CyberSecurityBoard
Sponsor Register Login

Implementation Flaws Identified in Post-Quantum Encryption Algorithm

Two implementation flaws have been identified in the Kyber key encapsulation mechanism, an encryption standard intended to safeguard networks from future attacks by quantum computers.
The encryption standard Kyber key encapsulation mechanism, designed to protect networks from future assaults by quantum computers, has two implementation vulnerabilities.
On December 1st, Franziskus Kiefer, Goutam Tamvada, and Karthikeyan Bhargavan-all researchers at the cybersecurity firm Cryspen-reported the vulnerabilities to Kyber's development team.
The encryption standard had a patch released immediately, but since it wasn't classified as a security vulnerability, Cryspen started notifying projects in advance that they needed to implement the fix as of December 15.
Google, Signal, and Mullvad VPN have all adopted versions of the Kyber post-quantum encryption standard; however, Mullvad VPN has since confirmed that the vulnerability does not affect their services.
Kyber was first submitted for assessment to the US National Institute of Standards and Technology in 2017, as part of the organisation's competition to test and approve an encryption standard capable of safeguarding networks against future quantum computer attacks.
Several algorithms put into the NIST competition were demonstrated to be susceptible to conventional attacks.
These include the Rainbow and SIKE standards, the latter of which was overcome by KU Leuven researchers in 2022 in less than an hour using an average computer.
In February 2023, a team from Sweden's KTH Royal Institute of Technology used highly complex deep learning-based side-channel attacks to destabilise Kyber's official implementation, CRYSTALS-Kyber.
This approach was one of six for which NIST published draft standards last summer, with plans to finalise the competition later this year.
The Kyber KEM has been adopted by a number of major organisations.
Google announced in August 2023 that it will be employing Kyber-768 as a part of a hybrid system to safeguard Chrome browser traffic at the transport layer security level.
This hybrid approach to leveraging post-quantum encryption standards is intended to safeguard network traffic against attack in case that new vulnerabilities are discovered.
Since the KyberSlash vulnerabilities were identified, the researchers say that patches have been implemented by the Kyber development team and AWS. The team also cited a GitHub library written by Kudelski Security.
When approached by a local media outlet, the cybersecurity firm stated that the listed code was not utilised in any of its commercial products and should not be used in production, but that it had still incorporated a patch for the KyberSlash vulnerabilities in a new version of the library.
Cheng believes it is a significant step forward for the post-quantum encryption community because its focus on flaws has shifted from vulnerabilities in the mathematics that underpins the standards to implementation attacks.


This Cyber News was published on www.cysecurity.news. Publication date: Thu, 11 Jan 2024 16:13:03 +0000


Cyber News related to Implementation Flaws Identified in Post-Quantum Encryption Algorithm

Quantum computing: The data security conundrum - One of the biggest challenges of digital technology today is around security systems and data. While this has proven successful, advancements in quantum computing - which utilises quantum mechanics to solve complex problems faster than conventional ...
4 months ago Itsecurityguru.org
IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
7 months ago Silicon.co.uk
Quantum computing will enable a safer, more secure world - Today's media narrative around quantum computing's role in cybersecurity is overwhelmingly negative, because quantum computers will render today's encryption standards redundant, leaving much of our data at risk of being decoded. First, it's ...
6 months ago Cybersecurity-insiders.com
Strong Encryption Explained: 6 Encryption Best Practices - Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. Even the strongest ...
6 months ago Esecurityplanet.com
What Is Encryption? Definition, How it Works, & Examples - To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security. Symmetric encryption will typically be ...
7 months ago Esecurityplanet.com
It's time to bolster defenses for an AI / Quantum Future - The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption. Quantum is ...
4 months ago Cybersecurity-insiders.com
Types of Encryption, Methods & Use Cases - Encryption category types will explain the overarching and basic categories of classification for encryption, including the two most important: symmetric and asymmetric encryption. Encryption tool types will discuss the major classifications of ...
7 months ago Esecurityplanet.com
Getting your organisation post-quantum ready - While quantum computing is still very much in its early stages, it's important that companies are already thinking about this evolving technology - and more importantly implementing and stress testing much needed solutions suitable for a post-quantum ...
7 months ago Cybersecurity-insiders.com
The Linux Foundation and its partners are working on cryptography for the post-quantum world - We know the end of the line is in sight for classical cryptography. All the security encryption that protects our bank accounts, websites, and credit cards today will eventually be broken. When Q-Day comes, which is the day quantum computers can ...
4 months ago Zdnet.com
Post-Quantum Cryptography Alliance Launches to Advance Post-Quantum Cryptography - PRESS RELEASE. SAN FRANCISCO, Feb. 6, 2024 /PRNewswire/ - The Linux Foundation is excited to announce the launch of the Post-Quantum Cryptography Alliance, an open and collaborative initiative to drive the advancement and adoption of post-quantum ...
5 months ago Darkreading.com
DORA and your quantum-safe cryptography migration - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. New requirements for financial entities in the EU. DORA lays out a set of requirements across ICT risk management, incident ...
5 months ago Securityintelligence.com
Safeguard Your Network in a Post-Quantum World - There is an imminent threat to existing cryptography with the advent of quantum computers. A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition. Thus, a ...
5 months ago Feedpress.me
Business Data Encryption: Protecting Sensitive Information - In addition to implementing encryption technologies and policies, organizations should prioritize employee training on data encryption. By selecting the appropriate encryption technologies, implementing strong encryption policies, and training ...
4 months ago Securityzap.com
Tech Giants Form Post-Quantum Cryptography Alliance - The Linux Foundation today announced the launch of the Post-Quantum Cryptography Alliance, an initiative to advance and drive the adoption of post-quantum cryptography. Founded by AWS, Cisco, IBM, IntellectEU, Nvidia, QuSecure, SandboxAQ, and the ...
5 months ago Securityweek.com
Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach - Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. Symmetric and asymmetric encryption as ways of ...
1 week ago Cybersecurity-insiders.com
Implementation Flaws Identified in Post-Quantum Encryption Algorithm - Two implementation flaws have been identified in the Kyber key encapsulation mechanism, an encryption standard intended to safeguard networks from future attacks by quantum computers. The encryption standard Kyber key encapsulation mechanism, ...
5 months ago Cysecurity.news
The 6 Best Encryption Software - Though encryption could still be broken or cracked, strong encryption is nearly impenetrable. Top encryption software: Comparison table Top encryption software BitLocker: Best for Windows environments. It's an excellent choice for encryption software ...
1 month ago Techrepublic.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
6 days ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 days ago Helpnetsecurity.com
What You Need to Know to Embrace the Imminent Quantum Shift for Your Cryptography Future - Cryptography has long been essential in ensuring the protection of data and communication networks. Remaining reliant on outdated cryptographic standards certainly adds to the dangers of compromise. As we usher in an era of cloud-scaling and quantum ...
3 months ago Cyberdefensemagazine.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
5 months ago Feeds.dzone.com
Breakthrough promises secure quantum computing at home - The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies, thanks to a breakthrough by scientists at Oxford University Physics guaranteeing security and privacy. This advance promises to ...
2 months ago Sciencedaily.com
An overview of storage encryption for enterprises - Storage encryption is a key element in keeping enterprise data safe. Most enterprises use a combination of encryption methods to protect their data on premises, in motion and in the cloud, so it's important to understand the different types and best ...
1 month ago Techtarget.com
The Impacts of Quantum Computing on Cryptocurrency in 2023 - The development of quantum computers has caused a lot of concern in the security world, as they are believed to be able to crack current public key encryption (PKI) in a relatively short amount of time. This is known as the cryptopocalypse, and it is ...
1 year ago Securityweek.com
China plans to take 'hack-proof' quantum satellite technology to new heights - China is planning new, cutting-edge quantum communications satellites. China launched the first dedicated quantum communications satellite, named Micius, in 2016, and has been quietly working on followup missions in the years since. "Low Earth orbit ...
7 months ago Space.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)