The long road ahead to transition to post-quantum cryptography

Anticipating the output of the competition for new cryptographic algorithms.

Decision Support System for Finding an Optimal Postquantum Key Encapsulation Mechanism. Part 2. Prototype Evaluation

This is the final part of the series of articles devoted to the development of a decision support system for choosing the optimal post-quantum key encapsulation mechanism. Efficiency of the methodology proposed for choosing the optimal implementation of the post-quantum cryptographic algorithm is evaluated and substantiated. The economic feasibility of approach is shown and its positive impact on the quality of the cryptographic information protection subsystem is demonstrated. Efficiency comparison of the prototype of the decision support system with existing software products aimed at supporting decision-making in the field of information security is carried out. The consistency of prototype’s recommendations with the conclusions of analytical studies in the field of post-quantum cryptography is checked.

Quantum-safe cryptography: crossroads of coding theory and cryptography

We present an overview of quantum-safe cryptography (QSC) with a focus on post-quantum cryptography (PQC) and information-theoretic security. From a cryptographic point of view, lattice and code-based schemes are among the most promising PQC solutions. Both approaches are based on the hardness of decoding problems of linear codes with different metrics. From an information-theoretic point of view, lattices and linear codes can be constructed to achieve certain secrecy quantities for wiretap channels as is intrinsically classical- and quantum-safe. Historically, coding theory and cryptography are intimately connected since Shannon’s pioneering studies but have somehow diverged later. QSC offers an opportunity to rebuild the synergy of the two areas, hopefully leading to further development beyond the NIST PQC standardization process. In this paper, we provide a survey of lattice and code designs that are believed to be quantum-safe in the area of cryptography or coding theory. The interplay and similarities between the two areas are discussed. We also conclude our understandings and prospects of future research after NIST PQC standardisation.

Post-Quantum and Code-Based Cryptography—Some Prospective Research Directions

Cryptography has been used from time immemorial for preserving the confidentiality of data/information in storage or transit. Thus, cryptography research has also been evolving from the classical Caesar cipher to the modern cryptosystems, based on modular arithmetic to the contemporary cryptosystems based on quantum computing. The emergence of quantum computing poses a major threat to the modern cryptosystems based on modular arithmetic, whereby even the computationally hard problems which constitute the strength of the modular arithmetic ciphers could be solved in polynomial time. This threat triggered post-quantum cryptography research to design and develop post-quantum algorithms that can withstand quantum computing attacks. This paper provides an overview of the various research directions that have been explored in post-quantum cryptography and, specifically, the various code-based cryptography research dimensions that have been explored. Some potential research directions that are yet to be explored in code-based cryptography research from the perspective of codes is a key contribution of this paper.

Modern Hash Collision CyberAttacks and Methods of Their Detection and Neutralization

This article discusses the issues related to the possibility of realization of collision cyberattacks (based on hash collisions). Since post–quantum cryptography has become relevant, classical cryptosystems do not provide the sufficient resistance to the modern quantum cyberattacks. Systems based on outdated hashing algorithms become vulnerable to cyberattacks with hash collision. As replacement for unreliable algorithms, such as various modifications of MD5 and SHA–1, new algorithms have been created, for example, SHA–3 standard based on the Keccak function and AES–based hashing. This article discusses modern collision cyberattacks and possible methods of their detection. Because of this study, theoretical description of cyberattacks with hash collision was considered; modern cyberattacks on hash collisions and possible ways of detecting and countering them (weak hash detection) are described; software tool that detects vulnerable and unreliable hash is implemented; software testing is carried out. Based on the conducted research, it can be concluded that the main advantages of implementing software tool are effective detection of vulnerable hash, the ability to generate new hash protected from collisions, convenient and user– friendly interface, small memory requirements and small size of the program code.

Will You Cross the Threshold for Me?

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.