Quantum Key Distribution, RIP?
Quantum Key Distribution, RIP?
As you may know, our existing public key methods are at great risk with the advent of quantum computers. So, when the NSA says something about technology, you sit up and listen, as whatever it picks is likely to see heavy investment, and whatever it drops, might drop like a stone. And so, the other day they published their viewpoint on quantum key distribution (QKD) and quantum cryptography [here]:
And it’s not good news for those involved in QKD research:
QKD is a method for using the physics of quantum mechanics to create a shared secret between two parties. While it has great theoretical interest and has been the subject of many widely publicized demonstrations, it suffers from limitations and implementation challenges that make it impractical for use in NSS operational networks
But when it comes to traditional cryptography methods for security, the NSA is more positive:
NSA considers cryptography based upon mathematical algorithms to be a better alternative for securing National Security Systems against the threat posed by future developments in quantum computing.
Over the past year or so there has been increasing resistance against PQK, especially that it does not actually deliver anything that post-quantum cryptography methods do. It may be good news for those researchers involved in evaluating post quantum cryptography method, but a major blow for PQK.
They then defined that lattice-based cryptography methods may be the best solution for post-quantum methods, and that hash-based signatures are the non-preferred solution:
With hash-based signatures, we create multiple private keys, and a single public key. Once we use one of the private keys, we must remember that we have used it and cannot use that key anymore. We also eventually run out of them and have to regenerate:
However, the stateful versions have a limited number of allowable signatures per public key and require the signer to maintain an internal state. Because of this, they are not suitable for all applications. NSA CSD expects that the stateful signatures LMS and XMSS will be standardized by NIST in NIST SP 800–208 and approved for NSS solutions for certain niche applications where maintaining state is not a problem.
Here is a background:
It’s strange that once you learn something fundamental, it often sticks. With IPv4 we learn about subnets and IP…medium.com
The odds on lattice-based methods being named the winner in the NIST PQC method, has now shortened drastically. Here’s a background on lattice-based cryptography: