.png?width=323&name=Customer%20Advisory%20Board%202019%20(4).png)
16th of January, 2020
Hilton Santa Clara in Santa Clara (near Levi's Stadium)
Since Peter Shor of AT&T Bell Laboratories first published an efficient quantum algorithm for factoring in 1994, we have known that when a general-purpose quantum computer of sufficient size is built then all our commonly-used public-key cryptographic algorithms will be broken. Across Microsoft, we use HSMs extensively to provision and protect many services including public key infrastructure (PKI), code signing, and cloud computing. In this talk I will discuss how Microsoft is preparing for a transition to quantum-resistant public-key algorithms, including our development of candidate quantum-resistant algorithms and our participation in the ongoing US NIST Post-Quantum Cryptography Standardization Process. I will also discuss our integrations to date of those algorithms into OpenSSL, OpenSSH, OpenVPN, the Open Quantum Safe (OQS) library, an Utimaco HSM, and how we have used the HSM to issue X.509 certificates using hybrid classical/post-quantum signatures with our Picnic post-quantum digital signature algorithm.
Quantum computers have the potential to solve currently intractable computational problems. This will drastically undermine the security of widely deployed cryptosystems, such as RSA and Elliptic Curve Cryptography. To mitigate this potential crypto-apocalypse, a large number of researchers have investigated a variety of cryptography algorithmic families potentially safe against quantum threats, such as: hash-based signatures, lattices, codes, multivariate quadratic equations, and super-singular isogeny cryptography, just to mention the most studied ones. In this talk, we will provide a deep-dive in two of these families: hash-based signatures and code-based cryptography. Both of them offer unique characteristics, are being considered in standardization processes (e.g. NIST & ISO/IEC) and represent very promising alternatives for RSA & ECC.
This presentation introduces NIST Post-Quantum Cryptography (PQC) Standardization project. It discusses challenges in deploying post-quantum cryptography in the existing applications and explores possible strategies for transition and migration.
Contrary to what you may have heard, the advent of quantum computing won’t spell the end to encryption as we know it. That is, if enterprises have taken the necessary steps to prepare for a post-quantum future.
Currently, the security of many cryptographic algorithms — which protect everything from online banking transactions to people’s online identities and private email messages — relies on the difficulty conventional computers have with factoring large numbers. The problem is that quantum computers will be able to break several popular public-key cryptography systems relatively quickly, such as RSA and Diffie-Hellman.
To survive in a post-quantum world, algorithms must be based on different mathematical tools that can resist both quantum and conventional attacks. To that end, the National Institute of Standards and Technology (NIST) is currently evaluating 26 quantum-proof algorithms to determine performance across everything from massive supercomputers to Internet of Things devices. Presuming that NIST’s and other researchers’ efforts are successful, quantum-safe cryptography should be available well before the arrival of large-scale quantum computers that can break RSA and other vulnerable algorithms.
Despite these promising developments, enterprises can ill afford to wait until algorithms start breaking because there’s too much at stake. And the industry’s track record for absorbing new algorithms is not great. For example, SHA1 depreciation was recommended five years before it went into effect and took 13 years from the recommendation stage until widespread change. However, SHA1 only dealt with signature integrity while post-quantum deals with the far greater exposure of sensitive data and signatures.
To be prepared, enterprises must begin the process of assessing their current systems, software and appliances now, otherwise these systems will become impediments and potentially open the door to countless vulnerabilities. Once the weak links are identified, it will be important to begin working with vendors to determine their roadmap and timeline for post-quantum integration. Third-party vendors will often take a wait-and-see approach, which could be a recipe for disaster if quantum computing arrives sooner rather than later. Similar to the Y2K problem, enterprises had advance warning, implemented necessary changes, and were able to minimize disruption as a result. In this presentation we will address the roadmap enterprises should take to identify and remediate systems in their environment in preparation for the post-quantum world.
There’s a lot at stake and questions abound. Subject matter expert, Mark B. Cooper aka The PKI Guy, will offer up answers and recommendations about how to best ready the enterprise, including quantum key distribution, migration, and implementation. He’ll explain how enterprises can rate systems based on risk and exposure, such as external authentication and data protection vs. an internal employee portal. He will also explain how to develop a strategy for systems that can only support a single PKI chain (such as an appliance) and provide guidance for when the transitions occur when authenticating systems use post-quantum and legacy crypto (RSA/ECC), and more.
Over the next 10-20 years, over 20 billion digital devices will need to be either upgraded or replaced to use quantum resistant public key cryptographic algorithms instead of the current RSA or Elliptical Curve based algorithms we use today. This situation is similar to the Y2K situation experienced 20 years ago which required updating the date field in older software programs from two digits to four digits so they wouldn’t get confused when the year flipped over from 1999 to 2000. It is estimated that the industry spent over $300 billion worldwide to resolve this Y2K problem. Although powerful quantum computers that can factor large semi-prime numbers using Shor’s algorithm are not projected to be available for at least another ten years, organizations should start their planning now to ensure their confidential data is not at risk to an adversary’s attack using a future high performance quantum computer. This presentation will provide a summary of a market analysis for post quantum cryptography products and services, provide an estimate of expected adoption trends, and a description of how we expect these upgrades to be implemented in different market segments. Most importantly, the presentation will describe certain situations where near term actions are recommended and describe some approaches that companies may consider using right now to ensure they do not have much larger problems in the future.
This talk will focus on how to efficiently construct hash-based post-quantum signatures tailored to blockchains by taking advantage of the immutability nature of blockchain designs. After presenting a step-by-step evolution of one-time schemes, we will provide novel extensions and optimizations on top of the original Lamport, Winternitz, XMSS , Sphincs and BPQS protocols. Briefly, unlike generic post-quantum constructions, we can benefit from application-specific chain/graph structures in order to decrease key generation, signing and verification costs as well as signature size. Additionally, instead of signing hashed messages, one can implement {reference and commitment}-based signatures that have direct applications to pre-signed transactions and recurring payments.
We will also discuss attacks on existing post-quantum blockchains (i.e., IOTA) and shed light to misconceptions that hashed keys can make a blockchain quantum- resistant.
NIST is in the process of selecting new post-quantum cryptographic algorithms that are secure against both quantum (PQ) and classical computers. NIST has selected a few candidates from among all submissions for further consideration and study. In this presentation, I’ll explore the results of a recent experiment run by Cloudflare and Google Chrome to understand how these algorithms act when used by real clients over real networks, particularly candidate algorithms with a significant difference in public-key or ciphertext sizes. Our focus is on how different key sizes affect handshake time in the context of Transport Layer Security (TLS) as used on the web in HTTPS. Our two primary candidates are NTRU-based HRSS and isogeny-based SIKE. This presentation will reveal the results of this experiment and the lessons learned.
This presentation will focus on using HBS signatures for image signing and software secure root of trust. We will also discuss our findings on the implications of using NIST PQ signatures in (D)TLS and IKEv2 applications.
Our digital economy is heavily dependent on cryptography to keep our society safe and secure. Quantum computers pose a threat to the underlying security assumption of many cryptosystems, thereby potentially impacting practically every digital business process. We have known about these risks 25 years ago, and yet it is only recently that companies have started taking it seriously. Recent progress in the field of quantum computing has been the catalysator of this process, with Google's quantum supremacy experiment making headlines in every media channel.
The challenge of dealing with quantum risk is a daunting one. One of the most difficult elements is that it is difficult to predict when it will happen. An additional problem is that the mitigations to the quantum risk are not fully mature yet. NIST is in the process of selecting quantum-safe algorithms but it will still take years before the selection procedure is finalized. Other solutions, such as Quantum Key Distribution, come from a completely different field (physics, as opposed to mathematics), which sometimes makes even the communication between different solution providers a challenge, to say the least. All these factors make it very challenging to deal with quantum risk.
In this presentation we will elaborate of the challenges organizations face in the advent of quantum computers. We will focus on how to deal with such a challenge on the organization level rather than the specific solutions available in the market. We will also discuss our experience regarding the maturity level of different companies and how they approach this challenge. Finally we will present Deloitte's recent efforts to assist organization with assessing and mitigating this risk.
There has been tremendous progress in the many layers needed to realize large-scale quantum computing, from the hardware layers to the high level software. There has also been vastly increased exploration into the potentially useful applications of quantum computers, which will drive the desire to build quantum computers and make them available to users.
The knowledge and tools developed for these positive applications give us insight into the cost of implementing quantum cryptanalysis of today's cryptographic algorithms, which is a key factor in estimating when quantum computers will be cryptographically relevant (the "collapse time"). In addition to my own estimates, I will summarize the estimates of 22 other thought leaders in quantum computing.
What quantum cryptanalysis means to an organization or a sector depends not only on the collapse time, but also on the time to migrate to quantum-safe algorithms as well as the shelf-life of information assets being protected. In recent years, we have gained increasing insight into the challenges of a wide-scale migration of existing systems. We must also be proactive as we deploy new systems. Open-source platforms, like Open-Quantum-Safe and OpenQKDNetwork are valuable resources in helping meet many of these challenges.
While awareness of the challenges and the path forward has increased immensely, there is still a long road ahead as we work together with additional stakeholders not only to prepare our digital economy to be resilient to quantum attacks, but also to make us more resilient to other threats that emerge.
