Microsoft Adds Post-Quantum Cryptography To an OpenVPN Fork (bleepingcomputer.com) 63
An anonymous reader writes: Microsoft recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) within OpenVPN. Being developed by the Microsoft Research Security and Cryptography group, as part of their research into post-quantum cryptography, this fork is being used to test PQC algorithms and their performance and functionality when used with VPNs.
Microsoft's PQCrypto-VPN is published on Github and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are: (1) Frodo: a key exchange protocol based on the learning with errors problem (2) SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman and (3) Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs.
Microsoft's PQCrypto-VPN is published on Github and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are: (1) Frodo: a key exchange protocol based on the learning with errors problem (2) SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman and (3) Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs.
Picnic is already broken. (Score:5, Funny)
Picnic might be secure from quantum computers.
But its basket structures are clearly vulnerable to bear based attacks where the attacker is mathematically proven to be smarter than average.
Re:Picnic is already broken. (Score:5, Funny)
But its basket structures are clearly vulnerable to bear based attacks where the attacker is mathematically proven to be smarter than average.
That's definitely a major boo-boo.
Re: (Score:3)
Re: (Score:3, Insightful)
Microsoft? Security? Something doesn't seem quite right.
For me, security and Microsoft is not the issue. It's trust and Microsoft.
As in, "I trust Microsoft, as far as I can throw them."
Re: (Score:2)
Re: (Score:3)
Well, you can download the source code and examine it for back doors. I know not many will do this but it would be a huge breach of trust by Microsoft if anyone found anything like a back door. Because of this I believe it's far more likely that they created this tool to appease international customers and released it as an open source project to prove it.
Re:Wait! (Score:5, Informative)
Well, you can download the source code and examine it for back doors.
Well, google on "ken thompson compiler backdoor" :-)
You can put some source code in that looks innocuous, but the compiler adds a backdoor when it sees that code:
In 1984 KenThompson was presented with the ACM TuringAward. Ken's acceptance speech Reflections On Trusting Trust (http://cm.bell-labs.com/who/ken/trust.html) describes a hack (in every sense), the most subversive ever perpetrated, nothing less than the root password of all evil.
Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.
Re: Wait! (Score:1)
Combine with underhanded C: (Score:1)
It doesn’t even have to be visible in the original source code.
There was a whole contest, revolving around getting backdoors in under the radar: The Underhanded C Contest (The official perfectly innocent web page for law-abiding good guys) [underhanded-c.org]
And you can bet this is serious business for any spying agency on the planet. (Would you ignore it, if you were a spying agency?)
Re: (Score:1)
Re: Wait! (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Hur hur - Micro$haft am I right?
Re: (Score:1)
Not so. The properties of quantum computers are well understood; you can learn about them on an undergrad CS course. It's the engineering that's a problem.
The properties of something we are still investigating and have no samples of are well understood?
Re: Wait! (Score:1)
Re: (Score:1)
If my trust in Microsoft could be quantified it would be a large negative number.
It exceeds the lower bounds of a long?
I'm 99% sure they will try to slide something into the source. Who says all code submitted was written by MS employees?
Re: (Score:1)
Re: (Score:1)
Recall "... newsletter entry stated that NSA already had pre-encryption access to Outlook email"
MS likes to help with tricky new crypto. Help the NSA.
GitHub... (Score:1)
Re:A HARD problem. (Score:5, Insightful)
So where's the quantum hardware to making this all work?
I was confused by this point too, till I did some reading. "Post-quantum cryptography" is NOT the same thing as "Quantum cryptography". The former merely refers to cryptographic algorithms for which there are no known algorithms for quantum computers which can break them. So, RSA would not be considered post-quantum, because Shore's algorithm can break it.
Re:A HARD problem. (Score:5, Interesting)
So where's the quantum hardware to making this all work?
I was confused by this point too, till I did some reading. "Post-quantum cryptography" is NOT the same thing as "Quantum cryptography". The former merely refers to cryptographic algorithms for which there are no known algorithms for quantum computers which can break them. So, RSA would not be considered post-quantum, because Shore's algorithm can break it.
All of our current asymmetric algorithms are vulnerable to Shor's (note spelling) algorithm, assuming a sufficiently-large quantum computer. Grover's algorithm can solve any problem that requires searching a solution space of size N in sqrt(N) time. The first means we need new asymmetric algorithms (public/private key algorithms, like RSA and ECC) that are quantum resistant. The second means that our symmetric algorithms and hashes (like AES and SHA-256) have effectively half the bits of security that we thought, so we may need to reach for larger sizes.
Note that at this point all of these issues are theoretical, because no quantum computers large enough to make these attacks practical exist. With respect to Grover's algorithm, the quantum computers not only have to be sufficiently large, they also have to be quite fast because, for example, finding an AES-128 key will require 2^64 operations which is still a lot. However, it seems unwise to assume that we will never have sufficiently large/fast quantum computers and that these attacks will always remain impractical. Cryptographers like to say "attacks always get better", because they almost always do. If you see a vulnerability that might become practial in two or three decades, then you should start thinking about how to address it now, because the attacks may improve more than you expect, faster than you expect, and changing cryptosystems is going to take at least one of those decades.
We have no real way of predicting how fast progress in quantum computing will move, so we should experiment with post-quantum algorithms now, and begin trying to move to them seriously in the near future.
Re: (Score:1)
You're making too many assumptions. We don't know whether a sufficiently capable quantum computer exists, However, given the NSA's estimated yearly budget, their previous track record, and the estimated number of their employees, it's not unlikely that they could be far ahead of civilian quantum computer development, for example. Other intelligence agencies may have comparable resources. If the history of cryptography has told us anything, then certainly that adversaries with the budget and resources have o
Shame nobody on /. will be using it..... (Score:2)
Trust (Score:2)
We need a lot of independent researchers opinion on that.
Everyone remember Dual EC DRBG [wikipedia.org]?
post quantum crypto! (Score:2)
what a stupid pandering meaningless sound-bite.
it is not known that any current crypto is unbreakable by quantum computing.
Re: (Score:1)
Source supposedly in other repo (Score:1)
The source is supposedly in a different repo: https://github.com/Microsoft/o... [github.com]
See: https://github.com/Microsoft/P... [github.com]
OTOH, by not reading the repo README, you are supporting a long /. tradition, bravo!