Securing Communication in the Quantum Computing Era

Slide Note
Embed
Share

Embracing Post-Quantum Cryptography (PQC) is essential to counter the threat posed by large-scale quantum computers to current public key cryptosystems. Russ Housley, a prominent figure in the field, highlights the urgency to deploy PQC algorithms before a quantum computing breakthrough occurs. The transition to PQC involves strategies such as utilizing multiple certificates and signatures, as well as exploring the concept of a single certificate accommodating both traditional and PQC keys. The journey towards PQC adoption requires a careful balance between security and complexity in adapting security protocols. Vigil Security LLC underscores the need for proactive measures to safeguard sensitive communications against potential quantum threats.

cer_nob
cer_nob Follow

Uploaded on Nov 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Planning for Post-Quantum Cryptography (PQC) Russ Housley Past IETF Chair Current IETF LAMPS WG Chair Vigil Security LLC 9 May 2022

  2. Motivation If large-scale quantum computers are ever built, these computers will be able to break the public key cryptosystems currently in use. A post-quantum cryptosystem (PQC) is secure against quantum. It is open to conjecture when it will be feasible to build such computers; however, RSA, DSA, DH, ECDH, ECDSA, and EdDSA are all vulnerable if a large-scale quantum computer is developed. Vigil Security 2 LLC

  3. Certificates and PQC Algorithms Goal Deploy PQC algorithms before there is a large-scale quantum computer that is able to break public key algorithms in widespread use today Assumption While people gain confidence in the PQC algorithms and their implementations, security protocols will use a mix traditional and PQC algorithms Recognize Such transitions take a long time at least a decade Vigil Security 3 LLC

  4. Two Possible Approaches Two certificates, each with one public key and one signature: one certificate traditional algorithm, signed with traditional algorithm one certificate PQC algorithm, signed with PQC algorithm One certificate: contains multiple public keys mix of traditional and PQC public keys Multiple signatures mix of traditional and PQC signatures Signature Public Key Traditional signature Traditional public key SEQUENCE OF SEQUENCE OF PQC signature PQC public key Vigil Security 4 LLC

  5. One Certificate Security protocols do not need any new fields Additional public keys are in one certificate Security protocols still need to be updated for the PQC algorithms No need to modify certificate architecture, but validation needs additional complexity to handle new corner cases Has known pitfalls of the jumbo certificate, which carried a key agreement public key and a signature public key for the same user Certificate becomes huge Yet, the desire for just one certificate for a device like a cable modem makes this a very attractive approach Vigil Security 5 LLC

  6. One Certificate, but Two Flavors COMBINED Combined encryption uses all the keys in a nested way COMPOSITE Composite encryption uses all of the public keys in the certificate separately Combined decryption must be performed with all of the private keys associated with all of the certified public keys (AND) Composite decryption can be performed with any of the private keys associated with one of the certified public keys (OR) Vigil Security 6 LLC

  7. Two Certificates Security protocols need new field for the additional certificates No need to modify certificate architecture, and validation works exactly as it does today Avoid known pitfalls of the jumbo certificate Two certificates are slightly bigger than one, just because the subject, issuer, and other metadata are carried in both At the end of the transition, just stop using the certificates with traditional algorithms, which is the ultimate goal state Vigil Security 7 LLC

  8. IETF LAMPS Specification for both the two certificate approach and the one certificate approach: specify the use of the new PQC public key algorithms specify formats, identifiers, enrollment, and operational practices for hybrid key establishment specify formats, identifiers, enrollment, and operational practices for dual signature Vigil Security 8 LLC

  9. Thank you! Russ Housley housley@vigilsec.com +1 703 435 1775 Vigil Security LLC

Related


Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

pendragon
CERN Quantum Technologies Initiative Overview

CERN Quantum Technologies Initiative Overview

audra
Addressing The Quantum Threat: The Quantum Resistant Ledger

Addressing The Quantum Threat: The Quantum Resistant Ledger

pearl
Introduction to Quantum Computing: Exploring the Future of Information Processing

Introduction to Quantum Computing: Exploring the Future of Information Processing

benaiah
Near-Optimal Quantum Algorithms for String Problems - Summary and Insights

Near-Optimal Quantum Algorithms for String Problems - Summary and Insights

lark
Exploring Neural Quantum States and Symmetries in Quantum Mechanics

Exploring Neural Quantum States and Symmetries in Quantum Mechanics

adelinda
Exploring 3D Transmon Qubits in Quantum Computing

Exploring 3D Transmon Qubits in Quantum Computing

blythe
Quantum Circuit Simulations and Electromagnetic Analyses in Quantum Photonics

Quantum Circuit Simulations and Electromagnetic Analyses in Quantum Photonics

gway
Development of Quantum Statistics in Quantum Mechanics

Development of Quantum Statistics in Quantum Mechanics

chambless_b
Post-Quantum Cryptography in IEEE 802.11 - Current State and Future Concerns

Post-Quantum Cryptography in IEEE 802.11 - Current State and Future Concerns

roni673
Quantum Key Agreements and Random Oracles

Quantum Key Agreements and Random Oracles

fperi
Quantum vs. Classical Computing: Exploring Forrelation Problem

Quantum vs. Classical Computing: Exploring Forrelation Problem

italos
Understanding Blockchain Vulnerabilities to Quantum Attacks

Understanding Blockchain Vulnerabilities to Quantum Attacks

nars186
Quantum Computing: Achievable Reality or Unrealistic Dream Workshop

Quantum Computing: Achievable Reality or Unrealistic Dream Workshop

dilo802
Insights on Quantum Computing: Bridging Theory and Reality

Insights on Quantum Computing: Bridging Theory and Reality

wasi_95
Exploring Quantum Information through Polarization of Photons

Exploring Quantum Information through Polarization of Photons

basshe
Quantum Deep Learning: Challenges and Opportunities in Artificial Intelligence

Quantum Deep Learning: Challenges and Opportunities in Artificial Intelligence

pshm
Understanding Quantum Computing and Its Impact on Cryptography

Understanding Quantum Computing and Its Impact on Cryptography

rhyannch
Post-Quantum Cryptography: Safeguarding Secrets in the Digital Age

Post-Quantum Cryptography: Safeguarding Secrets in the Digital Age

akha
Understanding Quantum Computing: Quantum Gates, Bits, and Applications

Understanding Quantum Computing: Quantum Gates, Bits, and Applications

dan_sp
Understanding Deutsch's Algorithm in Quantum Computing

Understanding Deutsch's Algorithm in Quantum Computing

barrettc
Quantum Mechanics and Geometric Interpretations in Weyl Space

Quantum Mechanics and Geometric Interpretations in Weyl Space

jerg105

More Related Content