Security News

In today's increasingly automated operational environment, crypto agility-i.e., an organization's ability to switch rapidly and seamlessly between certificate authorities, encryption standards and keys and certificates with minimal disruption to one's digital infrastructure-becomes essential to business. In 2020, Apple reduced the lifespan certificates to a year, pushing others to match them, and in March 2023, Google announced a proposal to reduce TLS certificate validity to 90 days.

I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard.

Some popular projects using implementations of Kyber are Mullvad VPN and Signal messenger. The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process, allowing attackers to analyze the execution time and derive secrets that could compromise the encryption.

Researchers are exploring promising quantum computing applications across various domains, from cryptography and optimization problems to drug discovery and artificial intelligence. Quantum computers, with their ability to perform complex calculations at speeds unattainable by classical counterparts, possess the potential to crack widely used encryption methods, posing a significant threat to the privacy and security of sensitive information.

NIST, the US National Institute of Standards and Technology, is leading a process to create and standardize new encryption algorithms to replace RSA and ECC. The new algorithms rely on mathematical approaches that are not easily broken by quantum or classical computers. In December of 2022, US President Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act which mandates timelines for moving government systems to PQC algorithms.

With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing to quantum companies in 2022, quantum technologies, particularly quantum computers, are rapidly moving from the lab to the commercial marketplace. By leveraging the principles of quantum mechanics, quantum computers have the potential to perform certain computations exponentially faster than classical computers.

In an era where data security is paramount, the recent revelations about firmware backdoors implanted by Chinese government-backed hackers serve as a stark reminder of the evolving threat landscape. To secure data today from the risks of tomorrow, organizations need to take proactive measures in securing data against quantum risks.

Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping...

Signal has announced an upgrade to its end-to-end encryption protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. "Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly than modern classical computers. Instead of bits as in a classical computer, quantum computers operate on qubits," explained Ehren Kret, CTO at Signal.

Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers. Quantum computers - which every decade experts believe may be able to crack today's encryption schemes within the next decade or two - aren't particularly useful at the moment.