6

US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography

 2 years ago
source link: https://tech.slashdot.org/story/22/04/10/024244/us-military-makes-significant-effort-in-quantum-resistant-cryptography
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography

Become a fan of Slashdot on Facebook

binspamdupenotthebestofftopicslownewsdaystalestupid

freshfunnyinsightfulinterestingmaybe

offtopicflamebaittrollredundantoverrated

insightfulinterestinginformativefunnyunderrated

descriptive

typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today.
×
David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports: "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike."

"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.

Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.

Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.

A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.

  • As someone who had their life up-ended by a hack of a government database, even the most golly-gee-whiz technology won't save you if your policies and protocols suck.

    But investing in making government agencies competent and less bureaucratic doesn't mean you get to funnel billions of taxpayer dollars to cronies.

    Fix your foundational first problems before you give us another bill for a failed and meaningless project like SDI. You are not to be trusted with that type of technology.

    • Re:

      Nowhere in the article is there a mention of funneling money to companies. However, given the Ronald Reagan effort to turn the Fed. Gov. into an arm of business, it will happen because the Fed. Agencies do not have the right personnel to do the job. The Fed. Gov. will probably start at universities though since companies cannot see past their next quarter spreadsheets. And the Fed. Gov. can do more than one thing at time, something of which you are willfully ignorant.

      SDI has nothing to do with this or just

  • The crazy thing about switching to quantum resistant crypto is that any communications *before* the switch will be public once quantum computers are developed (I now think it is _once_ not _if_ at this point). I rather suspect that this is what the military is really concerned about. The sooner they switch, the less is revealed.

    If they had nothing to hide, there would be no story here.

    • Yup, there is good evidence state actors are recording a lot of encrypted comms for just this eventuality.

  • An arms race again! Whoo-hoo! Spending! Juicy juicy spending! Pork barrels up the yin-yang!

    Because that military-industrial-complex demands its tithe, and will make up or play up any threat to get the spending flowing faster. Not that they really need it, but that's greed for you.

    It's not even completely implausible. People are working on quantum computing, though it's gonna be a goodly while yet before it's generally usable. So the military should already put some effort in looking at "quantum-hardened"

    • Re:

      Who's panicking? They're increasing research. That's not panicking.

      What, is staying ahead of the curve now considered panicking? Should we just be completely reactive with everything, just like with global warming? Or, like with certain common viruses that jump between species and was always a matter of time before one strain really takes off?

  • This is fun. Most level headed quantum researchers I've seen have realized the whole craze is in the "uber hype" phase of tech, that familiar one where most haven't realized the whole thing is going to be way harder to produce something that lives up to the hype than is currently targeted. Heck other, even more level headed and knowledgable types wonder if it's even possible. It's not like quantum physics is a solved problem, there are fundamental unanswered questions that involve how they're supposed to work.

    But sure, go off, the commies are coming for us. At least it'll pour money into research. Heck it's too bad there was never a fusion race; this whole climate change thing might not be a problem right now if they'd spent as much money on that as on building thousands of nuclear weapons.

    • Re:

      Building nuclear weapons is relatively easy compared to changing the lifestyles of Americans. No one is going off the commies, except you and your dreams.

    • Re:

      Everyone does not use computers the same way or needs a form factor that you can walk in to your local electronics store and get "yours". Just because a public disclosure implies "hype" does not mean the advances are not "significant". Remember this Internet thing reported to be "blowing over" eventually? By researchers and professors no less....

  • They essentially understand that all currently practicable public key systems might be broken with quantum computers, but symmetric key systems aren't.......so they wrap their public key cryptography in an optional simple shared key.

    This is of course not practicable for large systems with thousands of peers, but it's perfectly adequate for the typical usecase of connecting 2 systems to eachother.

    • Re:

      This made me smile. AFAIK, public key cryptography was invented to solve the logistic problem of secure key exchange and now they add a protocol on top of it that requires a manual key exchange;-)

      What else could we add on top to solve this...?

      • Re:

        Well the important bit is that it's added on top. Essentially in this case the "chain" is as strong as it's strongest link.
        If the shared key fails... well you've still got the public key system, if the public key system fails you still have the shared key.

        Since the use-case for Wireguard typically doesn't involve actually publishing your public key, but only sharing it with your peers, sharing shared key isn't that much of an issue there.

        One should also note that Wireguard essentially replaces OpenVPN which

        • Re:

          If you think that actually provides security, then you don't really know anything about security. In an actual secured system, NOBODY knows the private key. In that scheme, multiple parties know a 'shared' key. Any one of those parties could potentially leak that key. That does not meet any reasonable definition of 'secure'.

          • Re:

            Yeah, that's how most people did it with OpenVPN. With Wireguard if the shared key gets public, you still have the public key crypto to fall back to.

            Cryptographic protocols matter and you cannot simply have a knee-jerk reaction to words you hear without understanding the whole system.

            • Re:

              Right, you must understand the whole system, so maybe you should try that. The underlying assumption with this effort is that the current public key systems will be broken. So no, you don't have that 'to fall back on'. All you have is a very insecure shared key.

    • Re:

      There are a bunch of practical quantum resistant public key systems available. The most popular key exchange systems are possibly vulnerable to hypothetical future quantum computers. Maybe.

      I've never heard of Wireguard, but it sounds silly. If you're exchanging a key just use symmetric key encryption. I expect this is already what most actually secret communication does. It's not like the US government doesn't have multiple ways of securely exchanging keys or enough paranoid people who would drop a SHA-384

      • Re:

        Well those systems require very long key lengths which make them less practicable. Yes it may be a bit silly, but it's rather effective.

        For Wireguard the symmetric key is optional. In any case it uses public key encryption, the shared key is just there in case someone breaks the public key scheme. Key exchange is done manually, so you exchange IP addresses, ports, the public keys and the "allowed IPs" between the peers. There's no CA or other complicated scheme necessary. Simplicity was one of the main poin

        • Re:

          Effective at what (other than convincing people that are not familiar with security that it is secure)?

          If the public key stuff is not broken (and currently it is not), then the shared keys provide no benefit at all. If the public keys are broken, then all you have are pre-shared keys, which your own link points out 'are usually troublesome' (then explains how that doesn't matter because the public keys aren't broken!)

          What, exactly provides the secure channel over which these pre-shared keys are shared? Let

          • Re:

            I wonder why you are so hung up about this one aspect of it.

            • Re:

              What other aspect is there? The whole point of the discussion is how to protect against a future where current public key cryptography is broken. You say you like how wireguard approaches it, but wireguard just uses double talk to dance around the problem. Just read that section in your link. 'Mitigates against curve25519 being broken by quantum computing by using pre-shared keys which are a problem but that is OK because curve25519 provides adequate protection.' Huh?

            • Re:

              To further clarify: when analyzing security you must look for the weakest link in the chain. You hold up symmetric encryption as the strongest link. But to say that, you must look at the weaknesses surrounding it. And while the algorithms may be very strong and quantum resistant, there is another important aspect to consider: key management.

              When considering key management, here are some things to think about:
              How are the keys distributed? If there is public key cryptography involved anywhere along the li

        • Re:

          Lol. If you're exchanging a key then the additional use of public key encryption is silly.

          Post-Quantum public key encryption doesn't require large keys. The keys range from a few hundred bytes to a meg or so.

          • Re:

            Indeed. In fact, if you think you have key exchange worked out better than public key does, just exchange a one time pad and you'll be safe from all attacks.

      • Re:

        But the candidate algorithms keep falling to classical attacks. Post quantum crypto still has to be secure against the existing non crypto attacks and designing such algorithms is kinda challenging.

        • Re:

          That's why a hybrid approach is used - current methods to prevent classical attacks, post quantum to prevent quantum attacks.

        • Re:

          Better tell NIST. They seem to think there are a decent number of good candidates. You might want to include some supporting evidence though.

          • Re:

            One of the remaining signature algorithm candidate (Rainbow) got broken. That 1 out of 3. Only 2 left.
            If Crystals-dilithium and falcon fail then there will be none left.

            https://csrc.nist.gov/projects... [nist.gov]

  • a pretty shocking moment to industry and government alike

    They're scared shitless that it'll make the Snowden revelations look like a movie preview.

  • If you have an adversary with a computer capable of cracking crypto and you don't.

  • by Anonymous Coward on Sunday April 10, 2022 @11:35AM (#62434056)

    The Chinese government is misallocating resources on boondoggle projects that will never go anywhere, so the US government thinks it should do the same.

  • You need quantum resistance today because your adversary is recording your messages and the key exchanges today and once they have a quantum computer they can crack the key exchange and read your messages. So If you send anything that needs to be kept secret for 10 years or more you better not use a key exchange based on discrete logarithms (ECC) or prime factorization (RSA).

    When I worked in this area 5 years ago it was impossible to get people in the right places to care enough to even listen. They as

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK