Security News

Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping...

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. "This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take"several years.

One of these standards is a generative AI content certification known as ​​C2PA. C2PA has been around for two years, but it's gained attention recently as generative AI becomes more common. The C2PA specification is an open source internet protocol that outlines how to add provenance statements, also known as assertions, to a piece of content.

"NIST has release a draft of Special Publication1800-38A: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." It's only four pages long, and it doesn't have a lot of detail-more "Volumes" are coming, with more information-but it's well worth reading. We are going to need to migrate to quantum-resistant public-key algorithms, and the sooner we implement key agility the easier it will be to do so.

Quantum computing has surged in popularity recently, with its revolutionary computational capabilities transforming the technology sector. In this Help Net Security video, Vanesa Diaz, CEO at LuxQuanta, talks about how precautions must be taken ahead of this new quantum age, where cybersecurity solutions require significant attention and developments to ensure the protection and security of data.

So we though we'd take a quick look back at some of the major issues we covered over the last couple of weeks, and reiterate the serious security lessons we can learn from them. If you are ever stuck with doing a data breach notification, don't try to rewrite history to your marketing advantage.

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer.

Grover's algorithm given a big and powerful enough quantum computer, claims to be able to complete the same feat with the square root of the usual effort, thus cracking the code, in theory, in just 264 tries instead. Shor's quantum factorisation algorithm. Or you'd have to adopt a completely new sort of post-quantum encryption system to which Shor's algorithm didn't apply.

They use quantum keys that guarantee security based on quantum physics rather than computational complexity, thus they are secure even against quantum computers. Quantum key distribution is the most important technology for realizing quantum cryptosystems.

The US National Institute of Standards and Technology has recommended four cryptographic algorithms for standardization to ensure data can be protected as quantum computers become more capable of decryption. Back in 2015, the NSA announced plans to transition to quantum-resistant cryptographic algorithms in preparation for the time when quantum computers make it possible to access data encrypted by current algorithms, such as AES and RSA. No one is quite sure when that may occur but it depends on the number of qubits - quantum bits - that a quantum machine can muster, and other factors, such as error correction.