Balancing Performance and Security: Open-Source Evaluation of Quantum-Secure Symmetric Key Agreement

Balancing performance and security open source evaluation of quantum secure symmetric key agreement. Please welcome Amen to the stage.

>> Hi everyone. Uh thank you Victoria and thank you everyone for coming today at the B site. So my name is Amin. Um I've been wearing several hats. So yeah, my first hat is uh system and security engineer for CRTC. Uh we are running several cyber city cyber security courses just upstairs in level six uh organized with T and ID and I've been also a teaching associate for cyber security courses at mccquary. So my talk today is based on my mass research from last year. It's about the postquantum secure symmetric agreement. So it was first published for sincer last year.

>> [snorts] [clears throat] >> Um yeah uh let's take a look at the big picture first here. So we are nearing into a quantum threat against the current classical cryptography. So, uh, imagine that all of our internet connection is currently secured by an encryption that is already old, but it's still proven secure until now. But it's been proven that it will not be secure against a quantum computer. But then again, we don't know when is a quantum computer capable of breaking this is available. It might be available now somewhere, but a secret like that would unlikely be not revealed. So we are in the race of making sure all of our internet connections stay safe

even when the quantum computer are available. >> [clears throat] >> So the current other alternative or quantum key distribution, but it will need expensive hardware like quantum hardware to secure all the connection and it will not fit to be put into all of your current devices like your phones And another alternative is postquantum algorithm. So mathematicians and cryptographers are thinking hard to create something some puzzle that will not be crackable even by quantum computers to be based of the encryption method in the future when the computer quantum computers are available. So here what we are proposing is something else that sits uh between those. It's a symmetric key agreement. So it's something that still based on the

postquantum algorithms uh in some way uh that I will explain later but in the end it will just use as symmetric key which is proven quantum secure but still more lightweight than the postquantum algorithm with we on everything currently running to still be secure but still running fast.

So this kind of the timeline we are currently at.

So there's a gap there because the time until quantum computer is available we don't know that yet. So we have been preparing for this uh kind of postquantum algorithm competition uh organized by NIS and yeah we're still have uh some more going on standardizing adoption and the state of cubits in quantum computing development is also catching up but still that gap is unknown. So we want to minimize this gap to be prepared.

So right now NIS recommends uh Kyber uh postquantum key exting algorithm and currently some of the big company has implemented this in some of the part of their platforms either in production or in testing and you should be starting to think to implement this uh in your company if you haven't. So for example, Apple has put a hybrid combination of classical and postquantum algorithm encryption to encrypt their messaging platform on the Apple devices and Google Cloudfare and IWS uh have done the same. So there are other related works to our work that benchmarking the postquantum handshake over simulated network condition which we also show uh similar method.

So what we are doing in this work is an open source implementation of arit uh symmetric agreement as an alternative. Uh so arit solution is a proprietary solution and right now there are several startups or companies offering this uh postquantum solution uh usually to military and government cuz they are the ones that will need this the most. They have secrets that they have to protect at all cost even against a quantum computer. and probably their second largest um clients would be banks etc. So this actually will send over classical secure channel in the first stage but it will involve a quantum safe channel.

So this is how our experiment look like. So it involves using a key management server. Uh for this part we chose uh Cosmian. So, Cosmian is actually a French cryptography company that already has an open-source solution for key agreement and key management server that already provide an implementation of postquantum that uh we found. So we haven't found other key management software that already put um postquantum integration and open source. So here initially we will generate uh keys that uh we have three types of this that we will measure the performance against. So for example for the baseline is all classical and for postquantum the postquantum is used in all of the steps and we use Kyber as uh the one that uh

has been chosen as the finalist and being standardized And for the hybrid we combine both the classical and postquantum algorithms uh because that's is the current trend that being uh deployed by these big companies because it will force the attackers to break both the classical and the postquantum. And we still are not sure yet this postquantum algorithm will be uh proven safe uh because it's still kind of new and it's not really time tested. Sometimes uh in the future we might seen someone break it. So with this combination then we uh derive the AS 256 which is has been proven secure against uh postquantum I'm sorry against uh quantum computer attacks by increasing the key guys.

So that was the kind of um symmetric key agreement process

and this is our experiment setup. Once we set up this um key generation process, we collect the time and CPU utilization collected. Uh we use a bash script to automate the call to cosmian API and we simulate several network simulation features like to introduce latency different bandwidth rate etc to test if this will be robust against a different kind of network condition.

Um yeah. So this is the result for default bandwidth.

So compared to classic The performance overhead is uh still very small

and here so this was without introducing any network simulation and then we tested by introducing some network delay into the process.

And it's still quite consistent. It's so still some consistent overhead.

And then we also do a simulation of packet loss. And the quantum and hybrid still showing uh good measure of robustness. And the last thing of the network simulation is a simulated bandwidth.

and then other than the network simulation we take a look into the subprocess in the whole symmetric reagreement process. So we found that the key generation is the biggest thing that will need to be optimized. All the process are not that uh significant.

Then we take a look if it will be scalable. So we measure it by running multiple operation kind of a multi-user process. So the additional overhead with number of users is very good. So it should scale pretty well with only 1 second overhead per adding five concurrent users.

And when we add more CPU and more RAM, it's significantly increase the process. So with more doubling the CPU it's increase the performance significantly by 50 60%.

And as mentioned before we can see here that most of the performance difference uh came from the key generation process. So this is still the biggest part of the process that need to be optimized.

And then the next thing we did is uh secretive valuation from the entropy.

So here of course we can see that postquantum algorithm has higher entropy.

Um we can see that it is maybe good but it's also can be used by attackers to identify a traffic is using postquantum or not. So if they look at the encrypted traffic they can check their entropy to check if this user already using postquantum or not. So they can do their uh harvest attack. Um they can choose their harvesting target to those that have not used postquantum. So I should have mentioned before that um the emerging threats is also coming from harvesting. So like current attackers might prepare a big storage blocks that they do to harvest current traffic although encrypted but they know it will they can decrypt that in the future when they

have quantum computer. So there's also a threat of this harvesting attack.

Uh this is for the initial public keys. This is for combined secrets and symmetric keys. This is still uh similar.

So yeah this this is the summary. So we presented an open implementation of this that can withstand quantum attacks while remaining lightweight and robust in various network condition and scalable and the finding that postquantum encryption algorithm produce higher entropy values can be used to differentiate encrypted traffic and this might help the attackers in choosing classical encrypted traffic for this for their harst node decrypt attack and key generation is the focus of optimization and then the last thing as this is an open implementation you can customize this to your organization flavor to prepare it against the future quantum attacks you can change the different encryption algorithm that you want. Uh you can mix and match uh against several

classical and postquantum algorithms that are available out there. And you can add hard headware security model in the mix, increase the key derivation parameter or if you have other key management software and yes and also our experiment script are available. And thank you

So you have any questions? Okay. So first of all, thank you Takasi for presenting this. Uh I was just curious uh about this. Was this part of a PhD research that you did or it's just like a pet project? >> Uh it was an MRES project. Master of Research. >> Master of Research. Was that with the McQuary University? >> Yeah. Yeah. Mcquary University. Yeah. >> Yeah. Okay. And then uh cuz this is a very niche kind of area. So, and it's uh really people who are like really very interested in mathematics would really appreciate this. So, I just wanted to say thank you. And also this is something that uh so I work in I I do uh

I'm in the blue team so defense. So my concern is always like breaking the secrets and then with the quantum computing like oh no but there's still like researchers who are looking at making sure that we have uh you know stronger uh algorithms. >> Yeah. Thank you very much for presenting this. >> Thank you.

>> Any other questions? >> Any other questions?

Um so um I kind of came in a bit late so I might have missed some of the context but I think uh one of the sections you were mentioning how I believe it's scaling up the key generation and you were talking about um increasing CPU cores for the EC2 instances. Um, so I guess my question is in terms of I guess the scalability part, do you see that purely kind of like the brute force method of just upping your traditional classical compute power or is the expectation there might be some sort of in the future maybe more specialized hardware that can better handle kind of I guess what you've demonstrated today? Uh yeah, for the scalability part,

of course, there's always uh an increase of performance if you add the hardware. But what we kind of hope that people doing the research is also to optimize the algorithm itself to generate keys that are secure against quantum. doing the key generation faster from the algorithms itself. Yeah. Thank you. >> Any more questions? >> Any more questions? >> Can we please give a huge round of applause? >> Thank you.