US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography (stripes.com) 48
David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports:
"I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike."
"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.
Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.
Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.
A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.
"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.
Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.
Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.
A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.
Pffftt. (Score:1)
As someone who had their life up-ended by a hack of a government database, even the most golly-gee-whiz technology won't save you if your policies and protocols suck.
But investing in making government agencies competent and less bureaucratic doesn't mean you get to funnel billions of taxpayer dollars to cronies.
Fix your foundational first problems before you give us another bill for a failed and meaningless project like SDI. You are not to be trusted with that type of technology.
Re: (Score:2, Troll)
Nowhere in the article is there a mention of funneling money to companies. However, given the Ronald Reagan effort to turn the Fed. Gov. into an arm of business, it will happen because the Fed. Agencies do not have the right personnel to do the job. The Fed. Gov. will probably start at universities though since companies cannot see past their next quarter spreadsheets. And the Fed. Gov. can do more than one thing at time, something of which you are willfully ignorant.
SDI has nothing to do with this or just
Now is the time but it might be too late (Score:2)
Re: Now is the time but it might be too late (Score:5, Interesting)
Re: (Score:2)
I just watched a crypto doc on The Hitler Channel(tm). After going through the usual with Enigma, they pivoted to the Pacific. Japanese military communications had been intercepted and stored for a couple of years (or more) before hostilities w/ the US. Eventually the US analysts were able to even determine which operator sent a message, which was the type of clues that helped the analysts. Still, decoding was difficult and not timely. Eventually, in 1939 by a team of technicians led by William Friedman an
Oooh! Golly gee! (Score:1)
An arms race again! Whoo-hoo! Spending! Juicy juicy spending! Pork barrels up the yin-yang!
Because that military-industrial-complex demands its tithe, and will make up or play up any threat to get the spending flowing faster. Not that they really need it, but that's greed for you.
It's not even completely implausible. People are working on quantum computing, though it's gonna be a goodly while yet before it's generally usable. So the military should already put some effort in looking at "quantum-hardened"
Re: (Score:2)
I don't think it's quite time for panic yet.
Who's panicking? They're increasing research. That's not panicking.
What, is staying ahead of the curve now considered panicking? Should we just be completely reactive with everything, just like with global warming? Or, like with certain common viruses that jump between species and was always a matter of time before one strain really takes off?
Gotta get psychic spies afore the commies! (Score:4, Insightful)
But sure, go off, the commies are coming for us. At least it'll pour money into research. Heck it's too bad there was never a fusion race; this whole climate change thing might not be a problem right now if they'd spent as much money on that as on building thousands of nuclear weapons.
Re: (Score:1)
Building nuclear weapons is relatively easy compared to changing the lifestyles of Americans. No one is going off the commies, except you and your dreams.
Re: (Score:1)
Everyone does not use computers the same way or needs a form factor that you can walk in to your local electronics store and get "yours". Just because a public disclosure implies "hype" does not mean the advances are not "significant". Remember this Internet thing reported to be "blowing over" eventually? By researchers and professors no less....
I like how Wireguard approaches that problem (Score:2)
They essentially understand that all currently practicable public key systems might be broken with quantum computers, but symmetric key systems aren't.... ...so they wrap their public key cryptography in an optional simple shared key.
This is of course not practicable for large systems with thousands of peers, but it's perfectly adequate for the typical usecase of connecting 2 systems to eachother.
Re: (Score:2)
This made me smile. AFAIK, public key cryptography was invented to solve the logistic problem of secure key exchange and now they add a protocol on top of it that requires a manual key exchange ;-)
What else could we add on top to solve this...?
Re: (Score:2)
Well the important bit is that it's added on top. Essentially in this case the "chain" is as strong as it's strongest link.
If the shared key fails... well you've still got the public key system, if the public key system fails you still have the shared key.
Since the use-case for Wireguard typically doesn't involve actually publishing your public key, but only sharing it with your peers, sharing shared key isn't that much of an issue there.
One should also note that Wireguard essentially replaces OpenVPN which
Re: (Score:2)
If you think that actually provides security, then you don't really know anything about security. In an actual secured system, NOBODY knows the private key. In that scheme, multiple parties know a 'shared' key. Any one of those parties could potentially leak that key. That does not meet any reasonable definition of 'secure'.
Re: (Score:2)
Yeah, that's how most people did it with OpenVPN. With Wireguard if the shared key gets public, you still have the public key crypto to fall back to.
Cryptographic protocols matter and you cannot simply have a knee-jerk reaction to words you hear without understanding the whole system.
Re: (Score:2)
Right, you must understand the whole system, so maybe you should try that. The underlying assumption with this effort is that the current public key systems will be broken. So no, you don't have that 'to fall back on'. All you have is a very insecure shared key.
Re: (Score:2)
There are a bunch of practical quantum resistant public key systems available. The most popular key exchange systems are possibly vulnerable to hypothetical future quantum computers. Maybe.
I've never heard of Wireguard, but it sounds silly. If you're exchanging a key just use symmetric key encryption. I expect this is already what most actually secret communication does. It's not like the US government doesn't have multiple ways of securely exchanging keys or enough paranoid people who would drop a SHA-384
Re: (Score:2)
Well those systems require very long key lengths which make them less practicable. Yes it may be a bit silly, but it's rather effective.
For Wireguard the symmetric key is optional. In any case it uses public key encryption, the shared key is just there in case someone breaks the public key scheme. Key exchange is done manually, so you exchange IP addresses, ports, the public keys and the "allowed IPs" between the peers. There's no CA or other complicated scheme necessary. Simplicity was one of the main poin
Re: (Score:2)
it's rather effective
Effective at what (other than convincing people that are not familiar with security that it is secure)?
If the public key stuff is not broken (and currently it is not), then the shared keys provide no benefit at all. If the public keys are broken, then all you have are pre-shared keys, which your own link points out 'are usually troublesome' (then explains how that doesn't matter because the public keys aren't broken!)
What, exactly provides the secure channel over which these pre-shared keys are shared? Let
Re: (Score:2)
I wonder why you are so hung up about this one aspect of it.
Re: (Score:2)
What other aspect is there? The whole point of the discussion is how to protect against a future where current public key cryptography is broken. You say you like how wireguard approaches it, but wireguard just uses double talk to dance around the problem. Just read that section in your link. 'Mitigates against curve25519 being broken by quantum computing by using pre-shared keys which are a problem but that is OK because curve25519 provides adequate protection.' Huh?
Re: (Score:2)
Quantum Mallory never sees the key exchange because Alice and Bob do it with symmetric encryption.
Quantum can't break something it can't see. So even if ed25519 is broken, it's not broken for Mallory snooping a Wireguard connection. This is a textbook example of security engineering.
You're rudely dismissive of Wireguard which you would know about if you were active in cryptography - and are wrong to boot. Try learning about something before shitting on it. It didn't get integrated into -mainline after ye
Re: (Score:2)
Quantum Mallory never sees the key exchange because Alice and Bob do it with symmetric encryption.
In order to do anything with symmetric encryption a key exchange must have ALREADY OCCURRED. You do know that, right? If Mallory is so interested in your communication that she is willing to expend the resources of a quantum computer on it, what makes you think she didn't ALSO intercept whatever communication you used to exchange your symmetric key?
All you (and casandro and wireguard) are doing is making THAT key exchange the user's problem.
If you are convinced you can securely exchange and manage your sy
Re: (Score:2)
To further clarify: when analyzing security you must look for the weakest link in the chain. You hold up symmetric encryption as the strongest link. But to say that, you must look at the weaknesses surrounding it. And while the algorithms may be very strong and quantum resistant, there is another important aspect to consider: key management.
When considering key management, here are some things to think about:
How are the keys distributed? If there is public key cryptography involved anywhere along the li
Re: (Score:2)
Lol. If you're exchanging a key then the additional use of public key encryption is silly.
Post-Quantum public key encryption doesn't require large keys. The keys range from a few hundred bytes to a meg or so.
Re: (Score:2)
Indeed. In fact, if you think you have key exchange worked out better than public key does, just exchange a one time pad and you'll be safe from all attacks.
Re: (Score:2)
There are a bunch of practical quantum resistant public key systems available. The most popular key exchange systems are possibly vulnerable to hypothetical future quantum computers. Maybe.
But the candidate algorithms keep falling to classical attacks. Post quantum crypto still has to be secure against the existing non crypto attacks and designing such algorithms is kinda challenging.
Re: (Score:2)
That's why a hybrid approach is used - current methods to prevent classical attacks, post quantum to prevent quantum attacks.
Re: (Score:2)
That's why a hybrid approach is used - current methods to prevent classical attacks, post quantum to prevent quantum attacks.
Indeed it is fine until the PQ part is broken. Maybe some of them are actually sound and will not be broken for many years.
I personally am a skeptic on quantum computers that can break crypto being made, but since I design crypto circuit for chips, I do make them PQ secure just in case.
Re: (Score:2)
Better tell NIST. They seem to think there are a decent number of good candidates. You might want to include some supporting evidence though.
Re: (Score:2)
One of the remaining signature algorithm candidate (Rainbow) got broken. That 1 out of 3. Only 2 left.
If Crystals-dilithium and falcon fail then there will be none left.
https://csrc.nist.gov/projects... [nist.gov]
Perhaps more interesting to this community (Score:5, Informative)
OpenSSH adds post-quantum key exchange
https://www.reddit.com/r/crypt... [reddit.com]
None of you get it (Score:3)
a pretty shocking moment to industry and government alike
They're scared shitless that it'll make the Snowden revelations look like a movie preview.
Quantum Entanglement (Score:1)
Too many secrets are the least of your worries (Score:2)
If you have an adversary with a computer capable of cracking crypto and you don't.
in a nutshell... (Score:4, Interesting)
The Chinese government is misallocating resources on boondoggle projects that will never go anywhere, so the US government thinks it should do the same.
Sounds familiar (Score:3)
Nuclear weapons, Space Race, missile defense, hypersonic missiles...
Cracking today's key exchange tomorrow (Score:4, Insightful)
When I worked in this area 5 years ago it was impossible to get people in the right places to care enough to even listen. They assume they can just apply a patch once at some date in the future when a powerful enough computer is built to break the encryption. So you really have to get them to understand that this is a problem today. This literally takes 20 minutes of their attention to break their mentality of security threats. If by some miracle you get 20 minutes your will still fail to get any changes made because everyone who can make a decision is over 50 and will be long retired or in a different role when the mitigations you are proposing pay off. You have more chance at convincing government officials to implement climate change mitigation today than cryptography mitigation.
Re: (Score:1)
Why not use a cascade? (Score:2)
TrueCrypt/VeraCrypt didn't have the option of using just one algorithm, but up to three. Of course, the first thing people think about is that this allows for effectively 768 bits of difficulty. Well, that's a best case. In reality, having three algorithms might give 257-258 bits. However, the one thing about a cascade, if implemented properly (as in not ECB), if one algorithm is severely weakened, there are two others.
Yes, this would take more time, especially if there are three hash algorithms or thre
Solar flares... (Score:2)
Post-quantum cryptography (Score:2)
Post-quantum cryptographic algorithms already exist. In fact, you might even have one of them enabled at the moment.
All you have to do is issue a notice of which ones are "approved" and which are not and give people a timeline to move to them.