David Williams’ Post

The need for crypto agility is more apparent now than ever. The ability to quickly switch to alternative cryptographic algorithms or parameters, is essential in mitigating such risks. At Chunk Works, we empower organizations with QuSec® our leading solution for crypto agility. Organizations can stay ahead of evolving threats and ensure the integrity and security of their systems and data. It's a critical aspect of maintaining resilience in an increasingly complex digital landscape.

It continues to be a turbulent time for PQC. While the claim from earlier this month about a substantial weakness in lattice-based algorithms was found to have a significant math error in the proof invalidating the claim, the post below outlines a potentially significant setback for Falcon - the second of two digital signature algorithms selected by NIST. Crypto-agility. Crypto-agility. Crypto-agility. #quantropi #pqc #cryptography #quantum #quantumcomputing #postquantum #quantumalgorithms #security #privacy #cybersecurity

Yet another attack against post quantum cryptography... This time, researchers target 𝐅𝐚𝐥𝐜𝐨𝐧, one of NIST's selected algorithms for digital signatures. In a nutshell, this new paper claims that, due to special properties of Falcon lattices, the complexity of breaking a Falcon lattice of rank n can be reduced to rank n/2. To reach NIST security level 5 (the most secure level), a rank n=1024 must be used. If confirmed, halving this rank would demote Falcon to security level 1 (the least secure) ⚠ A workaround would be an attempt to fall back to n=2048, but the performance hit seems to be huge. The good news: CRYSTALS lattices seem to be unaffected. #security #quantumcomputing Nigel Smart Duncan Jones Jaime Gómez García Sanjay Vishwakarma Dat Nguyen Prof Bill Buchanan OBE FRSE

A new paper was published a few days ago proposing novel methods to consider using to attack Lattice algorithms.     Professor Phong Q. Nguyen, Director of Research in Computer Science at PSL Universite Paris is one of the elder statesman of lattice analysis with a strong track record defeating proposed systems. The work looks mathematically strong at first glance and applies to some popular PQA proposals where the lattices have extra structure, most notably FALCON which is one of the 4th round finalists in NIST standardizations process. The work shows how the ”effective dimension” of the problem could be roughly halved which would roughly halve the bits of security.   It is clear that the usefulness of FALCON must now be very carefully studied.   With Rainbow and SIKE already broken, and novel approaches to weaken Lattices now coming forward in some depth from the research community, it is no longer credible to confidently assert that Lattices can yet be relied upon solely. This is of course why the US Government issued National Security Memorandum 10, instructing National Security System users to move to Symmetric Key protections. Our announcement with Intel yesterdays shows that Arqit has the solution, in a Symmetric Key Agreement platform that is not only provably quantum safe, it is orchestrated from the cloud with no hardware required and now incredibly easy to deploy with Generally Available integrations with very important global vendors like Intel Corporation.    https://lnkd.in/d6MeEz2t #Lattice #PQA #PostQuantum #Cryptography #Encryption

Professor Phong Q. Nguyen , Director of Research in Computer Science at PSL Universite Paris is one of the elder statesman of lattice analysis with a strong track record in defeating proposed systems. The work looks mathematically strong at first glance and applies to some popular PQA proposals where the lattices have extra structure, most notably FALCON which is one of the 4th round finalists in NIST standardizations process.   It is clear that the usefulness of FALCON must now be very carefully studied.   With Rainbow and SIKE already broken, and novel approaches to weaken Lattices now coming forward in some depth from the research community, it is no longer credible to confidently assert that Lattices can yet be relied upon solely. This is of course why the US Government issued National Security Memorandum 10, instructing National Security System users to move to Symmetric Key protections. Our announcement with Intel Corporation yesterday shows that Arqit has the solution, in a Symmetric Key Agreement platform that is not only provably quantum safe, it is orchestrated from the cloud with no hardware required and now incredibly easy to deploy with Generally Available integrations with very important global vendors like Intel.  https://lnkd.in/d6MeEz2t #Lattice #PQA #Cryptography #PostQuantum

My recent research publication in IEEE Xplore Title: Post-Quantum Cryptography Neural Network DOI: 10.1109/ICSSES58299.2023.10201083 URL: https://lnkd.in/g3a2ggkm Abstract: In recent years, quantum computers and Shor's quantum algorithm have been able to effectively solve NP (Non-deterministic Polynomial-time) problems such as prime factorization and discrete logarithm problems, posing a threat to current mainstream asymmetric cryptography, including RSA and Elliptic Curve Cryptography (ECC). As a result, the National Institute of Standards and Technology (NIST) in the United States call for Post-Quantum Cryptography (PQC) methods that include lattice-based cryptography methods, code-based cryptography methods, multivariate cryptography methods, and hash-based cryptography methods for resisting quantum computing attacks. Therefore, this study proposes a PQC neural network that maps a code-based PQC method to a neural network structure and enhances the security of ciphertexts with non-linear activation functions, random perturbation of ciphertexts, and uniform distribution of ciphertexts. The main innovations of this study include: (1) constructing a neural network structure that complies with code-based PQC, where the weight sets between the input layer and the ciphertext layer can be used as a public key for encryption, and the weight sets between the ciphertext layer and the output layer can be used as a private key for decryption; (2) adding random perturbations to the ciphertext layer, which can be removed during the decryption phase to restore the original plaintext; (3) constraining the output values of the ciphertext layer to follow a uniform distribution with a significant similarity by adding the cumulative distribution function (CDF) values of the chi-square distribution to the loss function, ensuring that the neural network produces sufficiently uniform distribution for the output values of the ciphertext layer. In practical experiments, this study uses cellular network signals as a case study to demonstrate that encryption and decryption can be performed by the proposed PQC neural network with the uniform distribution of ciphertexts. In the future, the proposed PQC neural network could be applied to various applications.

Ten days ago, a paper emerged on the IACR eprint platform without the backing of a renowned journal or conference. This paper claimed to have compromised Lattice-Based Cryptography, specifically targeting the Learning with Errors problem. This revelation surprised many, given the robustness of Lattice-based cryptosystems, especially as NIST is in the process of standardising two such systems, KYBER and Dilithium, in the ongoing PQC competition. Fortunately, on April 18th, the author himself admitted to uncovering a significant flaw in the attack. Nevertheless, it's essential to proceed with caution. Further thorough analysis and testing are crucial to ensuring a smooth transition to quantum cryptographic methods. A big thank you goes out to Dr. Nigel Smart for his invaluable insights and meticulous examination of this matter. The attack https://lnkd.in/dysCeMvB Dr. Nigel Smart detailed analysis https://lnkd.in/dExshXMz

As we move closer to the advent of #quantumcomputers, it's essential that we prepare our #cryptographicsystems for potential attacks. Lattice-based cryptosystems have been touted as a promising solution, but recent research has shown that they may not be as secure as previously thought. A paper by Yilei Chen from Tsinghua University in Beijing proposed a quantum attack on lattice problems, which could potentially break fully homomorphic encryption schemes and compromise key-exchange and signature schemes. However, the researchers quickly discovered a critical mistake in the paper's math, rendering the attack ineffective for now. While this may seem like a setback, it highlights the importance of continued research into quantum cryptanalysis and the need for #cryptoagility - being able to easily swap algorithms as new breakthroughs emerge. It also underscores the value of peer review in ensuring that cryptographic systems are robust against potential attacks. As we move forward with #postquantumcryptography standardization efforts, let's remember that security is an ongoing process. By staying vigilant and adapting to new research, we can ensure that our cryptographic systems remain strong for years to come. Great blog from Bruce Schneier! - link in comments

A new molecular test method helps to prove the authenticity of works of art. The new method could also help to make passwords secure against quantum computers. In brief: 🧬One-way functions are central to cryptography and the digital world. Researchers at ETH Zurich have now developed such a function for the physical world. 🧬Their new technology is based on a pool of one hundred million different DNA molecules and protects against counterfeiting. 🧬Instead of using algorithms, the method employs the polymerase chain reaction (PCR) and DNA sequencing. #DNA #QuantumComputing #authentisation #Security

Would you believe that "Cryptographers" are discovering new rules for quantum encryption through a combination of theoretical research, practical experimentation, and collaboration across multiple scientific disciplines. Here are some of the key approaches and discoveries in this field: 1. Quantum Key Distribution (QKD) Quantum Key Distribution is a method that uses quantum mechanics to securely distribute encryption keys. The most well-known QKD protocol is BB84, developed by Charles Bennett and Gilles Brassard in 1984. QKD leverages the principles of quantum superposition and entanglement to ensure that any eavesdropping on the key exchange can be detected. 2. Post-Quantum Cryptography (PQC) Post-Quantum Cryptography focuses on developing cryptographic algorithms that are secure against attacks by quantum computers. These algorithms are designed to replace current public-key systems like RSA and ECC, which are vulnerable to quantum attacks. 3. Quantum-Resistant Algorithms In addition to QKD and PQC, researchers are exploring quantum-resistant algorithms that are designed to withstand both classical and quantum attacks. These algorithms are intended to be integrated into current cryptographic systems to provide an added layer of security. 4. Quantum Cryptographic Protocols Researchers are also developing new quantum cryptographic protocols that go beyond key distribution, such as quantum secret sharing, quantum secure direct communication, and quantum digital signatures. Collaboration and Research Initiatives: Collaboration between academia, industry, and government agencies is crucial for advancing quantum encryption. Joint research initiatives and funding from institutions like the European Union’s Quantum Flagship program and the U.S. National Quantum Initiative are driving significant progress in the field. Conclusion: The field of quantum encryption is rapidly evolving, with researchers discovering new principles and developing advanced protocols to ensure secure communication in the quantum era. By leveraging the unique properties of quantum mechanics, these new rules and technologies aim to provide robust security against both classical and quantum threats. #quantum #encryption #protocols #communication #mechanics #qkd #algorithms #research #experimentation #science