CyberSecurity news

FlagThis - #cryptography

@medium.com //
The Post-Quantum Cryptography Coalition (PQCC) has recently published a comprehensive roadmap designed to assist organizations in transitioning from traditional cryptographic systems to quantum-resistant alternatives. This strategic initiative comes as quantum computing capabilities rapidly advance, posing a significant threat to existing data security measures. The roadmap emphasizes the importance of proactive planning to mitigate long-term risks associated with cryptographically relevant quantum computers. It is structured into four key implementation categories: Preparation, Baseline Understanding, Planning and Execution, and Monitoring and Evaluation.

The roadmap offers detailed steps for organizations to customize their adoption strategies, regardless of size or sector. Activities include inventorying cryptographic assets, assigning migration leads, prioritizing systems for upgrades, and aligning stakeholders across technical and operational domains. Furthermore, it underscores the urgency of Post-Quantum Cryptography (PQC) adoption, particularly for entities managing long-lived or sensitive data vulnerable to "harvest now, decrypt later" attacks. Guidance is also provided on vendor engagement, creating a cryptographic bill of materials (CBOM), and integrating cryptographic agility into procurement and system updates.

In related advancements, research is focusing on enhancing the efficiency of post-quantum cryptographic algorithms through hardware implementations. A new study proposes a Modular Tiled Toeplitz Matrix-Vector Polynomial Multiplication (MT-TMVP) method for lattice-based PQC algorithms, specifically designed for Field Programmable Gate Arrays (FPGAs). This innovative approach significantly reduces resource utilization and improves the Area-Delay Product (ADP) compared to existing polynomial multipliers. By leveraging Block RAM (BRAM), the architecture also offers enhanced robustness against timing-based Side-Channel Attacks (SCAs), making it a modular and scalable solution for varying polynomial degrees. This combined with hybrid cryptographic models is a practical guide to implementing post quantum cryptography using hybrid models for TLS, PKI, and identity infrastructure.

Recommended read:
References :
  • IACR News: MT-TMVP: Modular Tiled TMVP-based Polynomial Multiplication for Post-Quantum Cryptography on FPGAs
  • quantumcomputingreport.com: Post-Quantum Cryptography Coalition (PQCC) Publishes Comprehensive Roadmap for Post-Quantum Cryptography Migration
  • medium.com: In a major leap forward for global cybersecurity, Colt Technology Services, Honeywell, and Nokia have announced a joint effort to trial…
  • quantumcomputingreport.com: Carahsoft and QuSecure Partner to Expand Public Sector Access to Post-Quantum Cybersecurity Solutions

@quantumcomputingreport.com //
References: medium.com , medium.com , medium.com ...
The rapid advancement of quantum computing poses a significant threat to current encryption methods, particularly RSA, which secures much of today's internet communication. Google's recent breakthroughs have redefined the landscape of cryptographic security, with researchers like Craig Gidney significantly lowering the estimated quantum resources needed to break RSA-2048. A new study indicates that RSA-2048 could be cracked in under a week using fewer than 1 million noisy qubits, a dramatic reduction from previous estimates of around 20 million qubits and eight hours of computation. This shift accelerates the timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption, impacting everything from email to financial transactions.

This vulnerability stems from the ability of quantum computers to utilize Shor's algorithm for factoring large numbers, a task prohibitively difficult for classical computers. Google's innovation involves several technical advancements, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes with sparse lookups. These improvements streamline modular arithmetic, reduce the depth of quantum circuits, and minimize overhead in fault-tolerant quantum circuits, collectively reducing the physical qubit requirement to under 1 million while maintaining a relatively short computation time.

In response to this threat, post-quantum cryptography (PQC) is gaining momentum. PQC refers to cryptographic algorithms designed to be secure against both classical and quantum attacks. NIST has already announced the first set of quantum-safe algorithms for standardization, including FrodoKEM, a key encapsulation protocol offering a simple design and strong security guarantees. The urgency of transitioning to quantum-resistant cryptographic systems is underscored by ongoing advances in quantum computing. While the digital world relies on encryption, the evolution to AI and quantum computing is challenging the security. Professionals who understand both cybersecurity and artificial intelligence will be the leaders in adapting to these challenges.

Recommended read:
References :
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than…
  • quantumcomputingreport.com: Significant Theoretical Advancement in Factoring 2048 Bit RSA Integers
  • medium.com: Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security.
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers.
  • medium.com: Securing the Internet of Things: Why Post-Quantum Cryptography Is Critical for IoT’s Future
  • medium.com: Quantum Resilience Starts Now: Building Secure Infrastructure with Hybrid Cryptography
  • medium.com: Quantum-Resistant Cryptography: Preparing Your Code for Post-Quantum Era

@www.microsoft.com //
References: mfesgin.github.io , IACR News , medium.com ...
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.

The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes.

In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions.

Recommended read:
References :
  • mfesgin.github.io: PhD and Post-Doc in Post-Quantum Cryptography
  • IACR News: Zero-Trust Post-quantum Cryptography Implementation Using Category Theory
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • medium.com: NIST Approves Three Post-Quantum Cryptography Standards: A Milestone for Digital Security
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking

@www.microsoft.com //
References: cyberinsider.com , Dan Goodin , medium.com ...
Microsoft is taking a significant step towards future-proofing cybersecurity by integrating post-quantum cryptography (PQC) into Windows Insider builds. This move aims to protect data against the potential threat of quantum computers, which could render current encryption methods vulnerable. The integration of PQC is a critical step toward quantum-resilient cybersecurity, ensuring that Windows systems can withstand attacks from more advanced computing power in the future.

Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility. This is being done in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.

The urgency behind this transition stems from the "harvest now, decrypt later" threat, where malicious actors store encrypted communications today, with the intent to decrypt them once quantum computers become capable. These captured secrets, such as passwords, encryption keys, or medical data, could remain valuable to attackers for years to come. By adopting PQC algorithms, Microsoft aims to safeguard sensitive information against this future risk, emphasizing the importance of starting the transition now.

Recommended read:
References :
  • cyberinsider.com: Microsoft has begun integrating post-quantum cryptography (PQC) into Windows Insider builds, marking a critical step toward quantum-resilient cybersecurity. Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility with …
  • Dan Goodin: Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.
  • Red Hat Security: In their article on post-quantum cryptography, Emily Fox and Simo Sorce explained how Red Hat is integrating post-quantum cryptography (PQC) into our products. PQC protects confidentiality, integrity and authenticity of communication and data against quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves feasible. Cryptographically relevant quantum computers (CRQCs) are not known to exist yet, but continued advances in research point to a future risk of successful attacks. While the migration to algorithms resistant against such
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers. The post first appeared on .
  • arstechnica.com: For the first time, new quantum-safe algorithms can be invoked using standard Windows APIs.

@thecyberexpress.com //
A critical security vulnerability has been discovered in OpenPGP.js, a widely used JavaScript library that implements the OpenPGP standard for email and data encryption. Tracked as CVE-2025-47934, the flaw allows attackers to spoof both signed and encrypted messages, effectively undermining the trust inherent in public key cryptography. Security researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that the vulnerability stems from the `openpgp.verify` and `openpgp.decrypt` functions, and it essentially undermines the core purpose of using public key cryptography to secure communications.

The vulnerability impacts versions 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0 of the OpenPGP.js library. According to an advisory posted on the library's GitHub repository, a maliciously modified message can be passed to one of these functions, and the function may return a result indicating a valid signature, even if the message has not been legitimately signed. This flaw affects both inline signed messages and signed-and-encrypted messages. The advisory also states that to spoof a message, an attacker needs a single valid message signature along with the plaintext data that was legitimately signed. They can then construct a fake message that appears legitimately signed.

Users are strongly advised to upgrade to versions 5.11.3 or 6.1.1 as soon as possible to mitigate the risk. Versions 4.x are not affected by the vulnerability. While a full write-up and proof-of-concept exploit are expected to be released soon, the current advisory offers enough details to highlight the severity of the issue. The underlying problem is that OpenPGP.js trusts the signing process without properly verifying it, leaving users open to having signed and encrypted messages spoofed. This vulnerability allows message signature verification to be spoofed.

Recommended read:
References :
  • The Register - Software: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
  • thecyberexpress.com: A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.
  • Security Affairs: A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. OpenPGP.js is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption.
  • www.csoonline.com: Critical flaw in OpenPGP.js raises alarms for encrypted email services
  • www.techradar.com: Researchers found a bug that allowed malicious actors to spoof messages. Users are advised to patch up.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures; updates have been released to address the flaw.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures

@thequantuminsider.com //
Project Eleven has launched the QDay Prize, an open competition offering one Bitcoin, currently valued around $84,000 to $85,000, to anyone who can break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer. This initiative aims to evaluate the proximity of quantum computing to undermining ECC, a widely used encryption scheme. Participants must demonstrate the ability to break ECC using Shor's algorithm, without classical shortcuts or hybrid methods and submissions must include gate-level code and system specifications, all made publicly available for transparency.

The competition is structured around progressively larger ECC key sizes, starting from 1-bit keys, with an emphasis on demonstrating generalizable techniques that can scale to full cryptographic key lengths. The challenge, running until April 5, 2026, seeks to rigorously benchmark the real-world quantum threat to Bitcoin’s core security system. Project Eleven emphasizes that even successful attacks on small keys would be significant milestones, offering valuable insights into the security risks in modern cryptographic systems.

Participants can use publicly accessible quantum hardware or private systems, and are expected to handle error-prone qubit environments realistically, given current hardware fidelities. Breaking even a few bits of a private key would be considered a significant achievement, according to Project Eleven. The QDay Prize hopes to establish a verifiable and open marker of when practical quantum attacks against widely used encryption systems may emerge, highlighting the urgency of understanding how close current technologies are to threatening ECC security.

Recommended read:
References :
  • thequantuminsider.com: Quantum Contest Offers 1 Bitcoin for Cracking Encryption With Shor’s Algorithm
  • Bitcoin News: Project Eleven believes this would be an extremely hard task, and achieving even a few bits of a private key would be big news.
  • Quantum Computing Report: Project Eleven (P11) has announced the QDay Prize, an open competition offering a reward of one Bitcoin (current value about $85,000) for demonstrating the ability to break elliptic curve cryptography (ECC) using Shor’s algorithm on a quantum computer.
  • quantumcomputingreport.com: Project Eleven’s QDay Prize Offers 1 Bitcoin for Breaking Elliptic Curve Cryptography Using Shor’s Algorithm