SlideShare a Scribd company logo
1 of 30
Download to read offline
Cryptoagility and Quantum
Resistance: Easier Said Than Done
Post Quantum Cryptography – The Impact on Identity
Dr. Carmen Kempka
Director Corporate Technology
WIBU-SYSTEMS AG
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
To access the on-demand replay of this masterclass,
please visit
https://www.wibu.com/wibu-systems-webinars/post-
quantum-cryptography-the-impact-on-
identity/access.html
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
The cat-and-mouse-game of cryptography
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
Cryptography develops. So does cryptoanalysis.
3
Cryptography and quantum computers: What is broken?
Certificate
Public Key:
0011101001
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 15
Post Quantum Cryptography
Cryptographic algorithms are resistant against quantum attacks
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 16
Based on hard mathematical problems
• RSA: factoring large numbers
• ECC: discrete logarithms (DLOG)
Asymmetric cryptography
NP
Exp
P
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 17
Based on hard mathematical problems
• RSA: factoring large numbers
• ECC: discrete logarithms (DLOG)
• PQC algorithms are based on various,
different mathematical problems that are not
easily solvable by quantum computers
Asymmetric cryptography
NP
Exp
P
SVP
LWE
SIS
Lineare Codes
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 18
Based on hard mathematical problems
• RSA: factoring large numbers
• ECC: discrete logarithms (DLOG)
• PQC algorithms are based on various
mathematical problems that are not easily
solvable by quantum computers
• These mathematical problems are much
younger and less analyzed!
Asymmetric cryptography
NP
Exp
P
SVP
LWE
SIS
Analyzed for less
than 20 years
Lineare Codes
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 19
PQC Timeline
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 20
PQC Timeline
July 2022:
publication of PQC
algorithms selected
for NIST standard
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 21
PQC Timeline
July 2022:
publication of PQC
algorithms selected
for NIST standard
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
August 2022:
candidate SIKE
broken on
classical computer
22
• RSA, ECC:
 Factoring and DLOG have been analyzed since around
300 bc (Euclid)
 High trust in security against classical attacks
− Fully broken with quantum computers – but when?
• PQC algorithms
• Mathematical problems quite new
• No known relevant attacks by classical or quantum
computers
• Situation hard to assess: not many people have expertise
in quantum computers and cryptography or the math
behind the PQC schemes
The PQC dilemma
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 23
Cryptoagility
Bildquelle: https://www.goodfreephotos.com/public-domain-images/fitting-the-last-puzzle-piece.jpg.php (Public Domain)
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 24
What do we have?
PQC
Lattice-based
Code-based
Isogenies on elliptic
curves
Multivariate
polynomials
(signatures only)
Hash-based
(signatures only)
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 25
What do we have?
PQC
Lattice-based
Code based-
Isogenies on elliptic
curves
Multivariate
polynomials
(signatures only)
Hash based-
(signatures only)
4th round
 McEliece
 BIKE
 HQC
SIKE
 SPHINCS+
State based:
 XMSS
 LMS
 Dilithium
 Falcon
 Kyber
Rainbow
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 26
Cryptoagility
The ideal world
public abstract class Encryptor {
abstract String encrypt(int publicKey, String message);
}
public class RSAEncryptor extends Encryptor {
public String encrypt (int publicKey, String message) {
<Code for encryption with RSA>
return ciphertext;
}
}
public class KyberEncryptor extends Encryptor {
public String encrypt (int publicKey, String message) {
<Code for encryption with Kyber>
return ciphertext;
}
}
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 27
Cryptoagility
The ideal world
public abstract class Encryptor {
abstract String encrypt(int publicKey, String message);
}
public class RSAEncryptor extends Encryptor {
public String encrypt (int publicKey, String message) {
<Code for encryption with RSA>
return ciphertext;
}
}
public class KyberEncryptor extends Encryptor {
public String encrypt (int publicKey, String message) {
<Code for encryption with Kyber>
return ciphertext;
}
}
Cryptoagile concept
 Modularity
 Crypto algorithms can be easily replaced if broken
 Once large enough quantum computers exist to
break our crypto algorithms, the algorithms are just
replaced by PQC algorithms – problem solved
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 28
Cryptoagility: the real world
© WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum
Resistance: Easier Said Than Done
2024-04-10 © WIBU-SYSTEMS AG 2024 29
Cryptoagility: easier said than done
• Different mathematical structures
• Large difference in memory requirements
• Very different in performance
• Very different key sizes and formats
• Developers need to learn a lot for each new algorithm
• Test vectors
• Formats
• Memory/performance trade-offs
• Which intermediate results need to be kept secret
• How to implement resistance against side channels
• Other best practices in implementation and usage
• …
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 30
How to deal with cryptoagility
• Plan with enough time and resources
• management needs to be aware of the full extent of the problem
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 32
How to deal with cryptoagility
• Threat analysis
• Find out where cryptography is used in your system and what is protected against what
• Maybe use the opportunity to re-asses your security architecture
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 33
How to deal with cryptoagility
• Identify memory and performance requirements
• Hardware requirements
• Availability requirements of cloud systems
• Response time
• Bandwidth
• …
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 34
How to deal with cryptoagility
• Flexibility
• Restructure code: you need modularity and more flexibility
• Hardcoded sizes or fixed formats could become a problem
• Maybe use the opportunity to clean up your code base
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 35
How to deal with cryptoagility
• Get experience
• Try out open source PQC libs to identify performance issues etc.
• Do research projects
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 36
How long do we have time?
When should we start integrating quantum resistant cryptography?
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 37
Mosca’s Theorem
When should we start?
Let…
…X the time for which encryption should be secure
…Y the time needed for migrating to PQC
…Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems
Theorem (Mosca):
Source Mosca‘s Theorem: https://csrc.nist.gov/csrc/media/events/workshop-on-cybersecurity-in-a-post-quantum-world/documents/presentations/session8-mosca-michele.pdf
X
Y
Z 
If X + Y > Z, then worry
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 38
Mosca’s Theorem
When should we start?
Let…
…X the time for which encryption should be secure
…{Y1..Yn} the time needed for migrating the entire value chain to PQC
…Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems
Theorem:
X
Z 
If X + Y > Z, then worry
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
Y1 Y2 Y3
39
When do quantum computers start becoming dangerous
We don’t know that.
• Needed to break ECC 256: around 2330 logical qubits or several million physical qubits
• Needed to break RSA 2048: around 4096 logical qubits or several million physical qubits
• Currently existing quantum computers have a few hundred physical qubits
Seems we are still far away from having our crypto systems broken, but
everything between < 10 and > 30 years is possible
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 40
Migration to PQC
• Long-term security: combination of different algorithms
• Hybrid certificates
• Double encryption
• Cryptoagility
• Where is cryptography used in your system?
• Make cryptography updatable and replaceable
• Find a good strategy for the transition
• Identify dependencies
• Coordinate migration to PQC with suppliers and customers
• Requirements of downwards compatibility and interoperability
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 41
Europe: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
Japan: +81-45-5659710
https://www.wibu.com
info@wibu.com
Thank You!
Let’s keep in touch
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 42

More Related Content

Similar to Post Quantum Cryptography – The Impact on Identity

Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
Javier Tallón
 

Similar to Post Quantum Cryptography – The Impact on Identity (20)

Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Quantum Cryptography
Quantum Cryptography  Quantum Cryptography
Quantum Cryptography
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
The Quantum Era & Quantum Key Distribution
The Quantum Era & Quantum Key Distribution The Quantum Era & Quantum Key Distribution
The Quantum Era & Quantum Key Distribution
 
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
 
Quantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdfQuantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdf
 
Dawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton RavindranDawn of the Intelligence Age by Dr. Anton Ravindran
Dawn of the Intelligence Age by Dr. Anton Ravindran
 
Quantum Hardware Hacking
Quantum Hardware HackingQuantum Hardware Hacking
Quantum Hardware Hacking
 
Exploring Quantum Cryptography: The Future of Unbreakable Encryption
Exploring Quantum Cryptography: The Future of Unbreakable EncryptionExploring Quantum Cryptography: The Future of Unbreakable Encryption
Exploring Quantum Cryptography: The Future of Unbreakable Encryption
 
Quantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief IntroductionQuantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief Introduction
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
IBOSEC-3000-2.pdf
IBOSEC-3000-2.pdfIBOSEC-3000-2.pdf
IBOSEC-3000-2.pdf
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 
Quantum Computing: The next new technology in computing
Quantum Computing: The next new technology in computingQuantum Computing: The next new technology in computing
Quantum Computing: The next new technology in computing
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Quantum Secured Blockchain
Quantum Secured BlockchainQuantum Secured Blockchain
Quantum Secured Blockchain
 
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
Internet of Things (IOT) Cloud Security by Dr. Anton Ravindran
 
Tears for quantum fears
Tears for quantum fearsTears for quantum fears
Tears for quantum fears
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 

More from team-WIBU

Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
team-WIBU
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
team-WIBU
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
team-WIBU
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
team-WIBU
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
team-WIBU
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
team-WIBU
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
team-WIBU
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
team-WIBU
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
team-WIBU
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
team-WIBU
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
team-WIBU
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
team-WIBU
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
team-WIBU
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
team-WIBU
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
team-WIBU
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
team-WIBU
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
team-WIBU
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
team-WIBU
 
Subscriptions - Relationships built to last
Subscriptions - Relationships built to lastSubscriptions - Relationships built to last
Subscriptions - Relationships built to last
team-WIBU
 

More from team-WIBU (20)

Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
 
Subscriptions - Relationships built to last
Subscriptions - Relationships built to lastSubscriptions - Relationships built to last
Subscriptions - Relationships built to last
 

Recently uploaded

Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
drm1699
 

Recently uploaded (20)

BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop -  Architecting Innovative Graph Applications- GraphSummit MilanWorkshop -  Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMs
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
Transformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with LinksTransformer Neural Network Use Cases with Links
Transformer Neural Network Use Cases with Links
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
 
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test Automation
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
 

Post Quantum Cryptography – The Impact on Identity

  • 1. Cryptoagility and Quantum Resistance: Easier Said Than Done Post Quantum Cryptography – The Impact on Identity Dr. Carmen Kempka Director Corporate Technology WIBU-SYSTEMS AG 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
  • 2. To access the on-demand replay of this masterclass, please visit https://www.wibu.com/wibu-systems-webinars/post- quantum-cryptography-the-impact-on- identity/access.html 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done
  • 3. The cat-and-mouse-game of cryptography 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done Cryptography develops. So does cryptoanalysis. 3
  • 4. Cryptography and quantum computers: What is broken? Certificate Public Key: 0011101001 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 15
  • 5. Post Quantum Cryptography Cryptographic algorithms are resistant against quantum attacks 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 16
  • 6. Based on hard mathematical problems • RSA: factoring large numbers • ECC: discrete logarithms (DLOG) Asymmetric cryptography NP Exp P 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 17
  • 7. Based on hard mathematical problems • RSA: factoring large numbers • ECC: discrete logarithms (DLOG) • PQC algorithms are based on various, different mathematical problems that are not easily solvable by quantum computers Asymmetric cryptography NP Exp P SVP LWE SIS Lineare Codes 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 18
  • 8. Based on hard mathematical problems • RSA: factoring large numbers • ECC: discrete logarithms (DLOG) • PQC algorithms are based on various mathematical problems that are not easily solvable by quantum computers • These mathematical problems are much younger and less analyzed! Asymmetric cryptography NP Exp P SVP LWE SIS Analyzed for less than 20 years Lineare Codes 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 19
  • 9. PQC Timeline 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 20
  • 10. PQC Timeline July 2022: publication of PQC algorithms selected for NIST standard 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 21
  • 11. PQC Timeline July 2022: publication of PQC algorithms selected for NIST standard 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done August 2022: candidate SIKE broken on classical computer 22
  • 12. • RSA, ECC:  Factoring and DLOG have been analyzed since around 300 bc (Euclid)  High trust in security against classical attacks − Fully broken with quantum computers – but when? • PQC algorithms • Mathematical problems quite new • No known relevant attacks by classical or quantum computers • Situation hard to assess: not many people have expertise in quantum computers and cryptography or the math behind the PQC schemes The PQC dilemma 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 23
  • 13. Cryptoagility Bildquelle: https://www.goodfreephotos.com/public-domain-images/fitting-the-last-puzzle-piece.jpg.php (Public Domain) 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 24
  • 14. What do we have? PQC Lattice-based Code-based Isogenies on elliptic curves Multivariate polynomials (signatures only) Hash-based (signatures only) 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 25
  • 15. What do we have? PQC Lattice-based Code based- Isogenies on elliptic curves Multivariate polynomials (signatures only) Hash based- (signatures only) 4th round  McEliece  BIKE  HQC SIKE  SPHINCS+ State based:  XMSS  LMS  Dilithium  Falcon  Kyber Rainbow 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 26
  • 16. Cryptoagility The ideal world public abstract class Encryptor { abstract String encrypt(int publicKey, String message); } public class RSAEncryptor extends Encryptor { public String encrypt (int publicKey, String message) { <Code for encryption with RSA> return ciphertext; } } public class KyberEncryptor extends Encryptor { public String encrypt (int publicKey, String message) { <Code for encryption with Kyber> return ciphertext; } } 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 27
  • 17. Cryptoagility The ideal world public abstract class Encryptor { abstract String encrypt(int publicKey, String message); } public class RSAEncryptor extends Encryptor { public String encrypt (int publicKey, String message) { <Code for encryption with RSA> return ciphertext; } } public class KyberEncryptor extends Encryptor { public String encrypt (int publicKey, String message) { <Code for encryption with Kyber> return ciphertext; } } Cryptoagile concept  Modularity  Crypto algorithms can be easily replaced if broken  Once large enough quantum computers exist to break our crypto algorithms, the algorithms are just replaced by PQC algorithms – problem solved 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 28
  • 18. Cryptoagility: the real world © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 2024-04-10 © WIBU-SYSTEMS AG 2024 29
  • 19. Cryptoagility: easier said than done • Different mathematical structures • Large difference in memory requirements • Very different in performance • Very different key sizes and formats • Developers need to learn a lot for each new algorithm • Test vectors • Formats • Memory/performance trade-offs • Which intermediate results need to be kept secret • How to implement resistance against side channels • Other best practices in implementation and usage • … 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 30
  • 20. How to deal with cryptoagility • Plan with enough time and resources • management needs to be aware of the full extent of the problem 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 32
  • 21. How to deal with cryptoagility • Threat analysis • Find out where cryptography is used in your system and what is protected against what • Maybe use the opportunity to re-asses your security architecture 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 33
  • 22. How to deal with cryptoagility • Identify memory and performance requirements • Hardware requirements • Availability requirements of cloud systems • Response time • Bandwidth • … 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 34
  • 23. How to deal with cryptoagility • Flexibility • Restructure code: you need modularity and more flexibility • Hardcoded sizes or fixed formats could become a problem • Maybe use the opportunity to clean up your code base 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 35
  • 24. How to deal with cryptoagility • Get experience • Try out open source PQC libs to identify performance issues etc. • Do research projects 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 36
  • 25. How long do we have time? When should we start integrating quantum resistant cryptography? 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 37
  • 26. Mosca’s Theorem When should we start? Let… …X the time for which encryption should be secure …Y the time needed for migrating to PQC …Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems Theorem (Mosca): Source Mosca‘s Theorem: https://csrc.nist.gov/csrc/media/events/workshop-on-cybersecurity-in-a-post-quantum-world/documents/presentations/session8-mosca-michele.pdf X Y Z  If X + Y > Z, then worry 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 38
  • 27. Mosca’s Theorem When should we start? Let… …X the time for which encryption should be secure …{Y1..Yn} the time needed for migrating the entire value chain to PQC …Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems Theorem: X Z  If X + Y > Z, then worry 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done Y1 Y2 Y3 39
  • 28. When do quantum computers start becoming dangerous We don’t know that. • Needed to break ECC 256: around 2330 logical qubits or several million physical qubits • Needed to break RSA 2048: around 4096 logical qubits or several million physical qubits • Currently existing quantum computers have a few hundred physical qubits Seems we are still far away from having our crypto systems broken, but everything between < 10 and > 30 years is possible 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 40
  • 29. Migration to PQC • Long-term security: combination of different algorithms • Hybrid certificates • Double encryption • Cryptoagility • Where is cryptography used in your system? • Make cryptography updatable and replaceable • Find a good strategy for the transition • Identify dependencies • Coordinate migration to PQC with suppliers and customers • Requirements of downwards compatibility and interoperability 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 41
  • 30. Europe: +49-721-931720 USA: +1-425-7756900 China: +86-21-55661790 Japan: +81-45-5659710 https://www.wibu.com info@wibu.com Thank You! Let’s keep in touch 2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 42