You are invited to the fourth edition of our Applied Crypto Symposium! Spend the day in Silicon Valley with post-quantum cryptography experts and industry leaders to:
Since Peter Shor of AT&T Bell Laboratories first published an efficient quantum algorithm for factoring in 1994, we have known that when a general-purpose quantum computer of sufficient size is built then all our commonly-used public-key cryptographic algorithms will be broken. Across Microsoft, we use HSMs extensively to provision and protect many services including public key infrastructure (PKI), code signing, and cloud computing. In this talk I will discuss how Microsoft is preparing for a transition to quantum-resistant public-key algorithms, including our development of candidate quantum-resistant algorithms and our participation in the ongoing US NIST Post-Quantum Cryptography Standardization Process. I will also discuss our integrations to date of those algorithms into OpenSSL, OpenSSH, OpenVPN, the Open Quantum Safe (OQS) library, an Utimaco HSM, and how we have used the HSM to issue X.509 certificates using hybrid classical/post-quantum signatures with our Picnic post-quantum digital signature algorithm.
Quantum computers have the potential to solve currently intractable computational problems. This will drastically undermine the security of widely deployed cryptosystems, such as RSA and Elliptic Curve Cryptography. To mitigate this potential crypto-apocalypse, a large number of researchers have investigated a variety of cryptography algorithmic families potentially safe against quantum threats, such as: hash-based signatures, lattices, codes, multivariate quadratic equations, and super-singular isogeny cryptography, just to mention the most studied ones. In this talk, we will provide a deep-dive in two of these families: hash-based signatures and code-based cryptography. Both of them offer unique characteristics, are being considered in standardization processes (e.g. NIST & ISO/IEC) and represent very promising alternatives for RSA & ECC.
This presentation introduces NIST Post-Quantum Cryptography (PQC) Standardization project. It discusses challenges in deploying post-quantum cryptography in the existing applications and explores possible strategies for transition and migration.
Contrary to what you may have heard, the advent of quantum computing won’t spell the end to encryption as we know it. That is, if enterprises have taken the necessary steps to prepare for a post-quantum future.
Currently, the security of many cryptographic algorithms — which protect everything from online banking transactions to people’s online identities and private email messages — relies on the difficulty conventional computers have with factoring large numbers. The problem is that quantum computers will be able to break several popular public-key cryptography systems relatively quickly, such as RSA and Diffie-Hellman.
To survive in a post-quantum world, algorithms must be based on different mathematical tools that can resist both quantum and conventional attacks. To that end, the National Institute of Standards and Technology (NIST) is currently evaluating 26 quantum-proof algorithms to determine performance across everything from massive supercomputers to Internet of Things devices. Presuming that NIST’s and other researchers’ efforts are successful, quantum-safe cryptography should be available well before the arrival of large-scale quantum computers that can break RSA and other vulnerable algorithms.
Despite these promising developments, enterprises can ill afford to wait until algorithms start breaking because there’s too much at stake. And the industry’s track record for absorbing new algorithms is not great. For example, SHA1 depreciation was recommended five years before it went into effect and took 13 years from the recommendation stage until widespread change. However, SHA1 only dealt with signature integrity while post-quantum deals with the far greater exposure of sensitive data and signatures.
To be prepared, enterprises must begin the process of assessing their current systems, software and appliances now, otherwise these systems will become impediments and potentially open the door to countless vulnerabilities. Once the weak links are identified, it will be important to begin working with vendors to determine their roadmap and timeline for post-quantum integration. Third-party vendors will often take a wait-and-see approach, which could be a recipe for disaster if quantum computing arrives sooner rather than later. Similar to the Y2K problem, enterprises had advance warning, implemented necessary changes, and were able to minimize disruption as a result. In this presentation we will address the roadmap enterprises should take to identify and remediate systems in their environment in preparation for the post-quantum world.
There’s a lot at stake and questions abound. Subject matter expert, Mark B. Cooper aka The PKI Guy, will offer up answers and recommendations about how to best ready the enterprise, including quantum key distribution, migration, and implementation. He’ll explain how enterprises can rate systems based on risk and exposure, such as external authentication and data protection vs. an internal employee portal. He will also explain how to develop a strategy for systems that can only support a single PKI chain (such as an appliance) and provide guidance for when the transitions occur when authenticating systems use post-quantum and legacy crypto (RSA/ECC), and more.
Over the next 10-20 years, over 20 billion digital devices will need to be either upgraded or replaced to use quantum resistant public key cryptographic algorithms instead of the current RSA or Elliptical Curve based algorithms we use today. This situation is similar to the Y2K situation experienced 20 years ago which required updating the date field in older software programs from two digits to four digits so they wouldn’t get confused when the year flipped over from 1999 to 2000. It is estimated that the industry spent over $300 billion worldwide to resolve this Y2K problem. Although powerful quantum computers that can factor large semi-prime numbers using Shor’s algorithm are not projected to be available for at least another ten years, organizations should start their planning now to ensure their confidential data is not at risk to an adversary’s attack using a future high performance quantum computer. This presentation will provide a summary of a market analysis for post quantum cryptography products and services, provide an estimate of expected adoption trends, and a description of how we expect these upgrades to be implemented in different market segments. Most importantly, the presentation will describe certain situations where near term actions are recommended and describe some approaches that companies may consider using right now to ensure they do not have much larger problems in the future.
Kostas is a Cryptographer at Calibra, co-author of "The Libra Blockchain" paper and main contributor to Libra's cryptography api. He was previously the lead cryptographer at R3 and the Corda blockchain, while he is the main author of the "Blockchained Post-Quantum Signatures" and "Improved Anonymous Timed Release Encryption" papers, which are considered some of the fastest protocols in their fields. Kostas has a PhD in Identity-Based Encryption and holds a number of blockchain and cryptography related patents. His fields of expertise vary from public key cryptography, HSM custodial services, smart contracts for atomic swaps and payment channels, key compromise attacks and zero knowledge proofs, among the others.
Are you an industry expert with knowledge to share? Submit your presentation proposal today to share your insights and expertise with a dedicated community of peers alongside industry experts like Brian LaMacchia (Microsoft) and Michele Mosca (Institute for Quantum Computing) at our Applied Crypto Symposium. Submissions are welcome on topics related to post-quantum cryptography. More specifically, we are interested to hear about the implementation of the new algorithms, PQC roadmap, as well as opportunities, challenges, research, solutions, and innovations associated with PQC. The event is a forum to exchange information and encourage dialogue so we welcome any content that facilitates that.
Please submit your 400-word presentation outline no later than Friday, November 15th to be considered.
Get recognition from industry professionals and take advantage of networking opportunities with other data cybersecurity practitioners, thought leaders and industry authorities. We look forward to reviewing your submissions!
When you enter event, you enter an area where photography, audio, and video recording may occur. By entering the event premises, you consent to interview(s), photography, audio recording, video recording and its/their release, publication, exhibition, or reproduction to be used for news, web casts, promotional purposes, telecasts, advertising, inclusion on websites, social media, or any other purpose by Utimaco and its affiliates and representatives. Images, photos and/or videos may be used to promote similar events in the future, highlight the event and exhibit the capabilities of Utimaco. You release Utimaco, its officers and employees, and each and all persons involved from any liability connected with the taking, recording, digitizing, or publication and use of interviews, photographs, computer images, video and/or sound recordings.
By entering the event premises, you waive all rights you may have to any claims for payment or royalties in connection with any use, exhibition, streaming, web casting, televising, or other publication of these materials, regardless of the purpose or sponsoring of such use, exhibiting, broadcasting, web casting, or other publication irrespective of whether a fee for admission or sponsorship is charged. You also waive any right to inspect or approve any photo, video, or audio recording taken by Utimaco or the person or entity designated to do so by Utimaco.
You have been fully informed of your consent, waiver of liability, and release before entering the event.
Please note that we have a limited number of complimentary spaces available. Once we receive your registration we will confirm your attendance via email.
We look forward to welcoming you at the Utimaco Applied Crypto Symposium in Santa Clara!