 10-20 vuodessa niistä tulee arkipäivää. Tällöin esimerkiksi 128-bittinen RSA-3071-salaus ei enää suojaa salasanoja. Samoin käy käytännössä kaikkien asymmetristen suojausten kanssa.
    Ongelma on laaja. Tähän asti kaikilla TPM-piireillä on luotettu elliptiseen käyrään perustuviin salauksiin. Groverin algoritmit lisäksi puolittavat symmetristen salausten turvallisuuden. – AES-128-salauksen 128-bittisyydestä tulee käytännössä 64 bitin turva, Raimbault esitti.
    Ei salausten murtamiseen sopivia kvanttikoneita tietenkään tule joka konesalissa olemaan myös ensi vuosikymmenellä. Teoreettinenkin uhka on kuitenkin riittävä siihen, että tarvitsee kehittää parempia ratkaisuja.
    https://etn.fi/index.php/13-news/13180-ensimmaeinen-kvanttikonehyoekkaeykset-kestaevae-turvasiru

    Reply
  28. Tomi Engdahl says:

    Rainbow, an algorithm that was supposed to protect data from hacking by quantum computers, has been defeated using a standard laptop

    Encryption meant to protect against quantum hackers is easily cracked
    https://www.scientiststudy.com/2022/03/encryption-meant-to-protect-against.html?m=1

    ONE of three cryptography algorithms vying to become a global standard against the looming security threat posed by quantum computers has been cracked in a weekend using a standard laptop. The algorithm is now widely believed to be unfit for purpose.

    A range of algorithms for encryption – the process of bundling data up into impenetrable files for safe transmission – are currently verified and approved as secure by the US National Institute of Standards and Technology (NIST), and consequently they are used around the world. But these algorithms are set to be made obsolete in coming years by the arrival of quantum computers.

    A total of 69 algorithms believed to be resistant to the increased code-breaking ability of quantum computers were submitted to NIST’s Post-Quantum Cryptography competition. These have now been whittled down to four finalists for the task of encryption and three for signing signatures, which are used to verify identity, for example when making a financial transaction.

    Rainbow is one of the final three signature algorithms. A signature scheme is used to mark a message using a secret key known only to that person. It can then be verified as a legitimate message by a recipient using the sender’s public key, which is made available to everyone.

    Ward Beullens at IBM Research Zurich in Switzerland was able to take a Rainbow public key and discover the corresponding secret key in just 53 hours using a standard laptop. This weakness would allow an attacker to falsely “prove” they are someone else.

    Beullens says that this kind of attack, detailed in a study published by the International Association for Cryptologic Research, makes Rainbow “useless” as a method to verify messages.

    Reply
  29. Tomi Engdahl says:

    Sandbox AQ—the A stands for AI and the Q for quantum—has a game plan that involves generating short-term revenue by using machine learning and AI to develop software that protects data from cyberattacks involving quantum computers

    Eric Schmidt And Marc Benioff Are Backing A New Company That Aims To Protect Businesses Against Quantum Cyberattacks
    https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2FiIN1ENq&h=AT3WWez62TP7yyCxygFUAWC9-wF7cQYQTp7bMyk26ADEMt4u8kHrDnVdLjGUe-xr8U-D6A1HcfVGE1YQXbVRc2V4NSye5YL9pEIgW3_CvNtl8MMYr7N1CfRl862d5hfZOw

    Reply
  30. Tomi Engdahl says:

    Bittium ja Insta kehittävät kvanttiturvallista tekniikkaa
    https://etn.fi/index.php/13-news/13375-bittium-ja-insta-kehittaevaet-kvanttiturvallista-tekniikkaa

    Bittium ja Insta ovat mukana kansallisesti merkittävässä Business Finlandin Digital Trust -ohjelman rahoittamassa Post Quantum Cryptography (PQC) -hankkeessa, jossa kehitetään kvanttiturvallista salausteknologiaa ja tuodaan sitä osaksi tuotteita ja ratkaisuja. Bittium ja Insta yhdistävät hankkeessa osaamisensa kvanttiturvallisessa avaintenvaihdossa ja autentikaatiossa.

    Hankkeen yhteistyön tuloksena on toteutettu toiminnallisuus Post Quantum Cryptography -pohjaiselle avaintenvaihdolle sekä varmennepohjaiselle autentikaatiolle. Turvakriittisissä tietojärjestelmissä käytetyt salaustuotteet Bittium SafeMove ja Insta SafeLink vastaavat näin tuleviin kvanttiaikakauden tietoturvavaateisiin. Yhteistyössä on todennettu, että tuotteet pystyvät kommunikoimaan keskenään hyödyntäen CRYSTALS-perheen PQC-algoritmeja Kyber (Key Encapsulation Mechanism, KEM) ja Dilithium (Signature Mechanism), jotka ovat suunniteltu kestämään suurten kvanttitietokoneiden hyökkäyksiä.

    Reply
  31. Tomi Engdahl says:

    OpenSSH now defaults to protecting against quantum computer attacks https://www.zdnet.com/article/openssh-now-defaults-to-protecting-against-quantum-computer-attacks/
    “The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo,”
    the release notes said.

    Reply
  32. Tomi Engdahl says:

    OpenSSH-salaus kestää nyt kvanttikoneiden hyökkäyksiä
    https://etn.fi/index.php/13-news/13436-openssh-salaus-kestaeae-nyt-kvanttikoneiden-hyoekkaeyksiae

    Suomalaisen Tatu Ylösen SSH-protokollaan perustuva OpenSSH-protokolla on ehtinyt 9. versioonsa. Uudessa versiossa on otettu käyttöön NTRU-algoritmi. Sen pitäisi kestää tulevaisuuden kvanttikoneiden murtoyritykset, projektin sivuilla sanotaan.

    OpenSSH perustuu alkuperäiseen SSH-ohjelmistoon ja on SSH 2.0:n toteutus. 9.0-version uusiin ominaisuuksiin voi tutustua täällä.

    https://www.openssh.com/releasenotes.html#9.0

    Reply
  33. Tomi Engdahl says:

    Kvanttiuhka toteutuu – julkisista salausavaimista tulee hyödyttömiä kahden vuoden kuluttua
    https://etn.fi/index.php/13-news/13518-kvanttiuhka-toteutuu-julkisista-salausavaimista-tulee-hyoedyttoemiae-kahden-vuoden-kuluttua

    Iso osa nykyisistä julkiseen avaimeen perustuvista salausalgoritmeista menettää merkityksensä, kun käytössä on 1500 kubitin kvanttitietokone. SSH Communicationsin Jorma Mellinin mukaan tämä tapahtuu vuonna 2024. Sen jälkeen symmetrisellä salauksella ei tee mitään.

    Tätä kutsutaan kyberturvakielellä kvanttiuhaksi. Tällä hetkellä kvanttiuhka tarkoittaa, että kvanttikone murtaa kaikki 128-bittisen julkiseen avaimeen perustuvat salaukset kahden vuoden sisällä. – Olemme auttamatta myöhässä, Mellin varoitti eilen Teknologia22-messuilla.

    Mutta mitä tämä tarkoittaa käytännössä? Mitä kvanttiuhkan toteutuminen merkitsee meidän kannaltamme? – Mobiiliverkot, pilvipalvelut, IoT-verkot, käyttäjien todennus, digitaalinen allekirjoitus, henkilökortit, passit, VPN-yhteydet, verkkopankit, osakemarkkinat ja maksujärjestelmät. Nämä kaikki lakkaavat toimimasta, Mellin luettelee.

    Aika hurja visio. Ja tämä siis tapahtuu vain kahden vuoden kuluttua. IBM:llä on nyt 127 kubitin kvanttikone ja lokakuussa se julkistaa 433 kubitin koneen. Ensi vuonna roadmapissa lukee 1127 kubittia. Kvanttikoneiden kehitys näyttää nyt yllättävän kaikki.

    - Vuonna 2024 yksikään asymmetrinen salaus ei ole turvallinen kvanttiympäristössä. Tämä on toki vain normaalia kehitystä. Kaikki salausalgoritmit, jotka ihminen on keksinyt, on aina murrettu.

    NIST-virasto (National Institute of Standards and Technology) toki työstää uusia, kvanttikoneen kestäviä salausalgoritmeja. Mellinin mukaan valmista tulee 2023-2025 aikana. Mutta se ei riitä.

    - Uusien algoritmien siirtyminen järjestelmiin kestää väistämättä kymmenen vuotta. Olemme myöhässä.

    Suomessa asiaan yritetään vaikuttaa kansallisessa PQC-FI-projektissa

    Mellinin ennuste on aika synkkä, mikäli meillä ei ole käyttö kvanttikoneen kestäviä salauksia. – Ei meillä silloin ole enää mitään toivoa.

    Reply
  34. Tomi Engdahl says:

    Worried that quantum computers will supercharge hacking, White House calls for encryption shift
    National security memo envisions new cryptographic approach starting in 2024
    https://www.science.org/content/article/worried-quantum-computers-will-supercharge-hacking-white-house-calls-encryption-shift

    Reply
  35. Tomi Engdahl says:

    Quantum-safe cryptography on the horizon
    March 7, 2022
    Can quantum computers crack secure data transmission? Not yet, but encryption technology is already prepared for that day.
    https://www.laserfocusworld.com/software-accessories/article/14233201/quantumsafe-cryptography-on-the-horizon?utm_source=LFW+Fiber+Optics&utm_medium=email&utm_campaign=CPS220510004&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    When you transfer money with your smartphone, you assume to do a safe operation. The same holds for a hospital sending medical records to another institution, and for governmental agencies transferring secret or classified information. Even when using an instant messaging service on a smartphone, the expectation is that it cannot easily be intercepted.

    The technology that safeguards all these data transactions is encryption—the more precious the data, the stronger the encryption. Since the days of Alan Turing, computers have been used to decipher codes, and ever since encryption strength evolved with computing power. Now, quantum technology promises a new generation of computers with unprecedented capabilities, which threatens many encryption methods currently used. So, how do you protect valuable data in a post-quantum era?

    Where encryption is executed

    For a better understanding of quantum-safe cryptography, we will first introduce some basics of encryption. It starts with the question, where and how it is executed? Encryption can be applied on different points of the data transmission. Ideally, it would be done between the end points, which are usually within the application on the computer where data is generated—for example, between a web browser and the web server, or at the router connecting the computer with the local area network. Next could be a switch, where data from several routers is collected and sent through a network (e.g., fiber).

    Again, end-to-end encryption is the most secure since there is no chance to intercept the actual message or data along the line. But the further down the transmission line the data goes, the smaller the effort for encryption per bit becomes. Obviously, balancing effort and security is crucial. For the user of an instant messaging service, end-to-end encryption does not add much effort. The situation is quite different in a large datacenter where end-to-end encryption would lead to a high technical effort if every application on every server contained an encryption unit, generating lots of overhead and leading to a poor performance. Security would not benefit much compared to encryption on switch level for data that is sent out of that well-protected building.

    Since data transport is an essential process in the digital economy, it is well specified by various standards. For technical communication on different levels, the Open Systems Interconnection (OSI) model has been developed

    The final physical device that converts data signals into electrical or optical signals for transmission sits on layer 1. Data can be encrypted on every layer—on level 7, it might be very specific data formats such as text, audio, or video. Along its way, some un-encrypted information such as IP numbers would be attached to the encrypted information from level 7. Additional encryption on lower levels can be implemented to hide such information, too. This is often referred to as the multilayer Swiss cheese model. While one or the other layer of security may fail, they will never fail all at once.

    Nothing is attached to level 1 encryption—it is just bits and bytes, or data packages. It is also where bytes are converted to optical signals for fiber transmission. Any interception of the data transmission behind level 1 gives nothing but so-called ciphertext—completely encrypted data including all other layers, as well as their metadata.

    The story of private and public keys

    One of the most basic principles of encryption is in asymmetric and symmetric cryptography. The main principle of symmetric encryption, like the Advanced Encryption Standard (AES), is quite simple. The same key is used to encrypt data on one end and decrypt on the other end. This method is common for encrypting data streams in more or less no time and scales perfectly. However, asymmetric cryptography is needed to establish a common key on both sides of the link automatically using an unencrypted link.

    It relies on mathematical problems, which must be simple to encrypt data, and it should be difficult to decrypt (one-way function). Think of a house door—it is easy to open with a key, but hard to get in without it.

    In an asymmetric-key procedure, the key for encryption differs from the key for decryption.

    Now, imagine a similar trick in the digital world using a two-part key or a “public-private key pair.” If Alice wants to receive an encrypted message from Bob, she sends her public key to Bob who can use it to encrypt a message to Alice. Alice can then decrypt it using her private key.

    The public key can be made available to everyone, sent via public, unencrypted networks—and everybody who wants to send a message to Alice can use this key. The private key is mandatory for decryption but never shared, ensuring that Alice is the only person who can decrypt the message.

    The best of both worlds

    Encryption procedures for terabytes of data have to be as fast as possible; therefore, common encryption technology combines the secure key establishment via asymmetric methods with subsequent symmetric encryption. A typical method for symmetric encryption is given by the AES with key and block lengths, nowadays using 256 bits. AES has been approved by U.S. authorities for top-secret information. At present, there is no known practical attack allowing someone without knowledge of the key to read data encrypted by AES, when correctly implemented.

    A typical standard for asymmetric encryption is RSA—named after its inventors Rivest, Shamir, and Adleman. The algorithm was developed in the early 1970s and relies on the mathematical problem of large prime number factorization. While it is easy to calculate the product of two large primes, it is difficult to derive the factors from the product. Currently, the typical size for an RSA key is between 2.048 and 4.096 bits.

    The strength of encryption is a typical parameter where we can compare the different methods. According to the National Institute of Standards and Technology (NIST), the strength of 2048-bit RSA is ~112 bits, where AES-256 offers 256 bits of security. Increasing RSA key sizes does not help a lot, as 3072-bit RSA only offers 128 bits of security. As such, the weakest part is always the asymmetric encryption.

    What a big-scale quantum computer changes

    So far, encryption safety relies on the assumption that it takes too much time to find a key through brute force decrypting attempts. With a big enough quantum computer running dedicated algorithms, the security strength of crypto algorithms can weaken. Lov Grover and Peter Shore published algorithms that could be used for decreasing security strength in various crypto systems once a big quantum computer is available. Symmetric encryption is only partially affected. Asymmetric encryption as used today, like RSA or Diffie-Hellman, would be broken (see Fig. 2).

    Since affordable data storage capacities are easily available these days, potent agencies can apply a policy of “Harvest now and decrypt later,” essentially storing large amounts of encrypted data now and hoping for decryption in the future. Quantum computers are expected to become game-changers with their superior power to solve particular mathematical problems. A way to break 2048-RSA encryption using a quantum computer in 8 hours has been discussed in a scientific paper in 2019. The authors assume a 20 million qubit quantum computer to do this.

    Cryptography vs. quantum computer development

    For quantum save cryptography, two ways are possible: 1) the use of a physics-based, quantum key distribution (QKD) and 2) the use of stronger asymmetric encryption.

    Describing the first approach, the use of quantum methods, a number of suppliers have developed QKD devices. The main principle is using very weak light pulses, ideally only a photon for transmitting information. There are well known algorithms like BB84, which can be used to establish common secrets on both sides of the link. Tapping or altering those signals will destroy the information. In addition, the system can detect possible attacks based on statistics, but those systems are complex to operate, costly, and usually restricted to the unamplified optical transmission, which limits the transmission distance to some tens of kilometers. QKD systems also require a separate, physical fiber for maximum performance.

    For stronger asymmetric encryption, “Post-Quantum Cryptography” (PQC) algorithms like the McEliece algorithm are suggested. It uses a key matrix that is about 1000X larger than a regular RSA key. So far, McEliece counts as secure against quantum attacks.

    The quantum thread for cryptography has led to severe efforts to prepare standards for PQC. In the U.S., standards for encryption have been provided by NIST.

    In October 2021, NIST added a schedule to the DHS roadmap. Accordingly, they will publish valid post-quantum cryptography standards in 2024 at the latest. Until then, they plan to review existing cryptographic technologies and the data to secure. They expect the actual quantum computer capable of cracking existing keys to be developed by 2030.

    The researchers of IBM’s quantum computing branch published their QC roadmap in September 2020. They claim to build a first quantum computer with more than 1000 qubits as early as 2023. In November 2021, they shattered the 100 qubit mark with their “eagle” 127 qubit system. They confirmed the goal of 1000 qubits for the end of 2023, and they are on track with their plans to ‘frictionless’ quantum computing in 2025. Assuming a tenfold increase in qubit numbers every two years, it would take eight more years from 2025 to get to code cracking QC.

    Post-quantum cryptography (PQC)

    Building modern and secure data transmission encryption systems is one thing, but there is more to be taken into account. The following principles summarize what it takes to help governments and industry build trustworthy and easy-to-operate networks:

    Trust. Technology, as well as the manufacturer must be reliable. Evaluation by third parties for hardware or software ensures proof of design and implementation.

    Automation. Provisioning of encrypted data transmission services should be intuitive and as easy to deploy as non-encrypted service.

    Balance. There must be a balance between security and operational aspects (costs).

    Agility. Hardware and software must be upgradeable to counter future threads.

    European telecommunications vendor ADVA has developed encryption technology for about 15 years. It started with encryption transponders for banks and governmental institutions early in the 2010s, then the cloud providers adopted ADVA products. Encryption was applied to ever faster systems (2017: 200G; 2021: 400G) and the systems were certified according to standards of the German Federal Office for Information Security (BSI) and according to FIPS 140-2.

    In December 2021, ADVA received approval for classified data transport from the German BSI for the first optical transport module with Post-Quantum Cryptography (PQC; see Fig. 3).

    Road ahead

    According to IBM’s roadmap for the development of quantum computers, operational quantum computers with more than 1000 qubits should arrive by 2025. In the early 2030s, they could be able to break conventional asymmetric encryption. This puts severe pressure on the development of post-quantum encryption technology for professional application and large data volumes. ADVA has developed a first unit for both, quantum encryption and advanced asymmetric encryption. Given the agility of the encryption design, this can be upgraded when needed. Now it remains to be seen, how fast quantum computers catch up in the race between encryption strength and computation power.

    Reply
  36. Tomi Engdahl says:

    Google calls for urgent switch to quantum-safe encryption as US delays
    A US body in charge of choosing new encryption algorithms that can withstand quantum computers has delayed announcing them due to undisclosed legal reasons, while a team at Google is calling for an immediate switch

    Read more: https://www.newscientist.com/article/2319212-google-calls-for-urgent-switch-to-quantum-safe-encryption-as-us-delays/#ixzz7TH8lKRe9

    Reply
  37. Tomi Engdahl says:

    Undisclosed “legal issues” are preventing the US from announcing which cryptographic algorithms should be used as standard to protect data from future quantum computers. Meanwhile, security experts at Google warn that data being sent today is already at risk and that firms need to prepare themselves to adopt the new algorithms as soon they are announced.

    Read more: https://www.newscientist.com/article/2319212-google-calls-for-urgent-switch-to-quantum-safe-encryption-as-us-delays/#ixzz7TQyl8hLt

    Reply
  38. Tomi Engdahl says:

    QuSecure Lauches Quantum-Resilient Encryption Platform
    https://www.securityweek.com/qusecure-lauches-quantum-resilient-encryption-platform

    New firm launches to provide the Easy Button for implementing quantum secure encryption

    The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the growing belief they could become available in five- or ten-years’ time.

    Communications are being stolen by adversaries today, containing secrets with a shelf-life of decades, under the ‘harvest now, decrypt later’ principle. These communications need to be protected against future quantum decryption now.

    On April 18, 2022, Khanna, Connolly and Mace introduced the bipartisan Quantum Computing Cybersecurity Preparedness Act. The introduction states, “To protect our country’s data, critical government systems must be secured with algorithms and encryption so difficult to crack that even a future quantum computer won’t be able to break the code. This can be done through post-quantum cryptography.”

    On May 4, 2022, the White House issued a memorandum with the dual purpose of promoting quantum research and development, and implementing quantum-proof encryption. Talking about ‘a cryptanalytically relevant quantum computer (CRQC)’, it warns, “When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

    Reply
  39. Tomi Engdahl says:

    NSA Cyber Chief Vows ‘No Backdoors’ in Quantum Encryption Standards
    New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
    https://www.darkreading.com/vulnerabilities-threats/nsa-cyber-chief-vows-no-backdoors-quantum-encryption-standards

    Reply
  40. Tomi Engdahl says:

    QuSecure Scores Post-Quantum Cybersecurity Contract Worth More Than $100M Annually
    https://www.securityweek.com/qusecure-scores-post-quantum-cybersecurity-contract-worth-more-100m-annually

    Post-Quantum company awarded SBIR III contract to combat ‘harvest now, decrypt later’ threat from quantum computing

    QuSecure, a provider of post-quantum, or quantum-proof, cryptography, has been awarded a small business innovation research (SBIR) Phase III contract by the federal government. If funding is like last year’s phase III awards, QuSecure will gain access to more than $100 million to speed development and help commercialize its product for federal government and private industry use.

    QuSecure is the only post-quantum product to achieve this status, so it effectively becomes the government’s preferred supplier to counter the ‘harvest now, decrypt later’ threat of future adversarial quantum computing.

    NIST is currently engaged in a competition to choose a preferred or possibly multiple preferred quantum-proof encryption algorithms. All encrypted communications that have been stolen by bad actors – criminal gangs and adversarial nations – will become available to the adversaries as soon as a quantum computer powerful enough to run Shor’s algorithm is developed.

    “We need to do something now,” Pete Ford, QuSecure’s SVP of government operations, told SecurityWeek. The encrypted data adversaries already have is lost, but there is a need to prevent the collection and decryption of future communications. “This is a matter of not just national importance, but whole of government importance. And if we don’t do something now, we’re just going to be bouncing around like a pinball going from problem to problem. We need greater threat protection and less vulnerability than we currently have.”

    Reply
  41. Tomi Engdahl says:

    Derek B. Johnson / SC Media:
    NIST selects four encryption algorithms designed to withstand future quantum computing hacking threats to be part of its post-quantum cryptographic standard — For years, the National Institute for Standards and Technology have been working on a project to identify and vet a handful

    NIST unveils four algorithms that will underpin new ‘quantum-proof’ cryptography standards
    https://www.scmagazine.com/analysis/emerging-technology/nist-unveils-four-algorithms-that-will-underpin-new-quantum-proof-cryptography-standards

    For years, the National Institute for Standards and Technology have been working on a project to identify and vet a handful of new encryption algorithms that can help protect federal computers and systems from hacking threats powered by quantum computing.

    On Tuesday, the agency announced four new algorithms that will underpin its future cryptography standards by 2024. They include one algorithm for general encryption purposes (CRYSTALS-Kyber) and another three for digital signatures and identity verification (CRYSTALS-Dilithium, Falcon and Sphincs+).

    NIST mathematician and project lead Dustin Moody told SC Media that at this stage, all the finalists had met baseline standards and the choice came down to small but measurable differences in things like speed and ease of use.

    NIST and others have consistently promoted the concept of “crypto-agility,” or building encryption protocols that can switch out different algorithms with as little impact to performance and reliability as possible. While many experts believe the algorithms that have made it to this stage have proven they can defend against hacks from a cryptographically-relevant quantum computer, the fact that such a thing does not currently exist means there are some assumptions built in.

    “It is currently not clear if they can be broken, but it is clear that after looking very carefully we did not find a trivial way,”

    While mathematicians and cryptographers have done all the due diligence they can, quantum computers are meant to solve problems innumerably more complex than humans are capable of, and thus it wise not to base the safety of the world’s data on any one approach that could represent a single point of failure.

    It’s not just federal agencies that will likely end up using these standards. Multiple companies and experts in post-quantum cryptography have told SC Media that NIST standards will likely end up being adopted by large swaths of the private sector as well as international standards bodies.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*