1. Cryptology News Bulletins
2. Post Quantum Cryptograpy update
3. Historic Vignette
4. Bibliography

Title {Item Template}

• bullets

Potpourri

• …

• David Kahn (1930-2024)
  • funeral;
  • WaPo,
  • Schneir,
    
  • Cryptologia 48:3

Review: What’s Quantum Computing?

See last 2022 status

Quantum Superposition when used for computing.

• QC measured in “qubits” not bits
• 30% True, 70% False.

Review: Kinds of Quantum Hardware

• Quantum Annealing - big qubit counts, great for optimization problems

• Quantum Circuit/Logic - small numbers of qubits so far.

Review: We’re discussing PQC before QC?

Yes !

• Quantum Cryptography

  • theoretically using entangled quantum states
  • to create an encryption
  • or an anti-eaves-droppable connection

• Quantum Cryptanalysis

  • Using Quantum Computing to defeat classical PKI encryption

• Post Quantum Cryptography

  • new classical encryptions that can resist Quantum Cryptanalysis,
  • so read as Ready for post-(Quantum-Computing) Cryptography.

Review: What’s the problem?

• Unbreakable ciphers aren’t always unbreakable, for always.
• QC could theoretically break most PKI
  • Schor’s Algorithm / Grover’s / VQF
  • discrete log as well as prime factoring, even elliptic curves
• 2024-01-05 Improving Shor’s Algorithm
  • “Thirty Years Later, a Speed Boost for Quantum Factoring” (Quanta)
  • Oded Regev’s paper on arXive
  • and another team already reduced the memory penalty of the speed improvement arXiv

Review: Generalization of Forward Secrecy

• Classical “Forward Secrecy” - old messages not broken by later loss of host key

• Generalized: old saved messages not broken by later breakthroughs either.

• Realistic threat?

  • VENONA + GEE 1940s {BLU Sept 2018}
  • NSA Utah Data farm, 2013

Review: NIST’s Post-Quantum Cryptography Standards

The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. – NIST

Review: NIST PQC Competition

National Institute of Standards & Technology started a multi-round competition, similar to with AES and SHA3 competitions

• NIST announcement
  
• NIST Q&A
• Schneier on PQC

Review: Quantum Cracking 2023

• RSA2048 in play or not? - Chinese academic paper claiming 2k bit RSA within range of current gen NON-fault-tolerant QC, no great surprise given Qubits available and theoretical algorithm size. Schor and Schneier unconvinced - does it actually converge w/o FT? Schneier 2023-01

• Schneier “You Can’t Rush PQC Standards”

• Quantum resistant hybrid-signing FIDO2 keys for 2FA

• Side-Channel Attack against CRYSTALS-Kyber

[2023.02.28] CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack. What makes this work really interesting is that the researchers used a machine-learning model to train the system to exploit the side channel.

OTOH as seen in TETRA:BURST, a side-channel attack can be used to extract key or algorithm from a piece of equipment that falls into opponent lab.

REVIEW: Known weaknesses

• breaks eliminated 62 of 69 entrants in Rounds 1 to 4
  
• including the two front-runners, Rainbow and SIKE
  
• 7 remain, will they survive?
• FALCON would be compromised by a lack-of-randomness in salt, or failure to salt, as repeating same key and hash again gives too much information.

Isn’t non-random or uniformly-blank Salt an unlikely failure?

TL;DR No. It’s happened. (see in notes)

NIST PQC Timeline

• 2022-04-28 How to Prepare Your PKI for Quantum Computing (April 28, 2022)
• 2023-03-03 ✓ Post-Quantum Cryptography Conference (Friday March 3, 2023 - Ottawa, Canada)
• 2023-08 ✓ FRN RFC Draft Standards FIPS 203, 204, 205.
• 2024-04 ✓ Fifth PQC Standardization Conference
• 2024-08-15 ✓ FIPS Standards; FIPS Allowed: NIST announced finalized PQC standards for 3 of 4 “winners” (3 more to come)
• 2025/26 FIPS certification for the PQC algorithms; FIPS Approved.
• ….

NIST PQC

2025-…

intro

blah

• blah

My talks

The YouTube of this presentation will be linked on BLU.org along with these slides and extended notes etc as 2025-sep as per usual.

Prior talks in this series - most talks have slides &/or YouTube attached, sometimes extras.
Alas the YouTube audio pre-pandemic wasn’t great, BLU will need a donation of a wireless clip-on mike if we ever return to Hybrid/In-Person meetings. Or we all need to wear a wired or BT headset while presenting in person?

News + Focus

News and Focus sections have embedded links.

Good security news streams to either research history or to follow year round are Scneier Crypto-gram and SANS ISC, the latter being less cryptologic and more operational in focus – but both cover the wide span of vulnerabilities, tools, remediations, etc, not just the cryptologic that I’m cherry-picking here.
Highly recommended.
Start your day with the 5 minute SANS Internet Storm Center StormCast pod-cast; the Red Team is, so, so should you.

Cryptologic History - general references

• Bletchley Park Podcast on your favorite pod server
  • FB
  • BPP Keyword index
    by me, current thru fall ’22
• Books
  • The Code Breakers, revised & updated; Kahn, David; 1996: NY S&S.
  • Decrypted Secrets; Bauer, F.L.; 1997: Heidelberg, Springer.
  • Schneier books
• Websites
  • Wikipedia
  • Cipher History
    
  • CryptoMuseum
    
  • NSA History
  • GWU NSArchive (Academic National Security Archive at GWU; FOIA Declassified)
  • Declassified post-WW2 TICOM reports (Signals and Cryptologic Intelligence equivalent of better-known Operation Paperclip, etc.)

Title {Item Template}

text

• bullets