https://access.redhat.com/blogs/766093/posts/3031361?sc_cid=7016000000127ECAAY
The SSL/TLS protocol uses RSA, Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) primitives for the key exchange algorithm.
RSA is based on the fact that when given a product of two large prime numbers, factorizing the product (which is the public key) is computationally intensive, but a quantum computer could efficiently solve this problem using Shor’s algorithm. Similarly, DH and ECDH key exchanges could all be broken very easily using sufficiently large quantum computers.
For symmetric ciphers, the story is slightly different. It has been proven that applying Grover’s algorithm the strength of symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover’s algorithm that AES-128 has against classical brute-force search. Hashes are also affected in the same way symmetric algorithms are.
Therefore, we need new algorithms which are more resistant to quantum computations. This article introduces you to 5 proposals, which are under study.
172 Comments
Tomi Engdahl says:
Suomalainen salaus pääsee suosituille FPGA-piireille
https://etn.fi/index.php/13-news/14938-suomalainen-salaus-paeaesee-suosituille-fpga-piireille
Otaniemessä päämajaansa pitävä Xiphera kehittää salauslohkoja, joilla voidaan toteuttaa jopa kvanttiturvallinen salaus niin ASIC- kuin FPGA-piireille. Nyt yhtiö kertoo liittyneensä Microchipin kumppaniverkostoon.
Tämä tarkoittaa, että Xipheran IP-lohkot ovat päässeet Microchipin IP-kirjastoon. Microchipin asiakkaat voivat nyt integroida Xipheran IP-lohkoja osaksi ratkaisujaan esimerkiksi suosituilla PolarFire-sarjan piireillä.
Xipheran kryptografisten IP-ytimien ja Microchipin FPGA-piirien yhdistelmä on erityisesti suunnattu kriittisten sovellusten turvallisuuteen, mukaan lukien teollisuuden IoT-ratkaisut, puolustusteollisuus ja avaruustekniikka.
Tomi Engdahl says:
IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
https://www.securityweek.com/ibm-delivers-roadmap-for-transition-to-quantum-safe-cryptography/
IBM’s Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography.
IBM has introduced a quantum-safe roadmap to help the complex organizational transition to post-quantum cryptography at this year’s annual Think conference.
There are deadlines by which federal agencies must complete the transition to quantum-safe cryptography. Business is expected to follow the same path, but it is a long and difficult route. IBM has developed a three-stage solution it calls the IBM Quantum Safe Roadmap.
“This roadmap serves as a commitment to transparency, predictability, and confidence as we guide industries along their journey to post-quantum cryptography. There’s a lot happening at once — new algorithms, standards, best practices, and guidance from federal agencies. We hope that this roadmap will serve as a navigational tool through this complex landscape,” it announced.
The background is the assumption that much of our current cryptography will be easily cracked with the arrival of cryptographically relevant quantum computers, which are expected earlier than general-purpose quantum computers. Even though this may be several or even many years in the future, encrypted confidential data stolen by nation-state or criminal gangs now will become readable at that time. Quantum safety is a pressing concern.
How IBM Quantum is bringing organizations along their quantum-safe technology journey
https://research.ibm.com/blog/quantum-safe-roadmap
By decade’s end, practical quantum computing solutions could impact computing strategies across industries. But it will also profoundly alter how we secure our digital data fabric through cryptography. Organizations are already examining how to upgrade their cybersecurity to prepare for this new computational era.
At this year’s Think event, the premier IBM conference for business and technology leaders, we announced our quantum-safe roadmap, and how we plan to use technology to equip industries with the cybersecurity capabilities required for this new era. Supporting that roadmap is IBM Quantum Safe technology: a comprehensive set of tools, capabilities, and approaches combined with deep expertise for an end-to-end journey to make your organization quantum safe. We’re excited to present our IBM Quantum Safe Roadmap — and launch the era of quantum safe.
Starting your quantum-safe journey
Last July, the National Institute of Standards and Technology (NIST) announced that they had selected four quantum-resistant algorithms for standardization — IBM, in collaboration with a number of industry and academic partners, contributed CRYSTALS-Kyber public-key encryption, CRYSTALS-Dilithium digital signature algorithms, and the Falcon digital signature algorithm to NIST. Read more.three of which were developed by IBM, alongside academic and industry collaborators. That announcement was the world’s wake-up call to start the quantum-safe transition. At IBM, we had already started making our technology quantum safe, including the IBM z16 mainframe, and IBM Tape storage technology. But we realized that our clients have unique needs when it comes to embarking on their own quantum-safe transitions.
This need for agility is why we launched IBM Quantum Safe. We see the journey to quantum safe as comprising three key actions:
Discover: Identify cryptography usage, analyze dependencies and generate a Cryptography Bill of Materials (CBOM).
Observe: Analyze cryptography posture of compliance and vulnerabilities and prioritize remediation based on risks.
Transform: Remediate and mitigate with crypto-agility and built-in automation.
Around those three actions, we developed an end-to-end solution to prepare clients for the post-quantum era: IBM Quantum Safe technology. Included are three technology capabilities, one corresponding with each of the three actions of this quantum-safe transition.
For the Observe stage, we developed IBM Quantum Safe Advisor. Advisor integrates with network and security scanners in your IT environment, consolidating and managing CBOMs and collecting metadata from other network components to generate a comprehensive cryptographic inventory. With its policy-based enrichment, Advisor creates a prioritized list of at-risk assets and data flows, equipping you to analyze your cryptographic posture and compliance.
And for the Transform stage, we developed IBM Quantum Safe Remediator, which allows you to test quantum-safe remediation patterns so that you understand the potential impact on systems and assets. Remediator enables you to address any pattern that suits your organization to be quantum safe. It allows you to work with different quantum-safe algorithms, certificates and key management services.
The IBM Quantum Safe Roadmap
The transition to post-quantum cryptography has already begun. Last year, the White House sent out a memorandum1 to the heads of executive departments and agencies declaring that all agencies were required to submit a cryptographic inventory of systems that would be vulnerable to a cryptographically relevant quantum computer. Today, we’re tracking quantum-safe milestones into the future, and maturing our product to help organizations, including US federal agencies, hit these milestones. We’re calling this our IBM Quantum Safe Roadmap.
We’re releasing Explorer and Advisor and the first generation of Remediator with these milestones in mind. This year, we expect organizations that work with us to use these tools to complete their cryptography inventory and create a CBOM. We’re already working with government agencies to help them complete these inventories on high-priority applications.
Tomi Engdahl says:
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
https://thehackernews.com/2023/08/enhancing-tls-security-google-adds.html
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.
“Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115,” Devon O’Brien said in a post published Thursday.
Kyber was chosen by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing. Kyber-768 is roughly the security equivalent of AES-192.
Tomi Engdahl says:
What are quantum-resistant algorithms—and why do we need them?
When quantum computers become powerful enough, they could theoretically crack the encryption algorithms that keep us safe. The race is on to find new ones.
https://www.technologyreview.com/2022/09/14/1059400/explainer-quantum-resistant-algorithms/
Tomi Engdahl says:
Google Releases Security Key Implementation Resilient to Quantum Attacks
https://www.securityweek.com/google-releases-security-key-implementation-resilient-to-quantum-attacks/
Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project.
Google on Tuesday released what it described as the first FIDO2 security key implementation that should be resistant to quantum attacks.
There has been significant progress in quantum computing in the past years and tech giants are increasingly focusing on quantum security. The main concern is related to encryption — current cryptography will not be able to protect information against quantum attacks, which is why quantum-resilient cryptography is needed.
In partnership with the Swiss university ETH Zurich, Google has developed a quantum-resilient security key implementation that leverages a hybrid signature scheme involving traditional elliptic-curve cryptography (specifically ECDSA) and CRYSTALS-Dilithium, a quantum scheme that NIST recently standardized, saying it offers “strong security and excellent performance”.
Tomi Engdahl says:
Salausalgoritmit täytyy vaihtaa – ”jonkinlainen päivämäärä pitää olla”
Mikko Pulliainen18.8.202310:30|päivitetty18.8.202313:52SALAUS
Kun kvanttitietokoneen teho kasvaa tarpeeksi suureksi, se kykenee peittoamaan nykyiset salausmenetelmät.
https://www.tivi.fi/uutiset/salausalgoritmit-taytyy-vaihtaa-jonkinlainen-paivamaara-pitaa-olla/58dfd1a7-d8e3-4ca1-b46b-6c2edfb77462
Tomi Engdahl says:
Google announces new algorithm that makes FIDO encryption safe from quantum computers https://arstechnica.com/security/2023/08/passkeys-are-great-but-not-safe-from-quantum-computers-dilithium-could-change-that/
New approach combines ECDSA with post-quantum algorithm called Dilithium.
Bleeping Computer:
https://www.bleepingcomputer.com/news/security/google-released-first-quantum-resilient-fido2-key-implementation/
Tomi Engdahl says:
Kvanttitietokoneen teho kasvaa ja uhkaa tietoturvaa – Pian sillä voi murtautua valtioiden kriittiseen infrastruktuuriin
Kun kvanttitietokoneen teho kasvaa tarpeeksi suureksi, se kykenee peittoamaan nykyiset salausmenetelmät. Tämä on vain ajan kysymys.
https://www.tekniikkatalous.fi/uutiset/kvanttitietokoneen-teho-kasvaa-ja-uhkaa-tietoturvaa-pian-silla-voi-murtautua-valtioiden-kriittiseen-infrastruktuuriin/57922bda-f9d2-4c88-8ccd-d9af6e9b187d
Tomi Engdahl says:
US Government Publishes Guidance on Migrating to Post-Quantum Cryptography
CISA, NSA, and NIST urge organizations to create quantum-readiness roadmaps and prepare for post-quantum cryptography migration.
https://www.securityweek.com/us-government-publishes-guidance-on-migrating-to-post-quantum-cryptography/
Tomi Engdahl says:
Data Protection
How Quantum Computing Will Impact Cybersecurity
https://www.securityweek.com/how-quantum-computing-will-impact-cybersecurity/
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.
Quantum computers live in research universities, government offices, and leading scientific companies and, except in rare circumstances, find themselves out of reach of bad actors. That may not always be the case, though.
As research on quantum computers continues to move the technology forward, there is a growing concern that these computers might soon break modern cryptography. That would make all current data encryption methods obsolete and require new cryptography methods to protect against these powerful machines.
While the concept of quantum computers is not new, the discourse around them has increased in recent months thanks to continued federal action.
The Power of Quantum Computing
Even the fastest computers today struggle to break security keys thanks to complexity. It would take years for a system to break down the standard keys, even in the best-case scenarios. This is what makes encryption such a valuable security defense.
Quantum computing looks to dramatically change this time from years to a few hours. While it can quickly get complicated, experts believe many public-key encryption methods popular today, such as RSA, Diffie-Hellman, and elliptic curve could one day be relatively simple for quantum computers to solve.
The good news in this scenario is that commercial quantum computing remains in the distance. A study from the National Academies believes future code-breaking quantum computers would need 100,000 times more processing power and an error rate of 100 times better. These improvements could be more than a decade away, but they are something security leaders need to consider now.
It will be too late if we wait until those powerful quantum computers start breaking our encryption.
Leveraging Defense In-Depth
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works. Best practices include things like segmenting networks, leveraging 5G private networks, and leveraging Zero Trust architectures.
Organizations must also secure data at rest. Many databases feature encryption that could become moot in the future. Organizations may need to store certain data offline or have a practice of re-encrypting old files once newer encryption technologies become available.
Right now, everything from browser cache, to password managers, to local Outlook email files is encrypted. If that encryption becomes breakable, organizations may need to reduce the distribution overall to limit risk, at least until better quantum encryption is created.
Tomi Engdahl says:
Data Protection
How Quantum Computing Will Impact Cybersecurity
https://www.securityweek.com/how-quantum-computing-will-impact-cybersecurity/
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.
Tomi Engdahl says:
Kvanttikoneiden hyökkäykset kestävä salaus tulee ensi vuonna
https://etn.fi/index.php/13-news/15271-kvanttikoneiden-hyoekkaeykset-kestaevae-salaus-tulee-ensi-vuonna
Kvanttiuhkasta on puhuttu jo pitkään. Kun kvanttikoneet ovat kaupallisesti tarjolla, kaikki nykyiset salaustekniikat joutuvat romukoppaan, maalailee moni. Standardointijärjestö NIST yrittää hillitä paniikkia. Kvanttikoneiden hyökkäykset kestävät salausstandardit valmistuvat jo ensi vuonna.
Kvanttiuhka tarkoittaa sitä, että kvanttikoneilla pystyy helposti murtamaan nykyiset julkiseen avaimeen perustuvat asymmetriset salaukset. Pahimmillaan tämä tarkoittaa koko internetin tietoturvan kaatumista. Sähköpostit, tekstiviestit, pankkisalaisuus, kaikki olisi mennyttä. Onneksi kvanttitietokoneet eivät tule olemaan laajasti saatavilla vielä vuosiin, todennäköisesti vuosikymmeniin.
Tomi Engdahl says:
How Quantum Computing Will Impact Cybersecurity
https://www.securityweek.com/how-quantum-computing-will-impact-cybersecurity/
While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.
Quantum computers live in research universities, government offices, and leading scientific companies and, except in rare circumstances, find themselves out of reach of bad actors. That may not always be the case, though.
As research on quantum computers continues to move the technology forward, there is a growing concern that these computers might soon break modern cryptography. That would make all current data encryption methods obsolete and require new cryptography methods to protect against these powerful machines.
While the concept of quantum computers is not new, the discourse around them has increased in recent months thanks to continued federal action.
Tomi Engdahl says:
Quantum Resistance and the Signal Protocol https://signal.org/blog/pqxdh/
Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.
Tomi Engdahl says:
Suomalainen tekniikka suojaa kvanttihyökkäyksiltä
https://etn.fi/index.php/13-news/15347-suomalainen-tekniikka-suojaa-kvanttihyoekkaeyksiltae
Loppusyksystä espoolainen Xiphera julkisti ensimmäisen kvanttiturvallisen tuotteensa, joka voidaan IP-lohkona integroida FPGA- ja ASIC-piireille. Nyt yhtiö kertoo ensimmäisestä asiakkaastaan xQlve-tuotteelle: QuickLogic aikoo tuoda sen eFPGA-piireilleen.
Xipheran xQlave-tuoteperhe koostuu kvanttiturvallisten algoritmien turvallisista ja tehokkaista toteutuksista. Tuoteperheen ensimmäiset tuotteet tukevat CRYSTALS-Kyber- avaintenvaihtoalgoritmia, joka on yksi standardointijärjestö NIST:n (National Institute of Standards and Technology) viime vuonna käydyn PQC-kilpailun voittajista.
XQlave-tuoteperhe vastaa useisiin asiakkaan tarpeisiin IP-lohkoillaan
Xipheran xQlave™ PQC -ratkaisujen yhdistäminen perinteisiin salausalgoritmeihin (ECC tai RSA) hybridimalliksi mahdollistaa tulevaisuuden kestävän suojatun järjestelmän uusilla ja jo olemassa olevilla eFPGA-alustoilla.
Tomi Engdahl says:
The Signal Protocol used by 1+ billion people is getting a post-quantum makeover
Update prepares for the inevitable fall of today’s cryptographic protocols.
https://arstechnica.com/security/2023/09/signal-preps-its-encryption-engine-for-the-quantum-doomsday-inevitability/
The Signal Protocol is a key ingredient in the Signal, Google RCS, and WhatsApp messengers, which collectively have more than 1 billion users. It’s the engine that provides end-to-end encryption, meaning messages encrypted with the apps can be decrypted only by the recipients and no one else, including the platforms enabling the service. Until now, the Signal Protocol encrypted messages and voice calls with X3DH, a specification based on a form of cryptography known as Elliptic Curve Diffie-Hellman.
Currently, the largest quantum computer known to be in existence today runs with just 433 qubits. Estimates vary widely as to how long it will be until there’s a large and robust enough quantum computer to break ECC and other vulnerable algorithms. Some expert forecasts predict as few as five years, while others say it could be 30 or more years out.
Enter PQC
There is little disagreement, however, that there will come a day when many of the most widely used forms of encryption will die at the hands of quantum computing. To head off that doomsday eventuality, engineers and mathematicians have been developing a new class of PQC, short for post-quantum cryptography.
The PQC added to the Signal Protocol on Monday is called PQXDH. It uses the same X3DH specification the Signal Protocol has always employed. On top, it adds an additional layer of encryption using Crystals-Kyber, one of four PQC algorithms the National Institute of Standards and Technology selected last year as a potential replacement to ECC and other quantum-vulnerable forms of encryption.
Tomi Engdahl says:
To Schnorr and beyond (Part 1)
https://blog.cryptographyengineering.com/2023/10/06/to-schnorr-and-beyond-part-1/
In this post I’m going to talk about signature schemes, and specifically the Schnorr signature, as well as some related schemes like ECDSA. These signature schemes have a handful of unique properties that make them quite special among cryptographic constructions. Moreover, understanding the motivation of Schnorr signatures can help understand a number of more recent proposals, including post-quantum schemes like Dilithium — which we’ll discuss in the second part of this series.
Tomi Engdahl says:
Researcher Claims to Crack RSA-2048 With Quantum Computer
As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof
https://www.bankinfosecurity.com/blogs/researcher-claims-to-crack-rsa-2048-quantum-computer-p-3536
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/11/24/kvanttitason-salaus-tulee-aikataulu-viela-avoimena/
Tomi Engdahl says:
Post-quantum cryptography counters computing like Schrödinger’s Cat
https://interestingengineering.com/innovation/post-quantum-cryptography-schrodingers-cat
Businesses and government agencies must scan code for RSA & old protocols, replacing them with post-quantum cryptography to thwart quantum threats to encryption.
Tomi says:
Kvanttiuhka tulee väistämättä toteutumaan
https://etn.fi/index.php/13-news/15788-kvanttiuhka-tulee-vaeistaemaettae-toteutumaan
Tomi Engdahl says:
https://www.dna.fi/yrityksille/blogi/-/blogs/yritysmaailma-virittaytyy-kvanttiaikaan-salausalgoritmit-uusiksi-jo-nyt?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-artikkeli-yritysmaailma-virittaytyy-kvanttiaikaan-salausalgoritmit-uusiksi-jo-nyt&utm_campaign=H_ILTE_MES_24-1-5_artikkelikampanja&fbclid=IwAR23IkZU4tuLML8b7mrNMuBAJ2PbcDGXtKkrV1HgzzjIMRl1DBhV6qJcOuY_aem_AfsMm2TgOcFWUXAXwvZKT-wta9dkkk_746z25zNEtce79bNaDDhEUnaxYzfAB_ib5wbRFDrRFbAhsL8os-GxRUxJ