FlagThis - #cryptography

The UK's National Cyber Security Centre (NCSC) has released a roadmap for transitioning to post-quantum cryptography (PQC), establishing key dates for organizations to assess risks, define strategies, and fully transition by 2035. This initiative aims to mitigate the future threat of quantum computers, which could potentially break today's widely used encryption methods. The NCSC’s guidance recognizes that PQC migration is a complex and lengthy process requiring significant planning and investment.

By 2028, organizations are expected to complete a discovery phase, identifying systems and services reliant on cryptography that need upgrades, and draft a migration plan. High-priority migration activities should be completed by 2031, with infrastructure prepared for a full transition. The NCSC emphasizes that these steps are essential for addressing quantum threats and improving overall cyber resilience. Ali El Kaafarani, CEO of PQShield, noted that these timelines give clear instructions to protect the UK’s digital future.

Researchers have also introduced ZKPyTorch, a compiler that integrates ML frameworks with ZKP engines to simplify the development of zero-knowledge machine learning (ZKML). ZKPyTorch automates the translation of ML operations into optimized ZKP circuits and improves proof generation efficiency. Through case studies, ZKPyTorch successfully converted VGG-16 and Llama-3 models into ZKP-compatible circuits.


References :

• The Quantum Insider: UK Sets Timeline, Road Map for Post-Quantum Cryptography Migration
• The Register - Security: The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC
• Dhole Moments: Post-Quantum Cryptography Is About The Keys You Don’t Play
• IACR News: ePrint Report: An Optimized Instantiation of Post-Quantum MQTT protocol on 8-bit AVR Sensor Nodes YoungBeom Kim, Seog Chung Seo Since the selection of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization algorithms, research on integrating PQC into security protocols such as TLS/SSL, IPSec, and DNSSEC has been actively pursued. However, PQC migration for Internet of Things (IoT) communication protocols remains largely unexplored. Embedded devices in IoT environments have limited computational power and memory, making it crucial to optimize PQC algorithms for efficient computation and minimal memory usage when deploying them on low-spec IoT devices. In this paper, we introduce KEM-MQTT, a lightweight and efficient Key Encapsulation Mechanism (KEM) for the Message Queuing Telemetry Transport (MQTT) protocol, widely used in IoT environments. Our approach applies the NIST KEM algorithm Crystals-Kyber (Kyber) while leveraging MQTT’s characteristics and sensor node constraints. To enhance efficiency, we address certificate verification issues and adopt KEMTLS to eliminate the need for Post-Quantum Digital Signatures Algorithm (PQC-DSA) in mutual authentication. As a result, KEM-MQTT retains its lightweight properties while maintaining the security guarantees of TLS 1.3. We identify inefficiencies in existing Kyber implementations on 8-bit AVR microcontrollers (MCUs), which are highly resource-constrained. To address this, we propose novel implementation techniques that optimize Kyber for AVR, focusing on high-speed execution, reduced memory consumption, and secure implementation, including Signed LookUp-Table (LUT) Reduction. Our optimized Kyber achieves performance gains of 81%,75%, and 85% in the KeyGen, Encaps, and DeCaps processes, respectively, compared to the reference implementation. With approximately 3 KB of stack usage, our Kyber implementation surpasses all state-of-the-art Elliptic Curve Diffie-Hellman (ECDH) implementations. Finally, in KEM-MQTT using Kyber-512, an 8-bit AVR device completes the handshake preparation process in 4.32 seconds, excluding the physical transmission and reception times.
• The Quantum Insider: ETSI Launches New Security Standard for Quantum-Safe Hybrid Key Exchanges
• billatnapier.medium.com: Xmas Coming Early: OpenSSL Finally Enters a Quantum World

Classification:

• HashTags: #PostQuantum #Cryptography #ZeroKnowledgeProofs
• Company: Cryptography
• Target: Security
• Product: Cryptography
• Feature: ZeroKnowledge
• Type: Crypto
• Severity: Major

Google Cloud has launched quantum-safe digital signatures within its Cloud Key Management Service (Cloud KMS), now available in preview. This cybersecurity enhancement prepares users against future quantum threats by aligning with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) standards. The upgrade provides developers with the necessary tools to protect encryption.

Google's implementation integrates NIST-standardized algorithms FIPS 204 and FIPS 205, enabling signing and validation processes resilient to attacks from quantum computers. By incorporating these protocols into Cloud KMS, Google enables enterprises to future-proof authentication workflows, which is particularly important for systems requiring long-term security, such as critical infrastructure firmware or software update chains. This allows organizations to manage quantum-safe keys alongside classical ones, facilitating a phased migration.


References :

• gbhackers.com: Google Introduces Quantum-Safe Digital Signatures in Cloud KMS
• BleepingComputer: Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview.
• Talkback Resources: Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats [cloud] [crypto]
• gbhackers.com: Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview.
• www.bleepingcomputer.com: BleepingComputer reports on Quantum-Safe Digital Signatures.
• The Quantum Insider: Google Expands Post-Quantum Cryptography Support with Quantum-Safe Digital Signatures

Classification:

• HashTags: #quantumcomputing #cryptography #cybersecurity
• Company: Google
• Target: Google Cloud Customers
• Product: Cloud KMS
• Feature: quantum-safe signatures
• Type: ProductUpdate
• Severity: Informative