Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption The Military

US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography (stripes.com) 48

David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports: "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike."

"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.

Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.

Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.

A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.

This discussion has been archived. No new comments can be posted.

US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography

Comments Filter:
  • by Anonymous Coward

    As someone who had their life up-ended by a hack of a government database, even the most golly-gee-whiz technology won't save you if your policies and protocols suck.

    But investing in making government agencies competent and less bureaucratic doesn't mean you get to funnel billions of taxpayer dollars to cronies.

    Fix your foundational first problems before you give us another bill for a failed and meaningless project like SDI. You are not to be trusted with that type of technology.

    • Re: (Score:2, Troll)

      by gtall ( 79522 )

      Nowhere in the article is there a mention of funneling money to companies. However, given the Ronald Reagan effort to turn the Fed. Gov. into an arm of business, it will happen because the Fed. Agencies do not have the right personnel to do the job. The Fed. Gov. will probably start at universities though since companies cannot see past their next quarter spreadsheets. And the Fed. Gov. can do more than one thing at time, something of which you are willfully ignorant.

      SDI has nothing to do with this or just

  • The crazy thing about switching to quantum resistant crypto is that any communications *before* the switch will be public once quantum computers are developed (I now think it is _once_ not _if_ at this point). I rather suspect that this is what the military is really concerned about. The sooner they switch, the less is revealed. If they had nothing to hide, there would be no story here.
    • by niftydude ( 1745144 ) on Sunday April 10, 2022 @06:22AM (#62433738)
      Yup, there is good evidence state actors are recording a lot of encrypted comms for just this eventuality.
      • I just watched a crypto doc on The Hitler Channel(tm). After going through the usual with Enigma, they pivoted to the Pacific. Japanese military communications had been intercepted and stored for a couple of years (or more) before hostilities w/ the US. Eventually the US analysts were able to even determine which operator sent a message, which was the type of clues that helped the analysts. Still, decoding was difficult and not timely. Eventually, in 1939 by a team of technicians led by William Friedman an

  • by Anonymous Coward

    An arms race again! Whoo-hoo! Spending! Juicy juicy spending! Pork barrels up the yin-yang!

    Because that military-industrial-complex demands its tithe, and will make up or play up any threat to get the spending flowing faster. Not that they really need it, but that's greed for you.

    It's not even completely implausible. People are working on quantum computing, though it's gonna be a goodly while yet before it's generally usable. So the military should already put some effort in looking at "quantum-hardened"

    • I don't think it's quite time for panic yet.

      Who's panicking? They're increasing research. That's not panicking.

      What, is staying ahead of the curve now considered panicking? Should we just be completely reactive with everything, just like with global warming? Or, like with certain common viruses that jump between species and was always a matter of time before one strain really takes off?

  • by locater16 ( 2326718 ) on Sunday April 10, 2022 @03:30AM (#62433610)
    This is fun. Most level headed quantum researchers I've seen have realized the whole craze is in the "uber hype" phase of tech, that familiar one where most haven't realized the whole thing is going to be way harder to produce something that lives up to the hype than is currently targeted. Heck other, even more level headed and knowledgable types wonder if it's even possible. It's not like quantum physics is a solved problem, there are fundamental unanswered questions that involve how they're supposed to work.

    But sure, go off, the commies are coming for us. At least it'll pour money into research. Heck it's too bad there was never a fusion race; this whole climate change thing might not be a problem right now if they'd spent as much money on that as on building thousands of nuclear weapons.
    • by gtall ( 79522 )

      Building nuclear weapons is relatively easy compared to changing the lifestyles of Americans. No one is going off the commies, except you and your dreams.

    • Everyone does not use computers the same way or needs a form factor that you can walk in to your local electronics store and get "yours". Just because a public disclosure implies "hype" does not mean the advances are not "significant". Remember this Internet thing reported to be "blowing over" eventually? By researchers and professors no less....

  • They essentially understand that all currently practicable public key systems might be broken with quantum computers, but symmetric key systems aren't.... ...so they wrap their public key cryptography in an optional simple shared key.

    This is of course not practicable for large systems with thousands of peers, but it's perfectly adequate for the typical usecase of connecting 2 systems to eachother.

    • by Xenna ( 37238 )

      This made me smile. AFAIK, public key cryptography was invented to solve the logistic problem of secure key exchange and now they add a protocol on top of it that requires a manual key exchange ;-)

      What else could we add on top to solve this...?

      • Well the important bit is that it's added on top. Essentially in this case the "chain" is as strong as it's strongest link.
        If the shared key fails... well you've still got the public key system, if the public key system fails you still have the shared key.

        Since the use-case for Wireguard typically doesn't involve actually publishing your public key, but only sharing it with your peers, sharing shared key isn't that much of an issue there.

        One should also note that Wireguard essentially replaces OpenVPN which

        • by bws111 ( 1216812 )

          If you think that actually provides security, then you don't really know anything about security. In an actual secured system, NOBODY knows the private key. In that scheme, multiple parties know a 'shared' key. Any one of those parties could potentially leak that key. That does not meet any reasonable definition of 'secure'.

          • Yeah, that's how most people did it with OpenVPN. With Wireguard if the shared key gets public, you still have the public key crypto to fall back to.

            Cryptographic protocols matter and you cannot simply have a knee-jerk reaction to words you hear without understanding the whole system.

            • by bws111 ( 1216812 )

              Right, you must understand the whole system, so maybe you should try that. The underlying assumption with this effort is that the current public key systems will be broken. So no, you don't have that 'to fall back on'. All you have is a very insecure shared key.

    • by ceoyoyo ( 59147 )

      There are a bunch of practical quantum resistant public key systems available. The most popular key exchange systems are possibly vulnerable to hypothetical future quantum computers. Maybe.

      I've never heard of Wireguard, but it sounds silly. If you're exchanging a key just use symmetric key encryption. I expect this is already what most actually secret communication does. It's not like the US government doesn't have multiple ways of securely exchanging keys or enough paranoid people who would drop a SHA-384

      • Well those systems require very long key lengths which make them less practicable. Yes it may be a bit silly, but it's rather effective.

        For Wireguard the symmetric key is optional. In any case it uses public key encryption, the shared key is just there in case someone breaks the public key scheme. Key exchange is done manually, so you exchange IP addresses, ports, the public keys and the "allowed IPs" between the peers. There's no CA or other complicated scheme necessary. Simplicity was one of the main poin

        • by bws111 ( 1216812 )

          it's rather effective

          Effective at what (other than convincing people that are not familiar with security that it is secure)?

          If the public key stuff is not broken (and currently it is not), then the shared keys provide no benefit at all. If the public keys are broken, then all you have are pre-shared keys, which your own link points out 'are usually troublesome' (then explains how that doesn't matter because the public keys aren't broken!)

          What, exactly provides the secure channel over which these pre-shared keys are shared? Let

          • I wonder why you are so hung up about this one aspect of it.

            • by bws111 ( 1216812 )

              What other aspect is there? The whole point of the discussion is how to protect against a future where current public key cryptography is broken. You say you like how wireguard approaches it, but wireguard just uses double talk to dance around the problem. Just read that section in your link. 'Mitigates against curve25519 being broken by quantum computing by using pre-shared keys which are a problem but that is OK because curve25519 provides adequate protection.' Huh?

              • Quantum Mallory never sees the key exchange because Alice and Bob do it with symmetric encryption.

                Quantum can't break something it can't see. So even if ed25519 is broken, it's not broken for Mallory snooping a Wireguard connection. This is a textbook example of security engineering.

                You're rudely dismissive of Wireguard which you would know about if you were active in cryptography - and are wrong to boot. Try learning about something before shitting on it. It didn't get integrated into -mainline after ye

                • by bws111 ( 1216812 )

                  Quantum Mallory never sees the key exchange because Alice and Bob do it with symmetric encryption.

                  In order to do anything with symmetric encryption a key exchange must have ALREADY OCCURRED. You do know that, right? If Mallory is so interested in your communication that she is willing to expend the resources of a quantum computer on it, what makes you think she didn't ALSO intercept whatever communication you used to exchange your symmetric key?

                  All you (and casandro and wireguard) are doing is making THAT key exchange the user's problem.

                  If you are convinced you can securely exchange and manage your sy

            • by bws111 ( 1216812 )

              To further clarify: when analyzing security you must look for the weakest link in the chain. You hold up symmetric encryption as the strongest link. But to say that, you must look at the weaknesses surrounding it. And while the algorithms may be very strong and quantum resistant, there is another important aspect to consider: key management.

              When considering key management, here are some things to think about:
              How are the keys distributed? If there is public key cryptography involved anywhere along the li

        • by ceoyoyo ( 59147 )

          Lol. If you're exchanging a key then the additional use of public key encryption is silly.

          Post-Quantum public key encryption doesn't require large keys. The keys range from a few hundred bytes to a meg or so.

          • by bws111 ( 1216812 )

            Indeed. In fact, if you think you have key exchange worked out better than public key does, just exchange a one time pad and you'll be safe from all attacks.

      • There are a bunch of practical quantum resistant public key systems available. The most popular key exchange systems are possibly vulnerable to hypothetical future quantum computers. Maybe.

        But the candidate algorithms keep falling to classical attacks. Post quantum crypto still has to be secure against the existing non crypto attacks and designing such algorithms is kinda challenging.

        • by bws111 ( 1216812 )

          That's why a hybrid approach is used - current methods to prevent classical attacks, post quantum to prevent quantum attacks.

          • That's why a hybrid approach is used - current methods to prevent classical attacks, post quantum to prevent quantum attacks.

            Indeed it is fine until the PQ part is broken. Maybe some of them are actually sound and will not be broken for many years.
            I personally am a skeptic on quantum computers that can break crypto being made, but since I design crypto circuit for chips, I do make them PQ secure just in case.

        • by ceoyoyo ( 59147 )

          Better tell NIST. They seem to think there are a decent number of good candidates. You might want to include some supporting evidence though.

  • by Xenna ( 37238 ) on Sunday April 10, 2022 @05:10AM (#62433694)

    OpenSSH adds post-quantum key exchange

    https://www.reddit.com/r/crypt... [reddit.com]

  • by storkus ( 179708 ) on Sunday April 10, 2022 @08:01AM (#62433838)

    a pretty shocking moment to industry and government alike

    They're scared shitless that it'll make the Snowden revelations look like a movie preview.

  • Creation sequencing.
  • If you have an adversary with a computer capable of cracking crypto and you don't.

  • in a nutshell... (Score:4, Interesting)

    by Anonymous Coward on Sunday April 10, 2022 @10:35AM (#62434056)

    The Chinese government is misallocating resources on boondoggle projects that will never go anywhere, so the US government thinks it should do the same.

  • by FeelGood314 ( 2516288 ) on Sunday April 10, 2022 @04:38PM (#62434688)
    You need quantum resistance today because your adversary is recording your messages and the key exchanges today and once they have a quantum computer they can crack the key exchange and read your messages. So If you send anything that needs to be kept secret for 10 years or more you better not use a key exchange based on discrete logarithms (ECC) or prime factorization (RSA).

    When I worked in this area 5 years ago it was impossible to get people in the right places to care enough to even listen. They assume they can just apply a patch once at some date in the future when a powerful enough computer is built to break the encryption. So you really have to get them to understand that this is a problem today. This literally takes 20 minutes of their attention to break their mentality of security threats. If by some miracle you get 20 minutes your will still fail to get any changes made because everyone who can make a decision is over 50 and will be long retired or in a different role when the mitigations you are proposing pay off. You have more chance at convincing government officials to implement climate change mitigation today than cryptography mitigation.
  • TrueCrypt/VeraCrypt didn't have the option of using just one algorithm, but up to three. Of course, the first thing people think about is that this allows for effectively 768 bits of difficulty. Well, that's a best case. In reality, having three algorithms might give 257-258 bits. However, the one thing about a cascade, if implemented properly (as in not ECB), if one algorithm is severely weakened, there are two others.

    Yes, this would take more time, especially if there are three hash algorithms or thre

  • Once the solar flares hit we won't have to worry about it.
  • Post-quantum cryptographic algorithms already exist. In fact, you might even have one of them enabled at the moment.

    All you have to do is issue a notice of which ones are "approved" and which are not and give people a timeline to move to them.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...