How to Prepare for Tomorrow’s Quantum Attacks
Infosec Global’s Vladimir Soukharev on preparing for quantum attacks.
A renowned expert in the field of Quantum Cryptography, Vladimir Soukharev also presented recently at the International Cryptographic Module Conference in Washington, D.C. His talks there included:
On the Quantum-Safe Crypto track he presented How to be Ready for Tomorrow’s Quantum Attacks (Q12c)
Practical quantum technologies, that would allow to build a large-scale quantum computer, have been actively emerging. According to some experts, it might take another 15-20 years to be able to build one. Quantum computers will open new capabilities for the world. However, in the hands of malicious adversaries, they could become a real threat. All of today’s standardised public-key cryptography could be efficiently broken by large-scale quantum computers. For a number of reasons, protection against this threat is required to be available now or in near future. Still, using quantum techniques for protection is not yet feasible. Hence, the solution is to apply Post-Quantum Cryptography in order to build classical cryptographic schemes that would be quantum-resistant. In this presentation, we give an overview of technical capabilities of quantum computers and describe the currently available methods of protection against them. We observe the recent developments in Post-Quantum Cryptography and explain how to integrate them into classical cryptographic schemes today, to be protected in due time. We concentrate on Post-Quantum solutions based on elliptic curves, namely elliptic curve isogenies. We will present a quantum-resistant key agreement and public key encryption algorithms based on elliptic curve isogenies. Other schemes, based on these cryptographic primitives, will also be discussed.
On the Advanced Technology Track he presented Efficient Application of Countermeasures for Elliptic Curve Cryptography (A33b)
A cryptographic scheme may be secure from a theoretical point of view. In practice, however, such scheme still may be vulnerable to side-channel attacks (SCAs). These attacks monitor such analog characteristics of the cryptographic hardware as power consumption, timing, radio frequency or sound emissions and use this data to break the cryptographic scheme. The two main types of SCAs are simple and differential. Using physically shielded crypto devices is one of the approaches to protect against such attacks but this approach has many limitations and reduces flexibility of the schemes. We present a software-based protection approach which does not depend on the platform used by a cryptographic algorithm. In general, countermeasures slow down a cryptographic implementation, therefore a very careful analysis is required in order to apply them only when necessary. To improve performance, we use optimizations in the most efficient way, while ensuring that they do not conflict with the applied countermeasures. This presentation provides a careful analysis of elliptic curve-based schemes, and how to optimally combine countermeasures and optimizations for them to obtain secure and, at the same time, efficient schemes. This is achieved by combining previously existing methods with innovative methods that provide extra efficiency. Then we expand our approach to countermeasures against fault-injection attacks at the software level.
Vladimir Soukharev is a cryptographer at Infosec Global. He’s relentlessly focused on cryptographic research and development and is inspired by continuous innovation. Vladimir obtained his PhD from the University of Waterloo’s David. R. Cheriton School of Computer Science specializing in Cryptography, Security and Privacy under the supervision of David Jao. His thesis title was “Post Quantum Elliptic Curve Cryptography.” He was part of the Centre of applied Cryptographic Research, CryptoWorks21 and has contributed and published work at world-renown conferences and journals, such as PQCrypto and the Journal of Mathematical Cryptology. Since completing his formal studies, he has dedicated his work-life to advancing the knowledge and application of advanced cryptography and cyber security technologies to protect vital information and communications in complex, highly regulated environments.