Four New Defenses Against Quantum Codebreakers – POLITICO

With the help of Derek Robertson

Possibility to pay by credit card online this is something we now take for granted, but in the not too distant future, quantum computers will be able to break the encryption that protects these payments from spies and cybercriminals.

The ability of these quantum computers to break encryption, although probably several decades later, has already been brought to the attention of the National Security Agency. concerned that enemies of the United States will have access to classified secrets.

Like us reported in this newsletternumerous branches of the federal government are trying to find solutions.

The House of Representatives passed today check aims to speed up government use of the encryption algorithms that quantum computers struggle to crack using currently known methods, in part because of concerns that an attacker could “steal sensitive encrypted data today using classical computers and wait until powerful enough quantum systems will be available to decipher it.”

In May, President Joe Biden published national security memorandum stating that a powerful quantum computer “will compromise civilian and military communications, undermine surveillance and control systems for critical infrastructure, and disrupt the security protocols for most financial transactions on the Internet.”

Nobody knows for sure if such a quantum computer is five years away, 20 years, or a dream that will never come true. But the National Institute of Standards and Technology is coordinating efforts to develop new encryption algorithms so the government is ready. On July 5, NIST announced the selection the first four of these algorithms.

“We don’t wait for something to break,” Matthew Scholl, head of NIST’s computer security division, told me in an interview a few days before the announcement.

Quantum computers are not superior to classical computers in any general sense, but they can (theoretically) quickly solve certain types of problems, including factoring large numbers into their prime factors. (It is much easier to calculate that 101 * 167 = 16,867 than to reverse that calculation, and factorization quickly becomes more difficult as numbers grow.) Much of the so-called “public key” cryptography in use today makes it easy for anyone who sends a message , which can only be read by the intended recipient, relies on the fact that large numbers are hard to account for.

NIST Post-Quantum Cryptography Project is an attempt to fix this vulnerability. Over the past six years, the agency has weeded out 69 submitted algorithms in the hope of finding an encryption standard that can withstand quantum computers and work with a wide range of hardware.

Of the four algorithms approved by NIST this month, one, CRYSTALS-KYBER (named after the minerals that power lightsabers in star Wars) is used to securely generate and exchange encryption keys. The other three are Dilithium CRYSTALS (named after the spacecraft’s power source in Star Trek), FALCON, and SPHINCS are digital signature schemes used to verify that the sender and recipient of a message are who they claim to be.

The idea is to create a set of algorithms both to provide alternatives if a vulnerability is found in one of them, and to work with systems with limited computing power.

Other algorithms are still under consideration, and NIST plans to publish its post-quantum cryptographic standard, including a full basket of algorithms, in 2024.

NIST is working with international partners to build global support for a possible standard that will increase the number of technology companies that use it—or perhaps small variations of it—rather than waiting for other countries to develop competing standards.

This global update is a challenging task.

The good news is that software updates from several major tech companies, including Google, Microsoft, and Apple, will be rolling out to a huge number of computers, web browsers, and gadgets. The bad news is that many smaller vendors may not know or care about the transition. Also problematic: many companies are still using outdated specialized hardware that is not available for vendors to patch remotely.

NIST is developing guidance to help these companies understand their risks and prepare for the transition, and the DHS Cyber ​​and Infrastructure Security Agency leverages its relationships with key industries to assist hospitals, power plant operators and other organizations whose specialized functions require specialized equipment.

Biden’s memo aims to “reduce quantum risk as much as possible by 2035.” NIST believes it is on track to do so.

“We are certainly preparing for it more than any other crypto transition we have done before,” Scholl said.

As Silicon Valley institutional money flows into the Web3 business, more legislators paying attention to the basics of cryptopolitics – and sketching partisan positions accordingly.

Rep. Jake Auchincloss (D-Mass.) Joined Discussion on Twitter with Andreessen Horowitz Partner Chris Dixon and General Counsel Miles Jennings to discuss the regulatory framework around stablecoins, the proposed Gillibrand-Lummis Cryptocurrency Bill, and the partisan focus of cryptocurrency policy ahead of the likely upcoming shift in control of the House of Representatives.

“The Republican Party is quite sympathetic to crypto,” Auchincloss said, “the center-left understands this…unfortunately, and I think for no particular reason, the progressive left has become quite hostile.”

When it came to actual legislation, Auchincloss was open-minded about whether the broad approach of the Gillibrand-Lummis bill or more targeted legislation on issues such as stablecoins (as in bill introduced earlier this year Sen. Bill Hagerty (R-Tennessee) would be more appropriate to say that he would support both approaches as one of a small but growing number of lawmakers involved in cryptocurrency policy.

He also expressed skepticism about the idea that stablecoins could somehow crowd out or weaken the dollar, arguing that “the myth of the declining dollar has been dispelled” by the recent market downturn. – Derek Robertson

The European Union is closely studying the metaverseand the discovery that the dawn of a new technology may require some old policy decisions to be revisited.

A recent report from the EU parliamentary research body warns of “opportunities, risks and political implications” associated with the development of the metaverse. Key concerns include:

  • Competition: Powerful actors can use the metaverse of “interoperability” — the ability to securely transfer virtual goods and identities between different platforms — to gain a foothold, and the report recommends merger regulation or antitrust law as potential tools to combat the manipulation of interoperability as a means of consolidation. corporate power.
  • Data protection: like we have described here in DFD, virtual reality devices open up new horizons for potential data collection. The report indicates that a review of the EU General Data Protection Regulation may eventually be required to address the issue of virtual reality.
  • Health: “Social media and online gaming addiction as a form of escapism already exists, but the metaverse could exacerbate it,” the staff at the European Parliament’s internal think tank wrote, recommending close attention to content moderation.

The report also outlines the policy implications for accountability, financial transactions and cybersecurity – all as the EU prepares for another showdown with Facebook, the metaverse’s most public and wealthy proponent. – Derek Robertson

Stay in touch with the entire team: Ben Schrekinger ([email protected]); Derek Robertson[email protected]); Konstantin Kakaes (ur.[email protected]); and Heidi Vogt ([email protected]). Follow us on Twitter @DigitalFuture.

If you have received this newsletter, you may sign here. And read our mission statement is here.