RSAC panel debates confidence in post-quantum cryptography

Lattice-based cryptography is a proposed answer to the post-quantum cryptography dilemma, but a recently published paper cast doubt on this theory.
While it appears to be a false alarm, experts were left questioning their confidence in PQC efforts.
Shanghai researcher Yilei Chen claimed in April 2024 to be able to use a quantum computer to find the shortest vectors in a lattice in polynomial time - a discovery that could have rendered lattice-based cryptography inefficient.
This naturally rattled the quantum industry because many of the algorithms NIST is evaluating are lattice-based.
Experts converged quickly to examine Chen's paper for legitimacy and soon found an error.
At RSA Conference 2024's Cryptographers' Panel, leaders in the field discussed the paper and whether it lowered their confidence in the PQC algorithms NIST might standardize by the end of summer.
Adi Shamir, co-creator of the RSA algorithm and Borman professor of computer science at the Weizmann Institute in Israel, said researchers aren't yet sure if the paper's error can be solved or if it will indeed result in lattice-based cryptography being vulnerable.
The event has left people questioning the PQC algorithms expected to be standardized soon.
Tal Rabin, senior principal applied scientist at AWS and professor at the University of Pennsylvania, implored the industry to continue to look for PQC solutions as it continues to test whether proposed algorithms can withstand attacks.
In some ways, assumptions are a social belief system, she said, adding that the cryptographic assumption is that PQC algorithms are considered reasonably secure and the longer they remain so, trust in them increases.
Craig Gentry, CTO at cybersecurity vendor TripleBlind, said he felt more optimistic about PQC because the error in the paper showed there currently isn't a viable attack method.
Debbie Taylor Moore, vice president and senior partner of cybersecurity at IBM Consulting, added she felt there was no need to panic because so many people continue to offer input on PQC. Rabin partially agreed but said the fact that it took eight days to find an error in Chen's paper has lit a fire under people to increase testing of the NIST PQC algorithms just in case.
Despite the fact that quantum computing might not be ready for prime time for another five to 10 years, C-suites should continue - or start - developing their post-quantum migration efforts, Moore said.
A key component of this is how companies can protect their data now.
A major worry is that attackers harvest encrypted data now and crack it later using PQC algorithms.
Whitfield Diffie, co-creator of Diffie-Hellman key exchange, ForMemRS and honorary fellow at Gonville and Caius College, Cambridge, said he understands the worry about data harvesting in particular and that he has heard complaints about it at another conference he attended.
To counter the issue, Rabin recommended adopting a multilayer, hybrid cryptographic approach of using PQC alongside current algorithms, such as RSA and other public-key methods, to strengthen encryption.
Apple did this in February 2024 when it announced PQ3, a PQC protocol for iMessage that offers a hybrid method to secure encrypted data against both future quantum computing attacks and current data harvesting efforts.
The experts also recommended organizations stop using public-key cryptography for data that needs to remain encrypted for longer than a decade from now.
Kyle Johnson is technology editor for TechTarget Security.


This Cyber News was published on www.techtarget.com. Publication date: Tue, 14 May 2024 16:13:06 +0000


Cyber News related to RSAC panel debates confidence in post-quantum cryptography

Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 month ago Aws.amazon.com
DORA and your quantum-safe cryptography migration - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. New requirements for financial entities in the EU. DORA lays out a set of requirements across ICT risk management, incident ...
9 months ago Securityintelligence.com
Quantum computing: The data security conundrum - One of the biggest challenges of digital technology today is around security systems and data. While this has proven successful, advancements in quantum computing - which utilises quantum mechanics to solve complex problems faster than conventional ...
8 months ago Itsecurityguru.org
IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
11 months ago Silicon.co.uk
Post-Quantum Cryptography Alliance Launches to Advance Post-Quantum Cryptography - PRESS RELEASE. SAN FRANCISCO, Feb. 6, 2024 /PRNewswire/ - The Linux Foundation is excited to announce the launch of the Post-Quantum Cryptography Alliance, an open and collaborative initiative to drive the advancement and adoption of post-quantum ...
9 months ago Darkreading.com
Getting your organisation post-quantum ready - While quantum computing is still very much in its early stages, it's important that companies are already thinking about this evolving technology - and more importantly implementing and stress testing much needed solutions suitable for a post-quantum ...
11 months ago Cybersecurity-insiders.com
Quantum computing will enable a safer, more secure world - Today's media narrative around quantum computing's role in cybersecurity is overwhelmingly negative, because quantum computers will render today's encryption standards redundant, leaving much of our data at risk of being decoded. First, it's ...
10 months ago Cybersecurity-insiders.com
Tech Giants Form Post-Quantum Cryptography Alliance - The Linux Foundation today announced the launch of the Post-Quantum Cryptography Alliance, an initiative to advance and drive the adoption of post-quantum cryptography. Founded by AWS, Cisco, IBM, IntellectEU, Nvidia, QuSecure, SandboxAQ, and the ...
9 months ago Securityweek.com
Safeguard Your Network in a Post-Quantum World - There is an imminent threat to existing cryptography with the advent of quantum computers. A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition. Thus, a ...
9 months ago Feedpress.me
It's time to bolster defenses for an AI / Quantum Future - The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption. Quantum is ...
8 months ago Cybersecurity-insiders.com
RSAC panel debates confidence in post-quantum cryptography - Lattice-based cryptography is a proposed answer to the post-quantum cryptography dilemma, but a recently published paper cast doubt on this theory. While it appears to be a false alarm, experts were left questioning their confidence in PQC efforts. ...
5 months ago Techtarget.com
What You Need to Know to Embrace the Imminent Quantum Shift for Your Cryptography Future - Cryptography has long been essential in ensuring the protection of data and communication networks. Remaining reliant on outdated cryptographic standards certainly adds to the dangers of compromise. As we usher in an era of cloud-scaling and quantum ...
7 months ago Cyberdefensemagazine.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
10 months ago Securityboulevard.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
How Communications Companies Can Prepare for Q-Day - After a grueling eight years of testing, the National Institute of Standards and Technology (NIST) has finalized the first three algorithms that will form the backbone of the world's strategy to counter the potential threats of quantum ...
1 month ago Darkreading.com
The Impacts of Quantum Computing on Cryptocurrency in 2023 - The development of quantum computers has caused a lot of concern in the security world, as they are believed to be able to crack current public key encryption (PKI) in a relatively short amount of time. This is known as the cryptopocalypse, and it is ...
1 year ago Securityweek.com
Satellites for quantum communications - Through steady advances in the development of quantum computers and their ever-improving performance, it will be possible in the future to crack our current encryption processes. To safeguard communications over long distances, the QUICK³ space ...
7 months ago Sciencedaily.com
Google's Post-Quantum Upgrade Doesn't Mean We're All Protected Yet - Google's announcement was the product of a long chain of events, triggered by NIST choosing Kyber as the candidate for general encryption last year. As a result, Google has announced that it has added Kyber, beginning with version 116 of its Chrome ...
7 months ago Darkreading.com
China plans to take 'hack-proof' quantum satellite technology to new heights - China is planning new, cutting-edge quantum communications satellites. China launched the first dedicated quantum communications satellite, named Micius, in 2016, and has been quietly working on followup missions in the years since. "Low Earth orbit ...
11 months ago Space.com
Breakthrough promises secure quantum computing at home - The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies, thanks to a breakthrough by scientists at Oxford University Physics guaranteeing security and privacy. This advance promises to ...
6 months ago Sciencedaily.com
Accenture and SandboxAQ Collaborate to Help Organizations Protect Data - PRESS RELEASE. NEW YORK; Jan. 16, 2024 - Accenture and SandboxAQ are partnering to deliver artificial intelligence and quantum computing solutions to help organizations identify and remediate cybersecurity vulnerabilities. According to recent ...
9 months ago Darkreading.com
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords - SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world's dependence on passwords-a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance ...
4 months ago Itsecurityguru.org
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords - SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world's dependence on passwords-a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance ...
4 months ago Itsecurityguru.org
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords - SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world's dependence on passwords-a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance ...
4 months ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)