CyberSecurity news
FlagThis - #cryptography
|
@quantumcomputingreport.com
//
The rapid advancement of quantum computing poses a significant threat to current encryption methods, particularly RSA, which secures much of today's internet communication. Google's recent breakthroughs have redefined the landscape of cryptographic security, with researchers like Craig Gidney significantly lowering the estimated quantum resources needed to break RSA-2048. A new study indicates that RSA-2048 could be cracked in under a week using fewer than 1 million noisy qubits, a dramatic reduction from previous estimates of around 20 million qubits and eight hours of computation. This shift accelerates the timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption, impacting everything from email to financial transactions.
This vulnerability stems from the ability of quantum computers to utilize Shor's algorithm for factoring large numbers, a task prohibitively difficult for classical computers. Google's innovation involves several technical advancements, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes with sparse lookups. These improvements streamline modular arithmetic, reduce the depth of quantum circuits, and minimize overhead in fault-tolerant quantum circuits, collectively reducing the physical qubit requirement to under 1 million while maintaining a relatively short computation time. In response to this threat, post-quantum cryptography (PQC) is gaining momentum. PQC refers to cryptographic algorithms designed to be secure against both classical and quantum attacks. NIST has already announced the first set of quantum-safe algorithms for standardization, including FrodoKEM, a key encapsulation protocol offering a simple design and strong security guarantees. The urgency of transitioning to quantum-resistant cryptographic systems is underscored by ongoing advances in quantum computing. While the digital world relies on encryption, the evolution to AI and quantum computing is challenging the security. Professionals who understand both cybersecurity and artificial intelligence will be the leaders in adapting to these challenges. Recommended read:
References :
@www.microsoft.com
//
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.
The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes. In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions. Recommended read:
References :
@www.microsoft.com
//
Microsoft is taking a significant step towards future-proofing cybersecurity by integrating post-quantum cryptography (PQC) into Windows Insider builds. This move aims to protect data against the potential threat of quantum computers, which could render current encryption methods vulnerable. The integration of PQC is a critical step toward quantum-resilient cybersecurity, ensuring that Windows systems can withstand attacks from more advanced computing power in the future.
Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility. This is being done in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history. The urgency behind this transition stems from the "harvest now, decrypt later" threat, where malicious actors store encrypted communications today, with the intent to decrypt them once quantum computers become capable. These captured secrets, such as passwords, encryption keys, or medical data, could remain valuable to attackers for years to come. By adopting PQC algorithms, Microsoft aims to safeguard sensitive information against this future risk, emphasizing the importance of starting the transition now. Recommended read:
References :
@github.com
//
A critical security vulnerability has been discovered in OpenPGP.js, a widely used JavaScript library that implements the OpenPGP standard for email and data encryption. Tracked as CVE-2025-47934, the flaw allows attackers to spoof both signed and encrypted messages, effectively undermining the trust inherent in public key cryptography. Security researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that the vulnerability stems from the `openpgp.verify` and `openpgp.decrypt` functions, and it essentially undermines the core purpose of using public key cryptography to secure communications.
The vulnerability impacts versions 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0 of the OpenPGP.js library. According to an advisory posted on the library's GitHub repository, a maliciously modified message can be passed to one of these functions, and the function may return a result indicating a valid signature, even if the message has not been legitimately signed. This flaw affects both inline signed messages and signed-and-encrypted messages. The advisory also states that to spoof a message, an attacker needs a single valid message signature along with the plaintext data that was legitimately signed. They can then construct a fake message that appears legitimately signed. Users are strongly advised to upgrade to versions 5.11.3 or 6.1.1 as soon as possible to mitigate the risk. Versions 4.x are not affected by the vulnerability. While a full write-up and proof-of-concept exploit are expected to be released soon, the current advisory offers enough details to highlight the severity of the issue. The underlying problem is that OpenPGP.js trusts the signing process without properly verifying it, leaving users open to having signed and encrypted messages spoofed. This vulnerability allows message signature verification to be spoofed. Recommended read:
References :
@thequantuminsider.com
//
Project Eleven has launched the QDay Prize, an open competition offering one Bitcoin, currently valued around $84,000 to $85,000, to anyone who can break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer. This initiative aims to evaluate the proximity of quantum computing to undermining ECC, a widely used encryption scheme. Participants must demonstrate the ability to break ECC using Shor's algorithm, without classical shortcuts or hybrid methods and submissions must include gate-level code and system specifications, all made publicly available for transparency.
The competition is structured around progressively larger ECC key sizes, starting from 1-bit keys, with an emphasis on demonstrating generalizable techniques that can scale to full cryptographic key lengths. The challenge, running until April 5, 2026, seeks to rigorously benchmark the real-world quantum threat to Bitcoin’s core security system. Project Eleven emphasizes that even successful attacks on small keys would be significant milestones, offering valuable insights into the security risks in modern cryptographic systems. Participants can use publicly accessible quantum hardware or private systems, and are expected to handle error-prone qubit environments realistically, given current hardware fidelities. Breaking even a few bits of a private key would be considered a significant achievement, according to Project Eleven. The QDay Prize hopes to establish a verifiable and open marker of when practical quantum attacks against widely used encryption systems may emerge, highlighting the urgency of understanding how close current technologies are to threatening ECC security. Recommended read:
References :
@The Cryptography Caffe? ?
//
The UK's National Cyber Security Centre (NCSC) has released a roadmap for transitioning to post-quantum cryptography (PQC), establishing key dates for organizations to assess risks, define strategies, and fully transition by 2035. This initiative aims to mitigate the future threat of quantum computers, which could potentially break today's widely used encryption methods. The NCSC’s guidance recognizes that PQC migration is a complex and lengthy process requiring significant planning and investment.
By 2028, organizations are expected to complete a discovery phase, identifying systems and services reliant on cryptography that need upgrades, and draft a migration plan. High-priority migration activities should be completed by 2031, with infrastructure prepared for a full transition. The NCSC emphasizes that these steps are essential for addressing quantum threats and improving overall cyber resilience. Ali El Kaafarani, CEO of PQShield, noted that these timelines give clear instructions to protect the UK’s digital future. Researchers have also introduced ZKPyTorch, a compiler that integrates ML frameworks with ZKP engines to simplify the development of zero-knowledge machine learning (ZKML). ZKPyTorch automates the translation of ML operations into optimized ZKP circuits and improves proof generation efficiency. Through case studies, ZKPyTorch successfully converted VGG-16 and Llama-3 models into ZKP-compatible circuits. Recommended read:
References :
|