Cryptographic Right Answers: Post Quantum Edition
Post-quantum cryptography is essential as quantum computers threaten classical systems. NIST is standardizing algorithms, but challenges include differing properties, larger key sizes, and the need for a hybrid security approach.
Read original article
Post-quantum cryptography (PQC) is becoming increasingly important as quantum computers pose a potential threat to classical cryptographic systems. The urgency for migration to PQC arises from the possibility that quantum computers capable of breaking current algorithms could emerge within the next two decades. Governments, including the U.S., are taking steps to prepare for this transition, with NIST leading efforts to standardize PQC algorithms. The NIST contest has already identified several promising algorithms, including Dilithium, Falcon, SPHINCS+, and Kyber, which are designed to withstand both classical and quantum attacks. However, the transition to PQC is complicated by the fact that these new algorithms often have different properties and trade-offs compared to classical systems, making it challenging to provide straightforward recommendations. Additionally, the larger key sizes and artifacts associated with PQC can create compatibility issues with existing systems. The article emphasizes the need for a hybrid approach that combines classical and post-quantum algorithms to leverage the strengths of both while ensuring security against future threats. As the landscape of cryptography evolves, ongoing research and development will be crucial to address the challenges posed by quantum computing.
- Quantum computers could threaten current cryptographic systems within 20 years.
- NIST is standardizing post-quantum cryptography algorithms to prepare for this transition.
- New PQC algorithms have different properties and trade-offs compared to classical systems.
- Larger key sizes in PQC may lead to compatibility issues with existing technologies.
- A hybrid approach combining classical and PQC algorithms is recommended for enhanced security.
Related
A Quantum Leap in Factoring
Recent quantum computing advancements include Peter Shor's Shor algorithm for factoring large numbers and Oded Regev's new scheme reducing gate requirements. Practical implications and implementation challenges persist despite optimism for future cryptography improvements.
Quantum is unimportant to post-quantum
Post-quantum cryptography gains attention for its enhanced safety and flexibility over classical methods. Transitioning to PQ standards addresses risks from potential quantum advancements, aiming to improve cryptographic security proactively.
Multiple nations enact mysterious export controls on quantum computers
Secret international discussions have led to multiple countries imposing export controls on quantum computers without disclosing the scientific basis. Concerns about stifling innovation in the industry have been raised.
NIST Releases First 3 Finalized Post-Quantum Encryption Standards
NIST has finalized three post-quantum encryption standards to protect against quantum computer attacks, urging immediate implementation by system administrators. The standards include algorithms for encryption and digital signatures.
FIPS Post Quantum Crypto standards approved
The U.S. Secretary of Commerce approved three FIPS standards for post-quantum cryptography, enhancing security against quantum computer attacks with new key establishment and digital signature schemes.
- Discussion on the larger key sizes of PQC algorithms and their impact on resource-constrained devices like mobile and IoT.
- Concerns about the practical readiness of PQC solutions and the risks associated with implementing them in production environments.
- Questions about the effectiveness of classical defenses against potential quantum attacks, particularly the "store now, decrypt later" threat.
- Calls for regular updates on cryptographic standards to ensure ongoing relevance and security in a rapidly evolving field.
- Criticism of reliance on NIST and FIPS regulations, suggesting that they may contribute to vulnerabilities in cryptographic implementations.
12 commentsIs it possible to defend against this attack in a classical way? Some sort of time limit on decryption? Or an argument that it's impossible?
I'm curious what's the general opinion on the production-readiness of these solutions. Open Quantum Safe, for example, discourages it's use in production, and recompiling nginx to use PQC-BoringSSL feels risky since I'm not intimately familiar with both projects ("did I miss a --enable-security flag?").
> the PQ keys are 4 orders of magnitude larger
For McEliece, perhaps, but the algorithms in the tables are "only" 2 orders of magnitude larger.
* https://www.nist.gov/news-events/news/2024/08/nist-releases-...
See
* FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM / CRYSTALS-KYBER)
* FIPS 204, Module-Lattice-Based Digital Signature Standard (ML-DSA / CRYSTALS-Dilithium)
* FIPS 205, Stateless Hash-Based Digital Signature Standard (SLH-DSA / SPHINCS+)
From:
* https://csrc.nist.gov/News/2024/postquantum-cryptography-fip...
* https://www.federalregister.gov/documents/2024/08/14/2024-17...
This is what, a fourth or fifth version since 2009?
Meanwhile everything from ubuntu's apt-get to my connection to HN is secured with 2048-bit RSA - an algorithm invented in 1977 and in widespread use since at least 1995.
Am I getting crypto advice that will keep my data safe for 30+ years, if the advice changes every 3 years?
Interestingly enough, there is a proof out there that more or less states the opposite for HMAC-MD5 and HMAC-SHA1:
* https://eprint.iacr.org/2006/043.pdf
The issue here is that MD5 and SHA1 are broken for collisions. But no one could figure out an actual attack for HMACs based on them. The linked paper is an attempt to explain that.
Related
A Quantum Leap in Factoring
Recent quantum computing advancements include Peter Shor's Shor algorithm for factoring large numbers and Oded Regev's new scheme reducing gate requirements. Practical implications and implementation challenges persist despite optimism for future cryptography improvements.
Quantum is unimportant to post-quantum
Post-quantum cryptography gains attention for its enhanced safety and flexibility over classical methods. Transitioning to PQ standards addresses risks from potential quantum advancements, aiming to improve cryptographic security proactively.
Multiple nations enact mysterious export controls on quantum computers
Secret international discussions have led to multiple countries imposing export controls on quantum computers without disclosing the scientific basis. Concerns about stifling innovation in the industry have been raised.
NIST Releases First 3 Finalized Post-Quantum Encryption Standards
NIST has finalized three post-quantum encryption standards to protect against quantum computer attacks, urging immediate implementation by system administrators. The standards include algorithms for encryption and digital signatures.
FIPS Post Quantum Crypto standards approved
The U.S. Secretary of Commerce approved three FIPS standards for post-quantum cryptography, enhancing security against quantum computer attacks with new key establishment and digital signature schemes.