Post Quantum Migration - What's the crack?

um I'm say a senior security engineer at CME Group today's talk is more like an update call on post Quantum migration so it's more or less like what's happening what's going on what's the crack really so if you have your calculators on you I would recommend just put them away because it's not going to be very mathematical talk so touch with um I would like to start off with uh frequently asked questions that I get as a cryptographer every day from my friends colleagues people and trust me some of them are actually quite smart uh the first one is actually my favorite are crun kepto systems crack if any of those questions seem like that

you wanted to ask as well so just raise your hand and I'll make sure I answer it through the talk so that's not a straightforward answer to that are corun crypto systems cracked well we we we we'll see what what the answer is through the talk the next one is is postquantum cryptography safe well that's again a tricky one uh we'll need to we need to know about that in in a bit future uh what why do we need to migrate and what happens if we don't migrate again they're all fair concerns and you know it makes a lot of sense for someone who doesn't want to migrate is quantum threat real or made up that's an interesting one as well how

long do we have before our data is breached this is from one of my friends who who likes to do his things last minute and that makes sense why Fe Quantom I use 128bit key well that's a fair point somebody knows what they're doing so yeah 128 bit key is good why for conom uh what do we need to do for postquantum migration well again this is going to be something that I'll be covering through the talk so bear with me before we move further uh I think I'll like to highlight the importance of this unique relationship between security and assumptions before I moved into cyber security I thought everything was 100% secure but trust me there's no cyber

physical system that I can say is foolproof and is 100% secure so it's mostly your assumptions or if if I use another word called scope so you have to scope out your application the practicality of attack and you know all those things and then you think of a system as secure or insecure for example let's start with the first information processing standard also known as Dez or data encryption standard in 1977 when it came um as a standard the recommendation was 56 bit key size right as of that time they did some assumptions right they they scoped out what what they were looking for but in the following year it was cracked 56 hours next year cracking

time went down to 22 hours right now after that we have renol that's uh also known as AES one of the variants Advanced encryption standard and the recommended key size is 128 192 and 256 pits and well it's amazing cuz it's 23 24 years and AES is still the current standard it's strong it's not broken yet until as of now I'm talking I I don't know if it's broken but yeah last time I checked it wasn't broken so another unique relationship that I would like to emphasize is assumptions and recommendations right now I talked about assumptions anyone can make assumption this morning when I was walking to Europe I was like oh it's going to rain well nobody's going to

believe if if I told oh there's going to be storm this evening but if you go to BBC weather you're going to have a little bit of confidence that there right so between assumptions and recommendations we we mostly tend to look at standardizing bodies or organizations that are expert in that field for example in security we have National Institute of Standards and technology that is considered the Holy Grail so they kind of do the heavy lifting they have labs they have you know experts they have research ring and they kind of do the heavy lifting and they provide recommendations on everything related to security so uh this special publication 857 i' I've shamelessly stolen this

table from there so you can see any key size less than 112 bits is not encouraged so it's just for legacy use if you have something encrypted you can use it to decrypt it but anything after that like do not use 112 like if you really want to go for it that's your call but they encourage you to go for 128 bits or higher than that so again uh this is all the recommendation through 2030 and Beyond now you might ask me okay going back to that question I use 128bit key right I'm I'm I'm strong I don't need any security right I'm good so why 128 bits and for example we're talking about AES which is a symmetric algorithm

private key uh algorithm why 128 bit key how did they make this assumption well there there are several ways to do that calculation uh but uh what I did was I looked at blockchain so when you make an assumption as I said we need to look at the practicality right how easy is it for an attacker to do than T right now people do talk about supercomputers but I swear I have never seen a supercomputer in my life I I don't know where it is but I haven't seen it but this one is a screenshot from blockchain Network people who are into cryptocurrencies they know that we are having accelerated Hardwares we have fpgas we have ASX that are actually

being used to do you know crypto min in other words like we're we're calculating hashes and when I talk about the figure so this screenshot is from 6th of September and it was like 6.7 million Terra hashes if if I write in numerics it's 10 to ^ 18 right that's a big number so that's how many hashes are being calculated per second in a blockchain network right now for 128bit key you have two to the power again uh my apologies for calculators you can bring them out U you know if you want to do the calculations but yeah 2 to the^ 128 is the uh possible combinations that you'll have to go through to find the

actual key the right key and then it SS sounds like a bit practical okay not that practical but if I had Authority I can use this blockchain network instead of calculating hashes I can calculate encryptions right so for every encryption that's one try right and then you know you feed in the network and see is that the right key or not so I'm going to skip the B basic mathematic is literally just converting into hours and years and seconds and the interesting part is the third last line that is highlighted in uh 17.9 billion years is like estimated time that you would need for this network that is a blockchain network fully equipped with hard Hardware

accelerated hardware and fpg as an asig to crack that key now a little Googling NASA website says 3.7 billion years since the age of Universe right now it's roughly 4.8 times the age of universe you would need to break that key some people might say okay you know what there's a 50-50 chance you you wouldn't have to go through all 128 you know 2 to the part 128 combinations so okay divided by two okay take the average it's still if it's twice the time of age of universe it's massive it's technically impractical and that's how assumptions are made so if somebody needs twice time of the age of universe to crack that key I'm going to assume

it's secure right now coming back to that question that's my favorite why Fe Quantum as I said it's twice the age of universe I'm safe right that's not that simple in cryptography we have two main types it's private key cryptography also known as symmetric and then we have public key cryptography which is asymmetric so far I've been talking about a symmetric Which is less affected by Quantum and the reason for data is for symmetric algorithms or private key algorithms the security is based on the strength of pre-shared key so you have a shared secret or key that the sender and the recipient both need to have it right and it depends on that so the easiest or

most applicable attack is brute force or exhaustion the exhaustive search attack right on the other hand we have public key algorithms in which you have public and private key apparently they have massive Keys they're like you know 2048 4096 RSA keys if somebody has worked with them now we have a public and private key pair and their security is based on hard mathematical problems what are hard mathematical problems they basically have trapo functions trapo functions are easy in One Direction and harder in the other if I was to give an example it would be like if I was to tell you multiply two numbers p and Q easy but if I was to tell you you know

calculate the factors from a big number you'll like um okay where where where's my calculator right let let me do it so for for example in RSA we have 409 9 6 or like two 48 bit key that's basically p and Q a multiple of two prime numbers that's your RSA key and the problem here is quantum computers can crack it so if I give you an example of private key first let's let's go in in the same flow so Grover's algorithm it's a Quantum algorithm it's also known as Quantum search algorithm so the impact on symmetric key or private key cryptography would be the attacks would be a little bit Speedy right so you can

work around by increasing the key size and you're safe and that's one of the reason cryptographers are not worried about symmetric key at all they're like okay we'll increase the key size I was using 128 I'll use 256 bit I'm good but with public key cryptography it's it's it's not that simple right you're going to keep increasing the key sizes but it's it's its main target is the trapo function now with Shores algorithm you can actually solve those um trapo functions rather it's based on prime factorization or discret l gthm and in that case it kind of uh is RSA and elliptic curves are both susceptible to this one and if anybody's into pki or

public key you know infrastructures or you know TLS coms everything digital signing your bank cards everything is relying on RSA analytic curve so if that's gone down that's a bit of a problem right work around for that again thanks to nist and researchers who have been working hard they're Quantum resistant algorithms now also known as postquantum so Quantum resistant Quantum resilient postquantum is the same thing so lce based or hash based algorithms are basically not relying on trapo functions and they could be a good substitute to actually um replace the current algorithms well coming back to those FAQs and one of them was this Quantum threat real or made up right well I I'll leave the final decision to you but I'm

just going to spit out some facts that that I think are a bit dodgy so number one Quantum industry is turning into multi-billionaire industry at the moment there are more than 200 companies uh working in Quantum software Quantum processor manufacturing and all that s stuff so there has to be something real right they're they're not making things up now we know about this little you know flexing and this competition going on between these corporate Giants Google Amazon micros IBM every other day we hear like oh we've got a stronger quantum computer on the right uh the picture I have added is of a syamore conom computer and the claim they made is that it can do uh or it can solve the

problem that would take 10,000 a year on the fastest super computer as I said I have never seen a fastest super computer there there could be but that could be an assumption right in 200 seconds that is fast right so there's company Adam I think that has the strongest quantum computer 1125 Cubit IBM Condor is the runner up again it's it's a b bit tricky domain cuz quantum computers have a lot of error rates and stuff so there are some quantum computers with better error correction and stuff so there lot lots of options but a lot of work need done there as well another interesting one is China Ria Quantum link right now there is a Quantum proof link as said again

now I know I I don't know the assumptions on on what assumption they're saying it's Quantum proof but they have done some experiments and it's Quantum proof right you you can go Google it it's called uh it's working with Quantum satellite called mosy uh something like that another interesting one is mysterious laws coming up so you might have heard UK recently introduced that if you have a quantum computer that is 34 Cubit or higher than that you cannot export it and it's not only UK uh France Spain Canada and actually there are 42 members of the vestar agreement that're also looking into imposing it last night I checked us also had some controls over Quantum export but that's

just the starting I think that brings me to the question how long do we have right well it's a tricky one cuz you can push these things to the last minute but technically I think it's already too late this Cloud technology easy access to everyone like in this room we're all Cloud users at the moment if I just minimize it there it is I'm using Google Drive it's it's a it's a cloud space that's how easy it is now all you need is to just grab the data you know just put it in the cloud and wait for quantum computers to come into life on the other side if you're talking about State actors you know on a on a state level

country level your data might be you know you don't even know they're taking your data and they already might have a strong quantum computer to decrypt it so they're two sides of this now officially it's called Harvest now decry later attack and I think it's just a Time game if I was you I would say we don't have much let's let's let's move to post quantum now on that note again coming back to National Institute of Standards and Technology Nest they've done the heavy lifting for us uh postquantum algorithms always existed they were they were around with different names but in 2016 nist published a report saying that RSA is vulnerable and blah blah blah and

they started a a postquantum standardization process and since then it it it kind of narrowed down from 69 candidates to 26 in round two and then to 15 in round three and from there they got four candidates which have actually been standardized so we have Crystal kyber which is a key encapsulation mechanism in easy words an encryption mechanism uh crystals St lithium Sphinx and Falcon they are digital signatures they're more or less like signing algorithms so Spinx plus is not based on lattice it's on stateless hash based Technologies but it's it's just like a backup so you might see K the encryption algorithms are not that many because as we discussed earlier private key cryptography is not that badly affected

right but they're still considering backups for that as well because we would prefer moving fully to postquantum right so in round four um they had three alternate candidates for km that's B classic mallis and hqc and we have three drafts from the standards just published last month where waiting on the uh 206 that is Falcon and then you know the alternate candidates could be next that's they're not high priority so yeah again it's a recommendation you don't have to use them they have published a standards they've done all the hard work they ran public competitions Community has you know gone in broken them a lot of actually research an interesting one uh let me share it with you so there were a

few postquantum I think it was a psych that was uh broken by Belgian researchers and and they they broke on a normal laptop in in in 2 hours so that that was a postquantum candidate and it was going very good with that I think it went to second round or third round as well but then recently another paper published in kyber that it's broken but then there were few false claims made on it so Kyper officially is not broken yet that that I can attest that brings me to migration plan advice well I might not be able to give you migration plan advice here because every organization every business is different right we I know I know

companies that still use Excel sheets to store their keys right so if you're in that stage don't don't bother right like you're good so there plenty of resources available you can actually check your PC Readiness you can check the state of you know on on what level you're at uh the picture you see on the right side is actually from a gardner that's my personal favorite they kind of started From 2022 which was a good time to start but let me tell you it's not too late just follow the steps and and and you'll be ground it's it's just kind of um a little bit of convincing you need to take you know our data is not safe let

me tell you that well that brings me to my last slide and one of the interesting questions again but I do not trust postquantum and to be honest I'll raise my hand on that I do not trust postquantum either but is there a way out do you have a solution do I have a solution I don't think so I think our best bet would be to go hybrid so um hybrid would would be elliptic curve and kyber and that is already available you can have the support in Google Chrome I think it was Google Chrome 24 uh Firefox um AWS Cloud flare has done a lot of good stuff on that they have actually done testing because a lot of people

have concerned regarding performance so they have done a lot of testing on performance another interesting uh tool is cloudflare PC agreement tool so if you thought you have activated that you know crypto Suite in your browser and you're safe you can just go to that link it's it's it's in it's in the bottom left corner and it will let you know if you're post Quantum secure or you're still using the classical one so I think um just try to become friends with postquantum right to be honest like it's time if if you're into development if you're into software industry lib oqs is really popular like it's been around for a while I have used it myself I think

it's part of Linux Foundation now and try try to play around if you can break it even better we know we don't need to use postquantum right lip Crux is a bit new library and I think my personal favorite is a security site it's a security site.com is run by Professor Bill banan he's I think professor at edra University it's very easy to understand like better explaining than me so maybe go there and you know play around with a little bit of postquantum algorithms what you see on the right um if I have time um I'll I'll quickly run through so you're not changing much you're actually just using kyber to do the encapsulation for the

random SE that is generated rest of it is done by tic curves on the key distillation on both ends so it's it's it's pretty pretty you you can say you can get the best of both worlds right if postquantum is not safe you still have classical if classical is broken you have postquantum so as of now I would say go hybrid follow the migration plan follow n standards you know stay in touch maybe get Professional Services to get analysis of your business that what level of PC Readiness you're at and I think uh fingers crossed um we shall be good and on that note I would say a massive thank you to everybody for attending and be safe thank you