Post Quantum Cryptography

https://access.redhat.com/blogs/766093/posts/3031361?sc_cid=7016000000127ECAAY

The SSL/TLS protocol uses RSA, Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) primitives for the key exchange algorithm.

RSA is based on the fact that when given a product of two large prime numbers, factorizing the product (which is the public key) is computationally intensive, but a quantum computer could efficiently solve this problem using Shor’s algorithm. Similarly, DH and ECDH key exchanges could all be broken very easily using sufficiently large quantum computers.

For symmetric ciphers, the story is slightly different. It has been proven that applying Grover’s algorithm the strength of symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover’s algorithm that AES-128 has against classical brute-force search. Hashes are also affected in the same way symmetric algorithms are.

Therefore, we need new algorithms which are more resistant to quantum computations. This article introduces you to 5 proposals, which are under study.

172 Comments

  1. Tomi Engdahl says:

    World’s Leading Physicist Says Quantum Computers Are “Tools of Destruction, Not Creation”
    by Patrick Caughill on August 9, 2017
    https://futurism.com/worlds-leading-physicist-says-quantum-computers-are-tools-of-destruction-not-creation/

    Weapon of Mass Disruption

    Quantum Computers are heralded as the next step in the evolution of data processing. The future of this technology promises us a tool that can outperform any conventional system, handling more data and at faster speeds than even the most powerful of today’s supercomputers.

    However, at the present juncture, much of the science dedicated to this field is still focused on the technology’s ultimate utilization. We know that quantum computers could manage data at a rate that is remarkable, but exactly what kind of data processing will they be good for?

    This uncertainty raises some interesting questions about the potential impact of such a theoretically powerful tool.

    “No encryption existing today would be able to hide from the processing power of a functioning quantum computer.”

    Last month, some of the leading names in quantum technologies gathered at the semi-annual International Conference on Quantum Technologies in Moscow. Futurism was in attendance and was able to sit and talk with some of these scientists about how their work is moving us closer to practical quantum computers, and what impact such developments will have on society.

    What is it about quantum computers that would incite such a claim? In the end, it comes down to one thing, which happens to be one of the most talked about potential applications for the technology: Breaking modern cryptography.
    With Great Power…

    Today, all sensitive digital information sent over the internet is encrypted in order to protect the privacy of the parties involved. Already, we have seen instances where hackers were able to seize this information by breaking the encryption. According to Lvovsky, the advent of the quantum computer will only make that process easier and faster.

    In fact, he asserts that no encryption existing today would be able to hide from the processing power of a functioning quantum computer. Medical records, financial information, even the secrets of governments and military organizations would be free for the taking—meaning that the entire world order could be threatened by this technology.

    The consensus between other experts is, essentially, that Lvovsky isn’t wrong. “In a sense, he’s right,” Wenjamin Rosenfeld, a physics professor at the Ludwig Maximilian University of Munich, stated in an interview. He continued, “taking a quantum computer as a computer, there’s basically not much you can do with this at the moment;” however, he went on to explain that this may soon be changing.

    To break this down, there are only two quantum algorithms at the moment, one to allow a quantum computer to search a database, and the other, Shor’s algorithm, which can be used by a quantum computer to break encryption.

    Quantum computers may not be capable of the physical destruction of a nuclear bomb, but their potential application is the digital equivalent.

    Reply
  2. Tomi Engdahl says:

    Joshua Holden / Nautilus:
    How quantum computers will speed up the breaking of public-key cryptography and how “post-quantum cryptography” researchers are trying counter that threat

    How Classical Cryptography Will Survive Quantum Computers
    http://nautil.us/blog/-how-classical-cryptography-will-survive-quantum-computers

    Some are looking at ways to “fight quantum with quantum”—but there is another (and cheaper) option.

    The methods of post-quantum cryptography have not been used in the past because they are less efficient than current public-key methods, but they are getting better. In August 2015, the N.S.A. announced that it was planning to introduce a list of approved cryptography methods that would resist quantum computers. In April 2016, the National Institute of Standards and Technology followed suit, starting a public vetting process lasting 4 to 6 years.

    That’s not an unreasonable amount of time to need in order to be sure that a cryptographic method is really secure.

    Four to six years is also not an unreasonable amount of time to wait for a new cryptographic standard. Government agencies are concerned about protecting data that might have to remain secure for decades into the future, so they are preparing now for computers that could still be 10 or 20 years into the future.

    If you are worried about quantum criminals getting your credit card number off of the Internet, you can breathe a little easier. When quantum computers come, cryptographers expect to be ready for them. And you will be able to keep shopping safely without buying your own quantum computer, although I’m sure Amazon will be happy to sell you one.

    Reply
  3. Tomi Engdahl says:

    The quantum computing apocalypse is imminent
    https://techcrunch.com/2018/01/05/the-quantum-computing-apocalypse-is-imminent/?utm_source=tcfbpage&sr_share=facebook

    According to experts, quantum computers will be able to create breakthroughs in many of the most complicated data processing problems, leading to the development of new medicines, building molecular structures and doing analysis going far beyond the capabilities of today’s binary computers.

    The National Security Agency, too, has sounded the alarm on the risks to cybersecurity in the quantum computing age.

    Reply
  4. Tomi Engdahl says:

    IBM warns of instant breaking of encryption by quantum computers: ‘Move your data today’
    https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of-encryption-by-quantum-computers-move-your-data-today/

    Welcome to the future transparency of today as quantum computers reveal all currently encrypted secrets — a viable scenario within just a few years.

    Reply
  5. Tomi Engdahl says:

    Security Needs a Quantum Leap
    https://www.eetimes.com/author.asp?section_id=36&doc_id=1333341

    Engineers need to start studying the trade-offs of different post-quantum cryptography techniques so they are ready when quantum computers arrive.

    No one is sure when (or really even if) quantum computers will become practically useful, but some experts believe that within 10 years a quantum computer could be capable of breaking today’s cryptography. Google, Microsoft, IBM and Intel, as well as numerous well-funded startups, are making significant progress toward quantum computers. And scientists around the world are investigating a variety of technologies to make quantum computers real.

    Quantum computing strikes at the heart of the security of the public key infrastructure used to secure communications with keys typically encrypted with RSA and Elliptic Curve Cryptography (ECC). A quantum computer could easily break these algorithms currently used to authenticate the identity of senders and receivers and protect data from manipulation.

    Today’s algorithms are secure because they are based on intractably hard mathematical problems in number theory. However, they are only intractable for a classical computer where bits can have only one value (either 1 or a 0). In a quantum computer where k bits represent 2k values, RSA and ECC can be solved in polynomial time using a technique known as Shor’s algorithm.

    Once quantum computers can scale to work on tens of thousands of bits, today’s public key cryptography becomes immediately insecure. Simply changing parameters will not suffice–the whole industry will have to switch to completely different algorithms.

    The sky isn’t falling, but it is vital to begin transition planning now. Post-quantum cryptography has received an increasing amount of attention from both academics and from industry.

    Proposed post-quantum cryptographic algorithms are based on various underlying hard problems widely believed to be resistant to attacks even with quantum computers. These fall into the following classes of cryptography:

    Multivariate
    Hash-based
    Code-based
    Supersingular elliptic curve isogeny

    Each of these classes has various pros and cons.

    Reply
  6. Tomi Engdahl says:

    Microsoft Adds Post-Quantum Cryptography To an OpenVPN Fork
    https://tech.slashdot.org/story/18/06/06/138258/microsoft-adds-post-quantum-cryptography-to-an-openvpn-fork?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Microsoft recently published an interesting open source project called “PQCrypto-VPN” that implements post-quantum cryptography (PQC) within OpenVPN. Being developed by the Microsoft Research Security and Cryptography group, as part of their research into post-quantum cryptography, this fork is being used to test PQC algorithms and their performance and functionality when used with VPNs.

    Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork
    https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-post-quantum-cryptography-to-an-openvpn-fork/

    Microsoft’s PQCrypto-VPN is published on Github and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are:

    Frodo: a key exchange protocol based on the learning with errors problem
    SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman
    Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs

    https://github.com/Microsoft/PQCrypto-VPN

    Reply
  7. Tomi Engdahl says:

    Security Startup Quantum Xchange Promises Unbreakable Quantum-Safe Encryption
    https://www.securityweek.com/security-startup-quantum-xchange-promises-unbreakable-quantum-safe-encryption

    Quantum Xchange Raises $10 Million, Launches Quantum Key Distribution Service

    Bethesda, MD-based start-up Quantum Xchange has announced $10 Million Series A funding from New Technology Ventures, and the launch of the first commercial quantum key distribution (QKD) service in the U.S. The funding will support the deployment of a fiber network serving the Northeast Corridor from Washington D.C. to Boston, connecting the financial markets on Wall Street with back office operations in New Jersey.

    The business premise is simple. The budding arrival of quantum computers will make current strong public key encryption immensely weak. Where current computing power would take too long or too many computers to make factoring large numbers feasible, one quantum computer could factor current public key lengths in a matter of minutes. Public key encryption will not provide security against quantum computers.

    Reply
  8. Tomi Engdahl says:

    Quantum encryption combats threat posed by quantum computing hacks
    https://www.lightwaveonline.com/articles/2018/07/quantum-encryption-combats-threat-posed-by-quantum-computing-hacks.html?cmpid=enl_lightwave_lightwave_datacom_2018-07-03&pwhid=6b9badc08db25d04d04ee00b499089ffc280910702f8ef99951bdbdad3175f54dcae8b7ad9fa2c1f5697ffa19d05535df56b8dc1e6f75b7b6f6f8c7461ce0b24&eid=289644432&bid=2161879

    With the impending advent of quantum computing threatening to increase the horsepower of cyberattacks, ADVA Optical Networking has reported on its participation in a pair of efforts to enable quantum-level encryption. One, led by the University of Cambridge, has seen the deployment of fiber links in the UK fortified with a quantum key distribution (QKD) scheme. The second trialed a potentially even greater level of security via a post-quantum public-key encryption system on a route that leveraged multiple research and education (R&E) networks.

    Reply
  9. Tomi Engdahl says:

    Key Researchers on the Pace and Peculiarities of Developing Quantum Computing—and the Possible End of Bitcoin
    https://spectrum.ieee.org/view-from-the-valley/computing/hardware/quantum-computing-researchers-on-the-pace-of-development-managing-a-quantum-group-and-the-end-of-bitcoin

    On when we’ll have a useful quantum computer:

    “We are at the point now where we have the science developed so far that we see a path to scaling it and building a quantum computer that solves problems in the next five to ten years,” predicted Microsoft’s Troyer.

    “I don’t want people to get the idea that if we don’t get this working in the next couple of years, it’s not going to work.”
    —John Martinis, Google

    “We are looking for scientist/engineers, [people] who can think as an engineer when they need to, and as a scientist”

    “If you have a secret today, don’t encrypt it with RSA if you believe quantum computing is coming.”
    —Matthias Troyer, Microsoft

    On the end of Bitcoin:

    In response to an audience question about the future of Bitcoin in the quantum computing era, Troyer pointed out that his group calculated that once a quantum computer can be built with just over 2000 qubits, “you can crack Bitcoin.”

    “We joke that then we can fund all of our programming” with Bitcoin, he said.

    Reply
  10. Tomi Engdahl says:

    Quantum encryption combats threat posed by quantum computing hacks
    https://www.lightwaveonline.com/articles/2018/07/quantum-encryption-combats-threat-posed-by-quantum-computing-hacks.html?cmpid=enl_lightwave_lightwave_datacom_2018-07-10&pwhid=6b9badc08db25d04d04ee00b499089ffc280910702f8ef99951bdbdad3175f54dcae8b7ad9fa2c1f5697ffa19d05535df56b8dc1e6f75b7b6f6f8c7461ce0b24&eid=289644432&bid=2165892

    With the impending advent of quantum computing threatening to increase the horsepower of cyberattacks, ADVA Optical Networking has reported on its participation in a pair of efforts to enable quantum-level encryption. One, led by the University of Cambridge, has seen the deployment of fiber links in the UK fortified with a quantum key distribution (QKD) scheme. The second trialed a potentially even greater level of security via a post-quantum public-key encryption system on a route that leveraged multiple research and education (R&E) networks.

    Current optical networks can enjoy a significant amount of security from data transmission breaches, says Jörg-Peter Elbers, senior vice president, advanced technology, at ADVA. Layer 1 encryption capabilities using Diffie-Hellman key exchange techniques are widely considered sufficient to withstand de-encryption attempts that use current technology. However, security experts fear that Diffie-Hellman won’t hold up to the power of attacks that use quantum computing resources. More robust key exchange and, potentially, encryption algorithms likely will need to be employed, Elbers explains.

    Post-quantum key exchange

    Meanwhile, security specialists also have interest in quantum-sturdy techniques that can augment existing security schemes quickly and efficiently. ADVA participated in a demonstration of such an approach alongside Broadnet, GÉANT, NORDUnet, PSNC, and UNINETT. Here, the partners demonstrated the use of “post-quantum” key encryption based on a variant of the Niederreiter scheme. The scheme has been around for some time, explained Elbers. It uses larger keys than those typically employed in Diffie-Hellman; optical transport systems now support transmission rates great enough that the larger key size no longer significantly degrades transmission efficiency. One benefit of the approach is that it can be implemented at the network endpoints, leaving the rest of the network untouched. Thus, such key encryption can complement any encryption scheme the network has in place. The Niederreiter scheme is one option under consideration within the NIST Post Quantum Encryption Standardization effort.

    The field trial saw the Niederreiter-based approach implemented on a 2,300-km link from Poznań, Poland, to Trondheim, Norway.

    Reply
  11. Tomi Engdahl says:

    Surprising hidden order unites prime numbers and crystal-like materials
    https://phys.org/news/2018-09-hidden-prime-crystal-like-materials.html

    The seemingly random digits known as prime numbers are not nearly as scattershot as previously thought. A new analysis by Princeton University researchers has uncovered patterns in primes that are similar to those found in the positions of atoms inside certain crystal-like materials.

    Reply
  12. Tomi Engdahl says:

    Quantum Computing and Cryptography
    https://www.schneier.com/blog/archives/2018/09/quantum_computi_2.html

    Quantum computing is a new way of computing — one that could allow humankind to perform computations that are simply impossible using today’s computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length.

    This is why cryptographers are hard at work designing and analyzing “quantum-resistant” public-key algorithms. Currently, quantum computing is too nascent for cryptographers to be sure of what is secure and what isn’t. But even assuming aliens have developed the technology to its full potential, quantum computing doesn’t spell the end of the world for cryptography. Symmetric cryptography is easy to make quantum-resistant, and we’re working on quantum-resistant public-key algorithms. If public-key cryptography ends up being a temporary anomaly based on our mathematical knowledge and computational ability, we’ll still survive.

    At its core, cryptography relies on the mathematical quirk that some things are easier to do than to undo.

    This one-wayness is based on our mathematical knowledge. When you hear about a cryptographer “breaking” an algorithm, what happened is that they’ve found a new trick that makes reversing easier. Cryptographers discover new tricks all the time, which is why we tend to use key lengths that are longer than strictly necessary. This is true for both symmetric and public-key algorithms; we’re trying to future-proof them.

    Quantum computers promise to upend a lot of this. Because of the way they work, they excel at the sorts of computations necessary to reverse these one-way functions. For symmetric cryptography, this isn’t too bad. Grover’s algorithm shows that a quantum computer speeds up these attacks to effectively halve the key length. This would mean that a 256-bit key is as strong against a quantum computer as a 128-bit key is against a conventional computer; both are secure for the foreseeable future.

    For public-key cryptography, the results are more dire. Shor’s algorithm can easily break all of the commonly used public-key algorithms based on both factoring and the discrete logarithm problem. Doubling the key length increases the difficulty to break by a factor of eight. That’s not enough of a sustainable edge.

    In the short term, cryptographers are putting considerable effort into designing and analyzing quantum-resistant algorithms, and those are likely to remain secure for decades. This is a necessarily slow process, as both good cryptanalysis transitioning standards take time. Luckily, we have time. Practical quantum computing seems to always remain “ten years in the future,” which means no one has any idea.

    Reply
  13. Tomi Engdahl says:

    The future of security lies in quantum computing
    https://www.pandasecurity.com/mediacenter/security/security-quantum-computing/

    “Quantum” is a word that stirs in its wake a litany of questions. No one can deny that the future of computing is to be found in the unique features of quantum mechanics, the branch of physics that studies nature at an infinitely small scale. However, it seems hard to grasp how it could be that the sector that has most to gain from quantum computing is, in fact, the security sector.

    Reply
  14. Tomi Engdahl says:

    Quantum Technology Promises Practical Cryptography With Unbreakable Keys
    https://spectrum.ieee.org/tech-talk/telecom/security/quantum-mechanicsbased-technology-promises-practical-quantum-cryptographic-communications-with-unbreakable-keys

    Cryptographic protection of sensitive information is arguably facing its most severe challenge to date thanks to quantum computers. To counter this threat, researchers around the globe are investigating new ways to protect secret keys used to send and unlock encrypted data. One advanced method close to commercialization is quantum key distribution (QKD).

    QKD employs a feature of quantum mechanics known as the uncertainty principle to ensure transmitted key data cannot be interfered with by an outside party without irreversibly altering the data. Any interference will leave its mark and be detected by the sender and receiver.

    Reply
  15. Tomi Engdahl says:

    BlackBerry races ahead of security curve with quantum-resistant solution
    https://techcrunch.com/2018/10/04/blackberry-races-ahead-of-security-curve-with-quantum-resistant-solution/?sr_share=facebook&utm_source=tcfbpage

    Quantum computing represents tremendous promise to completely alter technology as we’ve known it, allowing operations that weren’t previously possible with traditional computing. The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility.

    The solution, which will be available next month, is actually the product of a partnership between BlackBerry and Isara Corporation, a company whose mission is to build quantum-safe security solutions. BlackBerry is using Isara’s cryptographic libraries to help sign and protect code as security evolves.

    Reply
  16. Tomi Engdahl says:

    Will Quantum Computers break encryption?
    https://www.youtube.com/watch?v=6H_9l9N3IXU

    How do you secure messages over the internet? How do quantum computers break it? How do you fix it? Why don’t you watch the video to find out?

    Reply
  17. Tomi Engdahl says:

    Quantum cryptography is unbreakable. So is human ingenuity
    https://aeon.co/ideas/quantum-cryptography-is-unbreakable-so-is-human-ingenuity

    Two basic types of encryption schemes are used on the internet today. One, known as symmetric-key cryptography, follows the same pattern that people have been using to send secret messages for thousands of years.

    The second scheme is called public-key cryptography, and it was invented only in the 1970s.

    Public-key cryptography was invented by researchers at the Government Communications Headquarters (GCHQ) – the British equivalent (more or less) of the US National Security Agency (NSA) – who wanted to protect communications between a large number of people in a security organisation.

    Now cryptographers think that a new kind of computer based on quantum physics could make public-key cryptography insecure.

    Cryptographers aren’t just giving up, however. They’re exploring replacements for the current systems, in two principal ways. One deploys quantum-resistant ciphers, which are ways to encrypt messages using current computers but without involving hidden subgroup problems. Thus they seem to be safe against code-breakers using quantum computers. The other idea is to make truly quantum ciphers. These would ‘fight quantum with quantum’, using the same quantum physics that could allow us to build quantum computers to protect against quantum-computational attacks. Progress is being made in both areas, but both require more research, which is currently being done at universities and other institutions around the world.

    Reply
  18. Tomi Engdahl says:

    The Race Is On to Protect Data From the Next Leap in Computers. And China Has the Lead.
    https://www.nytimes.com/2018/12/03/technology/quantum-encryption.html

    The world’s leading technology companies, from Google to Alibaba in China, are racing to build the first quantum computer

    This device could break the encryption that protects digital information, putting at risk everything from the billions of dollars spent on e-commerce to national secrets stored in government databases.

    An answer? Encryption that relies on the same concepts from the world of physics. Just as some scientists are working on quantum computers, others are working on quantum security techniques that could thwart the code-breaking abilities of these machines of the future.

    China has a clear lead in quantum encryption. As it has with other cutting-edge technologies, like artificial intelligence, the Chinese government has made different kinds of quantum research a priority.

    Reply
  19. Tomi Engdahl says:

    The Race Is On to Protect Data From the Next Leap in Computers. And China Has the Lead.
    https://www.nytimes.com/2018/12/03/technology/quantum-encryption.html?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=68985424&_hsenc=p2ANqtz-81rZr8dEZ7ofLibIJoAknH3rnePNz0vqUw0KoxjHhfifRGCEFcbwTfBB2Rkiw8mBey_HGPdHXWDNXGSWeJ-3a4npHlk1IxOkaQZvZDWxv0pN4MZGk&_hsmi=68985424

    The world’s leading technology companies, from Google to Alibaba in China, are racing to build the first quantum computer, a machine that would be far more powerful than today’s computers.

    This device could break the encryption that protects digital information, putting at risk everything from the billions of dollars spent on e-commerce to national secrets stored in government databases.

    An answer? Encryption that relies on the same concepts from the world of physics. Just as some scientists are working on quantum computers, others are working on quantum security techniques that could thwart the code-breaking abilities of these machines of the future.

    It is a race with national security implications, and while building quantum computers is still anyone’s game, China has a clear lead in quantum encryption. As it has with other cutting-edge technologies, like artificial intelligence, the Chinese government has made different kinds of quantum research a priority.

    “China has a very deliberate strategy to own this technology,” said Duncan Earl, a former researcher at Oak Ridge National Laboratory who is president and chief technology officer of Qubitekk, a company that is exploring quantum encryption. “If we think we can wait five or 10 years before jumping on this technology, it is going to be too late.”

    Reply
  20. Tomi Engdahl says:

    Circuit Secures the IoT Against Quantum Attack
    https://spectrum.ieee.org/tech-talk/computing/embedded-systems/circuit-secures-the-iot-against-quantum-attack

    One of the most frequently mentioned fears about future quantum computers is that they will someday crack our encryption codes and lay all our digital secrets bare. Despite it being a truly far-off possibility, cryptographers are already taking the threat very seriously.

    The solution seems to be to develop one or more classes of encryption schemes that classical computers can use but quantum computers can’t crack.

    “Lattice-based cryptography is a promising candidate because of its small public key and signature sizes,” MIT doctoral student Utsav Banerjee told engineers at the conference.

    Reply
  21. Tomi Engdahl says:

    Post-Quantum Crypto Standards Aren’t All About the Math
    https://www.darkreading.com/iot/post-quantum-crypto-standards-arent-all-about-the-math/d/d-id/1333892?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

    The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.

    Reply
  22. Tomi Engdahl says:

    How Quantum Computers Break Encryption | Shor’s Algorithm Explained
    https://www.youtube.com/watch?v=lvTqbM5Dq4Q

    Reply
  23. Tomi Engdahl says:

    How Peter Shor’s Algorithm Dooms RSA Encryption to Failure
    https://interestingengineering.com/how-peter-shors-algorithm-dooms-rsa-encryption-to-failure

    In 1994, Peter Shor created an algorithm for a theorical computer that solved a nearly impossible problem. Now that technology is catching up, Shor’s algorithm guarantees the end to RSA Encryption.

    Reply
  24. Tomi Engdahl says:

    Cloudflare wants to protect the internet from quantum computing
    https://www.engadget.com/2019/06/21/cloudflare-quantum-encryption/

    It’s sharing its open-source library of post-quantum cryptography software.

    Without advances in post-quantum cryptography, quantum computing could make it easy for hackers to access sensitive data, like credit card info. To prevent that, internet infrastructure company Cloudflare is testing post-quantum cryptography technology, and it’s sharing its open-source software package, CIRCL, or Cloudflare Interoperable Reusable Cryptographic Library, on GitHub.

    https://github.com/cloudflare/circl

    Reply
  25. Tomi Engdahl says:

    Quantum Cryptography Needs a Reboot
    https://spectrum.ieee.org/tech-talk/computing/networks/the-practical-limits-of-quantum-cryptography

    Quantum technologies—including quantum computing, ultra-sensitive quantum detectors, and quantum random number generators—are at the vanguard of many engineering fields today. Yet one of the earliest quantum applications, which dates back to the 1980s, still appears very far indeed from any kind of widespread, commercial rollout.

    Reply
  26. Tomi Engdahl says:

    How the United States Is Developing Post-Quantum Cryptography
    https://spectrum.ieee.org/tech-talk/telecom/security/how-the-us-is-preparing-for-quantum-computings-threat-to-end-secrecy

    When practical quantum computing finally arrives, it will have the power to crack the standard digital codes that safeguard online privacy and security for governments, corporations, and virtually everyone who uses the Internet. That’s why a U.S. government agency has challenged researchers to develop a new generation of quantum-resistant cryptographic algorithms.

    Reply
  27. Tomi Engdahl says:

    https://www.zerohedge.com/technology/googles-quantum-supremacy-render-all-cryptocurrency-military-secrets-breakable

    The 53-qubit quantum computer can break any 53-bit cryptography in seconds, meaning Bitcoin’s 256-bit encryption is vulnerable once Google scales its quantum computing to 256 qubits, something their own scientists say will be possible by 2022.

    At this rate, Google will be able to break all military encryption by 2024, a frightening prospect given the company’s close ties to China.

    Read Adams’ full article for a comprehensive breakdown of what this means for the future

    https://www.naturalnews.com/2019-09-21-google-achieves-quantum-supremacy-all-cryptocurrency.html

    Reply
  28. Tomi Engdahl says:

    ‘QUANTUM APOCALYPSE’: HOW ULTRA-POWERFUL COMPUTERS COULD CRIPPLE GOVERNMENTS AND EFFECTIVELY BREAK THE INTERNET
    https://www.independent.co.uk/life-style/gadgets-and-tech/features/quantum-apocalypse-computers-affect-internet-bitcoin-governments-a9143171.html

    ‘Our modern systems of finance, commerce, communication, transportation, manufacturing, energy, government, and healthcare will for all intents and purposes cease to function,’ cyber security expert warns

    Reply
  29. Tomi Engdahl says:

    Post-quantum TLS now supported in AWS KMS
    https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/

    AWS Key Management Service (AWS KMS) now supports post-quantum hybrid key exchange for the Transport Layer Security (TLS) network encryption protocol that is used when connecting to KMS API endpoints. In this post, I’ll tell you what post-quantum TLS is, what hybrid key exchange is, why it’s important, how to take advantage of this new feature, and how to give us feedback.

    AWS implements TLS using s2n, a streamlined open source implementation of TLS. In June, 2019, AWS introduced post-quantum s2n, which implements two proposed post-quantum hybrid cipher suites specified in this IETF draft. The cipher suites specify a key exchange that provides the security protections of both the classical and post-quantum schemes.

    https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid-01

    Reply
  30. Tomi Engdahl says:

    Did anyone ask for some quantum proof crypto? Here is some quantum proof crypto:

    https://github.com/BanditCat/jdubi/

    Reply
  31. Tomi Engdahl says:

    Burning Things With Big Lasers In The Name Of Security
    https://hackaday.com/2020/01/29/burning-things-with-big-lasers-in-the-name-of-security/

    Several fields of quantum research have made their transition from research labs into commercial products, accompanied by grandiose claims. Are they as good as they say? We need people like Dr. Sarah Kaiser to independently test those claims, looking for flaws in implementation. At the 2019 Hackaday Superconference she shared her research on attacking commercially available quantum key distribution (QKD) hardware.

    Don’t be scared away when you see the term “quantum” in the title.

    Dr. Sarah Kaiser – Hacking Quantum Key Distribution Hardware
    https://www.youtube.com/watch?v=j3QV5_Me-v4

    Reply
  32. Tomi Engdahl says:

    Promising Results for Post-Quantum Certificates in TLS 1.3
    https://blogs.cisco.com/security/promising-results-for-post-quantum-certificates-in-tls-1-3
    Quantum Computers could threaten the security of TLS key exchange and
    authentication. To assess the performance of post-quantum certificates
    TLS 1.3, we evaluated NIST Round 2 signature algorithms and concluded
    that two of them offer acceptable speeds. We also analyzed other
    implications of post-quantum certs in TLS. More details in
    https://ia.cr/2020/071

    Reply
  33. Tomi Engdahl says:

    Security in a Quantum World
    https://www.eeweb.com/profile/maurizio-di-paolo-emilio/articles/securing-the-internet-of-things-in-a-quantum-world?utm_source=newsletter&utm_campaign=link&utm_medium=EDNFunFriday-20200424

    Quantum computers will make current security mechanisms vulnerable to new types of cyberattacks — a real problem for both chip cards and complex technological systems such as networked vehicles or industrial control systems. They have the potential to break the cryptographic patterns widely used in internet of things data communication systems.

    With the advent of quantum computers, modern encryption algorithms are undergoing an evolution that will significantly change their current use. In order to support the security of the internet and other cryptographic-based technologies, it is necessary to increase mathematical research to build the cryptography of tomorrow, which is resistant to quantum attacks and will become known as post-quantum or quantum-resistant cryptography.

    “A quantum computer that could break cryptography would be a powerful tool for attackers,” said Dr. Thomas Poeppelmann, senior staff engineer, Infineon Technologies.

    According to the latest Thales Data Threat Report, 72 percent of the security experts surveyed worldwide believe that quantum computing power will affect data security technologies within the next five years. Robust and future-proof security solutions are therefore necessary.

    Reply
  34. Tomi Engdahl says:

    A step closer to secure global communication
    https://www.nature.com/articles/d41586-020-01779-7

    Quantum key distribution is a cryptographic method that can guarantee secure communication. A satellite-based experiment has shown that this technique can be applied over long distances without the need for trusted relays.

    Reply
  35. Tomi Engdahl says:

    A new encryption technique called ghost polarization communication has passed an early test.

    Researchers Demo a New Polarization-Based Encryption Strategy
    https://spectrum.ieee.org/telecom/security/researchers-demo-a-new-polarizationbased-encryption-strategy

    Telecommunications can never be too secure. That’s why researchers continue to explore new encryption methods. One emerging method is called ghost polarization communication, or GPC. Researchers at the Technical University of Darmstadt, in Germany, recently demonstrated this approach in a proof-of-principle experiment.

    In unpolarized light, the orientation of the electric-field component of a light wave fluctuates randomly. That’s the opposite of polarized light sources such as lasers, in which this orientation is fixed.

    It’s often easiest to imagine unpolarized light as having no specific orientation at all, since it changes on the order of nanoseconds. However, according to Wolfgang Elsaesser, one of the Darmstadt researchers who developed GPC, there’s another way to look at it: “Unpolarized light can be viewed as a very fast distribution on the Poincaré sphere.”

    In other words, unpolarized light could be a source of rapidly generated random numbers that can be used to encode a message—if the changing polarization can be measured quickly enough and decoded at the receiver.

    GPC earned its name because a message may be decoded only by using both the altered beam and a reference beam.

    Elsaesser says GPC is possible with both wired and wireless communications setups. For the proof-of-principle tests, they relied largely on wired setups, which were slightly easier to measure than over-the-air tests. The group used standard commercial equipment, including fiber-optic cable and 1,550-nanometer light sources (1,550 nanometers is the most common wavelength of light used for fiber communications).

    The Darmstadt group confirmed GPC was possible by encoding a short message by mapping 0 bits and 1 bits using polarization angles agreed upon by the sender and receiver.

    However, Elsaesser stresses that the tests were preliminary. “The weakness at the moment,” he says, “is that we have not concentrated on the modulation speed or the transmission speed.”

    Reply
  36. Tomi Engdahl says:

    Researchers crammed an entangled photon generator into a CubeSat, suggesting these small satellites could create an orbiting quantum network.

    https://spectrum.ieee.org/tech-talk/aerospace/satellites/tiny-satellites-could-distribute-quantum-keys

    Reply
  37. Tomi Engdahl says:

    Post-Quantum TLS 1.3 and SSH Performance (preliminary results)
    https://blogs.cisco.com/security/tls-ssh-performance-pq-kem-auth
    As brought up on multiple occasions, if a real-world quantum computer
    was ever built, it could jeopardize public key exchange, encryption,
    and digital signature schemes used in secure tunnel protocols today
    like (D)TLS, SSH, IKEv2/IPsec and more. To prepare for a post-quantum
    future, NIST has embarked on a journey of standardizing post-quantum
    algorithms, IETF has seen RFC draft submissions for using these
    algorithms and multiple vendors like Cisco, Microsoft, Cloudflare,
    Google, AWS have been looking at post-quantum key exchange or
    authentication in TLS.

    Reply
  38. Tomi Engdahl says:

    PQShield raises $7M for quantum-ready cryptographic security solutions
    https://tcrn.ch/2VZv86E

    A deep tech startup building cryptographic solutions to secure hardware, software, and communications systems for a future when quantum computers may render many current cybersecurity approaches useless is today emerging out of stealth mode with $7 million in funding and a mission to make cryptographic security something that cannot be hackable, even with the most sophisticated systems, by building systems today that will continue to be usable in a post-quantum future.

    Reply
  39. Tomi Engdahl says:

    The quest for quantum-proof encryption just made a leap forward
    https://www.technologyreview.com/2020/08/03/1005891/search-for-quantum-proof-encryption-computing-nist/

    Quantum computers could make encryption a thing of the past, but 15 contenders are trying to prove they have what it takes to safeguard your data.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*