CyberSecurity news

FlagThis - #postquantum

@quantumcomputingreport.com //
References: medium.com , medium.com , medium.com ...
The rapid advancement of quantum computing poses a significant threat to current encryption methods, particularly RSA, which secures much of today's internet communication. Google's recent breakthroughs have redefined the landscape of cryptographic security, with researchers like Craig Gidney significantly lowering the estimated quantum resources needed to break RSA-2048. A new study indicates that RSA-2048 could be cracked in under a week using fewer than 1 million noisy qubits, a dramatic reduction from previous estimates of around 20 million qubits and eight hours of computation. This shift accelerates the timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption, impacting everything from email to financial transactions.

This vulnerability stems from the ability of quantum computers to utilize Shor's algorithm for factoring large numbers, a task prohibitively difficult for classical computers. Google's innovation involves several technical advancements, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes with sparse lookups. These improvements streamline modular arithmetic, reduce the depth of quantum circuits, and minimize overhead in fault-tolerant quantum circuits, collectively reducing the physical qubit requirement to under 1 million while maintaining a relatively short computation time.

In response to this threat, post-quantum cryptography (PQC) is gaining momentum. PQC refers to cryptographic algorithms designed to be secure against both classical and quantum attacks. NIST has already announced the first set of quantum-safe algorithms for standardization, including FrodoKEM, a key encapsulation protocol offering a simple design and strong security guarantees. The urgency of transitioning to quantum-resistant cryptographic systems is underscored by ongoing advances in quantum computing. While the digital world relies on encryption, the evolution to AI and quantum computing is challenging the security. Professionals who understand both cybersecurity and artificial intelligence will be the leaders in adapting to these challenges.

Recommended read:
References :
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than…
  • quantumcomputingreport.com: Significant Theoretical Advancement in Factoring 2048 Bit RSA Integers
  • medium.com: Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security.
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers.
  • medium.com: Securing the Internet of Things: Why Post-Quantum Cryptography Is Critical for IoT’s Future
  • medium.com: Quantum Resilience Starts Now: Building Secure Infrastructure with Hybrid Cryptography
  • medium.com: Quantum-Resistant Cryptography: Preparing Your Code for Post-Quantum Era

@www.microsoft.com //
References: mfesgin.github.io , IACR News , medium.com ...
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.

The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes.

In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions.

Recommended read:
References :
  • mfesgin.github.io: PhD and Post-Doc in Post-Quantum Cryptography
  • IACR News: Zero-Trust Post-quantum Cryptography Implementation Using Category Theory
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • medium.com: NIST Approves Three Post-Quantum Cryptography Standards: A Milestone for Digital Security
  • medium.com: Should Post-Quantum Cryptography Start Now? The Clock Is Ticking

@www.microsoft.com //
References: cyberinsider.com , Dan Goodin , medium.com ...
Microsoft is taking a significant step towards future-proofing cybersecurity by integrating post-quantum cryptography (PQC) into Windows Insider builds. This move aims to protect data against the potential threat of quantum computers, which could render current encryption methods vulnerable. The integration of PQC is a critical step toward quantum-resilient cybersecurity, ensuring that Windows systems can withstand attacks from more advanced computing power in the future.

Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility. This is being done in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.

The urgency behind this transition stems from the "harvest now, decrypt later" threat, where malicious actors store encrypted communications today, with the intent to decrypt them once quantum computers become capable. These captured secrets, such as passwords, encryption keys, or medical data, could remain valuable to attackers for years to come. By adopting PQC algorithms, Microsoft aims to safeguard sensitive information against this future risk, emphasizing the importance of starting the transition now.

Recommended read:
References :
  • cyberinsider.com: Microsoft has begun integrating post-quantum cryptography (PQC) into Windows Insider builds, marking a critical step toward quantum-resilient cybersecurity. Microsoft announced the availability of PQC support in Windows Insider Canary builds (27852 and above). This release allows developers and organizations to begin experimenting with PQC in real-world environments, assessing integration challenges, performance trade-offs, and compatibility with …
  • Dan Goodin: Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in an attempt to jump-start what’s likely to be the most formidable and important technology transition in modern history.
  • Red Hat Security: In their article on post-quantum cryptography, Emily Fox and Simo Sorce explained how Red Hat is integrating post-quantum cryptography (PQC) into our products. PQC protects confidentiality, integrity and authenticity of communication and data against quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves feasible. Cryptographically relevant quantum computers (CRQCs) are not known to exist yet, but continued advances in research point to a future risk of successful attacks. While the migration to algorithms resistant against such
  • medium.com: Post-Quantum Cryptography Is Arriving on Windows & Linux
  • www.microsoft.com: The recent advances in quantum computing offer many advantages—but also challenge current cryptographic strategies. Learn how FrodoKEM could help strengthen security, even in a future with powerful quantum computers. The post first appeared on .
  • arstechnica.com: For the first time, new quantum-safe algorithms can be invoked using standard Windows APIs.

@The Cryptography Caffe? ? //
The UK's National Cyber Security Centre (NCSC) has released a roadmap for transitioning to post-quantum cryptography (PQC), establishing key dates for organizations to assess risks, define strategies, and fully transition by 2035. This initiative aims to mitigate the future threat of quantum computers, which could potentially break today's widely used encryption methods. The NCSC’s guidance recognizes that PQC migration is a complex and lengthy process requiring significant planning and investment.

By 2028, organizations are expected to complete a discovery phase, identifying systems and services reliant on cryptography that need upgrades, and draft a migration plan. High-priority migration activities should be completed by 2031, with infrastructure prepared for a full transition. The NCSC emphasizes that these steps are essential for addressing quantum threats and improving overall cyber resilience. Ali El Kaafarani, CEO of PQShield, noted that these timelines give clear instructions to protect the UK’s digital future.

Researchers have also introduced ZKPyTorch, a compiler that integrates ML frameworks with ZKP engines to simplify the development of zero-knowledge machine learning (ZKML). ZKPyTorch automates the translation of ML operations into optimized ZKP circuits and improves proof generation efficiency. Through case studies, ZKPyTorch successfully converted VGG-16 and Llama-3 models into ZKP-compatible circuits.

Recommended read:
References :
  • The Quantum Insider: UK Sets Timeline, Road Map for Post-Quantum Cryptography Migration
  • The Register - Security: The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC
  • Dhole Moments: Post-Quantum Cryptography Is About The Keys You Don’t Play
  • IACR News: ePrint Report: An Optimized Instantiation of Post-Quantum MQTT protocol on 8-bit AVR Sensor Nodes YoungBeom Kim, Seog Chung Seo Since the selection of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization algorithms, research on integrating PQC into security protocols such as TLS/SSL, IPSec, and DNSSEC has been actively pursued. However, PQC migration for Internet of Things (IoT) communication protocols remains largely unexplored. Embedded devices in IoT environments have limited computational power and memory, making it crucial to optimize PQC algorithms for efficient computation and minimal memory usage when deploying them on low-spec IoT devices. In this paper, we introduce KEM-MQTT, a lightweight and efficient Key Encapsulation Mechanism (KEM) for the Message Queuing Telemetry Transport (MQTT) protocol, widely used in IoT environments. Our approach applies the NIST KEM algorithm Crystals-Kyber (Kyber) while leveraging MQTT’s characteristics and sensor node constraints. To enhance efficiency, we address certificate verification issues and adopt KEMTLS to eliminate the need for Post-Quantum Digital Signatures Algorithm (PQC-DSA) in mutual authentication. As a result, KEM-MQTT retains its lightweight properties while maintaining the security guarantees of TLS 1.3. We identify inefficiencies in existing Kyber implementations on 8-bit AVR microcontrollers (MCUs), which are highly resource-constrained. To address this, we propose novel implementation techniques that optimize Kyber for AVR, focusing on high-speed execution, reduced memory consumption, and secure implementation, including Signed LookUp-Table (LUT) Reduction. Our optimized Kyber achieves performance gains of 81%,75%, and 85% in the KeyGen, Encaps, and DeCaps processes, respectively, compared to the reference implementation. With approximately 3 KB of stack usage, our Kyber implementation surpasses all state-of-the-art Elliptic Curve Diffie-Hellman (ECDH) implementations. Finally, in KEM-MQTT using Kyber-512, an 8-bit AVR device completes the handshake preparation process in 4.32 seconds, excluding the physical transmission and reception times.
  • The Quantum Insider: ETSI Launches New Security Standard for Quantum-Safe Hybrid Key Exchanges
  • billatnapier.medium.com: Xmas Coming Early: OpenSSL Finally Enters a Quantum World