Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Quantum. Show all posts

Microsoft and Amazon’s Quantum Progress Poses New Risks for Encryption

 


Microsoft, Amazon, and Google have all announced recent advances in quantum computing that are likely to accelerate the timeline for the possible obsolescence of current encryption standards. These developments indicate that it will become increasingly important to address the vulnerabilities posed by quantum computing to existing cryptographic protocols shortly. Those who are leading the way in the technological race are those who are advancing quantum computing technology, which is the most powerful technology that will be able to easily decrypt the encryption mechanisms that safeguard the internet's security and data privacy. 

On the other hand, there are researchers and cybersecurity experts who are working on the development of post-quantum cryptography (PQC) - a new generation of encryption technologies that can handle quantum system computational power with ease. A quantum-resistant encryption system must be prioritized by organisations and governments to ensure long-term security of their data and digital communications, especially as the quantum era has come closer than anticipated to being realized. 

Even though quantum decryption and quantum-resistant encryption are competing more than ever, the race for global cybersecurity infrastructure requires strategic investment and proactive measures. There has been an important advancement in quantum computing in the field, with Amazon Web Services (AWS) announcing the inaugural quantum computing chip called Ocelot, which represents a significant step in the pursuit of practical quantum computing. 

One of the most critical challenges in the field is error correction. Using Ocelot, Amazon Web Services claims that it may be possible to drastically reduce the cost of quantum error correction by as much as 90 percent, thus speeding up the process toward fault-tolerant quantum systems being realized. In the future, error correction will continue to be an important barrier to quantum computing. This is because quantum systems are inherently fragile, as well as highly susceptible to environmental disturbances, such as fluctuating temperatures, electromagnetic interference, and vibrations from the environment.

As a result of these external factors, quantum operations are exposed to a substantial amount of computational errors, which make it extremely challenging to maintain their stability and reliability. Research in quantum computing is progressing rapidly, which means innovations like Ocelot could play a crucial role in helping mitigate these challenges, paving the way for more robust and scalable quantum computing in the future. 

If a sufficiently advanced quantum computer has access to Shor's algorithm or any potential enhancements to it, it will be possible for it to decrypt existing public key encryption protocols, such as RSA 2048, within 24 hours by leveraging Shor's algorithm. With the advent of quantum computing, modern cybersecurity frameworks are going to be fundamentally disrupted, rendering current cryptographic mechanisms ineffective. 

The encryption of any encrypted data that has been unauthorizedly acquired and stored under the "harvest now, decrypt later" strategy will become fully available to those who have such quantum computing capabilities. A severe breach of internet communications, digital signatures, and financial transactions would result in severe breaches of trust in the digital ecosystem, resulting in serious losses in trust. The inevitability of this threat does not depend on the specific way by which PKE is broken, but rather on the certainty that a quantum system with sufficient power will be able to achieve this result in the first place. 

Consequently, the National Institute of Standards and Technology (NIST) has been the frontrunner in developing advanced encryption protocols designed to withstand quantum-based attacks in response to these threats. Post-quantum cryptography (PQC) is an initiative that is based on mathematical structures that are believed to be immune from quantum computational attacks, and is a product of this effort. To ensure the long-term security of digital infrastructure, PKE must be replaced with PQC. There is, however, still a limited amount of awareness of the urgency of the situation, and many stakeholders are still unaware of quantum computing's potential impact on cybersecurity, and are therefore unaware of its potential. 

As the development of quantum-resistant encryption technologies through 2025 becomes increasingly important, it will play an increasingly important role in improving our understanding of these methodologies, accelerating their adoption, and making sure our global cybersecurity standards will remain safe. For a cryptographic method to be effective, it must have computationally infeasible algorithms that cannot be broken within a reasonable period. These methods allow for secure encryption and decryption, which ensures that data is kept confidential for authorized parties. However, no encryption is completely impervious indefinitely. 

A sufficiently powerful computing machine will eventually compromise any encryption protocol. Because of this reality, cryptographic standards have continuously evolved over the past three decades, as advances in computing have rendered many previous encryption methods obsolete. For example, in the "crypto wars" of the 1990s, the 1024-bit key encryption that was at the center of the debate has long been retired and is no longer deemed adequate due to modern computational power. Nowadays, it is hardly difficult for a computer to break through that level of encryption. 

In recent years, major technology companies have announced that the ability to break encryption is poised to take a leap forward that has never been seen before. Amazon Web Services, Google, and Microsoft have announced dramatic increases in computational power facilitated by quantum computing technology. Google introduced "Willow" in December and Microsoft announced "Majorana 1" in February, which signals a dramatic rise in computational power. A few days later, Amazon announced the "Ocelot" quantum computing machine. Each of these breakthroughs represents an important and distinct step forward in the evolution of quantum computing technology, a technology that has fundamentally redefined the way that processors are designed. 

In contrast to traditional computing systems, quantum systems are based on entirely different principles, so their efficiency is exponentially higher. It is evident that advances in quantum computing are accelerating an era that will have a profound effect on encryption security and that cybersecurity practices need to be adjusted urgently to cope with these advances. In recent years, quantum computing has made tremendous strides in computing power. It has led to an extraordinary leap in computational power unmatched by any other technology. In the same manner as with any technological breakthrough that has an impact on our world, it is uncertain what it may mean. 

However, there is one aspect that is becoming increasingly clear: the computational barriers that define what is currently infeasible will be reduced to problems that can be solved in seconds, as stated by statements from Google and Microsoft. In terms of data security, this change has profound implications. It will be very easy for quantum computers to unlock encrypted information once they become widely accessible, thus making it difficult to decrypt encrypted data today. Having the capability to break modern encryption protocols within a matter of seconds poses a serious threat to digital privacy and security across industries. 

The development of quantum-resistant cryptographic solutions has been undertaken in anticipation of this eventuality. A key aspect of the Post-Quantum Cryptography (PQC) initiative has been the leadership role that NIST has been assuming since 2016, as it has played a historical role in establishing encryption standards over the years. NIST released a key milestone in global cybersecurity efforts in August when it released its first three finalized post-quantum encryption standards. 

Major technology companies, including Microsoft, Amazon Web Services (AWS), and Google, are not only contributing to the advancement of quantum computing but are also actively participating in the development of PQC solutions as well. Google has been working with NIST on developing encryption methods that can withstand quantum-based attacks. These organizations have been working together with NIST to develop encryption methods that can withstand quantum attacks. During August, Microsoft provided an update on their PQC efforts, followed by AWS and Microsoft. 

The initiatives have been in place long before the latest quantum hardware advances, yet they are a strong reminder that addressing the challenges posed by quantum computing requires a comprehensive and sustained commitment. However, establishing encryption standards does not guarantee widespread adoption, as it does not equate to widespread deployment. As part of the transition, there will be a considerable amount of time and effort involved, particularly in ensuring that it integrates smoothly into everyday applications, such as online banking and secure communications, thereby making the process more complex and time consuming. 

Because of the challenges associated with implementing and deploying new encryption technologies on a large scale, the adoption of new encryption technologies has historically spanned several years. Due to this fact, it cannot be overemphasized how urgent it is for us to prepare for a quantum era. A company's strategic planning and system design must take into account PQC considerations proactively and proactively. It has become increasingly clear that all organizations must address the issue of PQC rather than delay it. The fundamental principle remains that if the user breaks encryption, they are much more likely to break it than if they construct secure systems. 

Moreover, cryptographic implementation is a complex and error-prone process in and of itself. For the cybersecurity landscape to be successful at defending against quantum-based threats, a concerted, sustained effort must be made across all aspects. There is a lot of excitement on the horizon for encryption, both rapidly and very challenging. As quantum computing emerges, current encryption protocols face an existential threat, which means that organizations that fail to react quickly and decisively will suffer severe security vulnerabilities, so ensuring the future of digital security is imperative.

AI and Quantum Computing Revive Search Efforts for Missing Malaysia Airlines Flight MH370

 

A decade after the mysterious disappearance of Malaysia Airlines Flight MH370, advancements in technology are breathing new life into the search for answers. Despite extensive global investigations, the aircraft’s exact whereabouts remain unknown. However, emerging tools like artificial intelligence (AI), quantum computing, and cutting-edge underwater exploration are revolutionizing the way data is analyzed and search efforts are conducted, offering renewed hope for a breakthrough. 

AI is now at the forefront of processing and interpreting vast datasets, including satellite signals, ocean currents, and previous search findings. By identifying subtle patterns that might have gone unnoticed before, AI-driven algorithms are refining estimates of the aircraft’s possible location. 

At the same time, quantum computing is dramatically accelerating complex calculations that would take traditional systems years to complete. Researchers, including those from IBM’s Quantum Research Team, are using simulations to model how ocean currents may have dispersed MH370’s debris, leading to more accurate predictions of its final location. Underwater exploration is also taking a major leap forward with AI-equipped autonomous drones. 

These deep-sea vehicles, fitted with advanced sensors, can scan the ocean floor in unprecedented detail and access depths that were once unreachable. A new fleet of these drones is set to be deployed in the southern Indian Ocean, targeting previously difficult-to-explore regions. Meanwhile, improvements in satellite imaging are allowing analysts to reassess older data with enhanced clarity. 

High-resolution sensors and advanced real-time processing are helping experts identify potential debris that may have been missed in earlier searches. Private space firms are collaborating with global investigative teams to leverage these advancements and refine MH370’s last known trajectory. 

The renewed search efforts are the result of international cooperation, bringing together experts from aviation, oceanography, and data science to create a more comprehensive investigative approach. Aviation safety specialist Grant Quixley underscored the importance of these innovations, stating, “New technologies could finally help solve the mystery of MH370’s disappearance.” 

This fusion of expertise and cutting-edge science is making the investigation more thorough and data-driven than ever before. Beyond the ongoing search, these technological breakthroughs have far-reaching implications for the aviation industry.

AI and quantum computing are expected to transform areas such as predictive aircraft maintenance, air traffic management, and emergency response planning. Insights gained from the MH370 case may contribute to enhanced safety protocols, potentially preventing similar incidents in the future.

The Future of Quantum Computers: Challenging Space Encryption with Light

 

In the realm of technology and communications, the race for supremacy between quantum computers and space encryption is intensifying. 

While quantum computers hold the promise of unprecedented processing power, space encryption, leveraging light to beam data around, presents a formidable challenge. 

The advent of the first satellite slated for launch in 2025 heralds a new era in secure communication. Quantum computers, with their ability to perform complex calculations at speeds far surpassing traditional computers, have long been hailed as the future of computing. 

However, their potential to unravel existing encryption methods poses a significant threat to data security. With the ability to quickly factor large numbers, quantum computers could potentially break conventional encryption algorithms, jeopardizing sensitive information across various sectors. 

On the other hand, space-based encryption offers a robust solution to this dilemma. By harnessing the properties of light to encode and transmit data, space encryption provides an inherently secure method of communication. Unlike conventional methods that rely on mathematical algorithms, which could be compromised by quantum computing, light-based encryption offers a level of security that is theoretically unbreakable. 

The upcoming launch of the first satellite dedicated to space encryption marks a pivotal moment in the evolution of secure communication. Equipped with advanced photonics technology, this satellite will demonstrate the feasibility of transmitting data securely over long distances using quantum principles. 

By beaming encrypted data through space via light particles, it will lay the groundwork for a future where secure communication is not only possible but also practical on a global scale. One of the key advantages of space encryption lies in its resistance to interception and tampering. Unlike terrestrial communication networks, which are susceptible to eavesdropping and hacking, data transmitted via space-based encryption is inherently secure. 

The vast distances involved make it extremely difficult for unauthorized parties to intercept or manipulate the data without detection, providing a level of security unmatched by conventional methods. Furthermore, space encryption offers unparalleled reliability and speed. With data transmitted at the speed of light, communication delays are virtually nonexistent, making it ideal for applications where real-time transmission is critical. 

From financial transactions to government communications, the ability to transmit data quickly and securely is paramount, and space encryption delivers on both fronts. As quantum computers continue to advance, the need for secure communication methods becomes increasingly urgent. While quantum-resistant encryption algorithms are being developed, they may not be sufficient to withstand the full potential of quantum computing. 

In contrast, space encryption offers a solution that is not only resistant to quantum attacks but also provides a level of security that is unmatched by any other method. In conclusion, the future of quantum computers and space encryption is intertwined in a battle for supremacy in the realm of secure communication. While quantum computers hold the promise of unparalleled processing power, space encryption offers a robust solution to the threat of quantum attacks. 

With the launch of the first satellite dedicated to space encryption on the horizon, we stand at the cusp of a new era in secure communication—one where light reigns supreme. Search Description: Explore the future of quantum computers challenging space encryption with light-based data transmission, as the first satellite launch in 2025 heralds a new era in secure communication.

Implementation Flaws Identified in Post-Quantum Encryption Algorithm

 

Two implementation flaws have been identified in the Kyber key encapsulation mechanism (KEM), an encryption standard intended to safeguard networks from future attacks by quantum computers. Collectively known as "KyberSlash," these flaws could allow cybercriminals to discover encryption keys. 

The encryption standard Kyber key encapsulation mechanism (KEM), designed to protect networks from future assaults by quantum computers, has two implementation vulnerabilities. Collectively referred to as "KyberSlash," these flaws might make it possible for hackers to acquire encryption keys. 

“Timing attacks of this nature are a derivative of broader ‘side channel’ attacks, which can be used to undermine any type of encryption, including both classical and post-quantum algorithms,” Andersen Cheng, founder of Post-Quantum, explained. “With this type of attack, the adversaries send fake (and known) ciphertext and measure how long it takes to decipher. They can then infer the timings for each attempt and reverse engineer the actual key-pair.” 

On December 1st, Franziskus Kiefer, Goutam Tamvada, and Karthikeyan Bhargavan—all researchers at the cybersecurity firm Cryspen—reported the vulnerabilities to Kyber's development team. The encryption standard had a patch released immediately, but since it wasn't classified as a security vulnerability, Cryspen started notifying projects in advance that they needed to implement the fix as of December 15. 

Google, Signal, and Mullvad VPN have all adopted versions of the Kyber post-quantum encryption standard; however, Mullvad VPN has since confirmed that the vulnerability does not affect their services.

Post-quantum encryption rush

Kyber was first submitted for assessment to the US National Institute of Standards and Technology (NIST) in 2017, as part of the organisation's competition to test and approve an encryption standard capable of safeguarding networks against future quantum computer attacks. Though a machine with an adequate amount of qubits to use Shor's algorithm to break RSA encryption and similar standards has yet to be developed, recent breakthroughs in scaling quantum computers and mounting speculation about "Harvest Now, Decrypt Later" attacks have generated increased interest in adopting post-quantum standards among governments and large businesses. 

Several algorithms put into the NIST competition were demonstrated to be susceptible to conventional attacks. These include the Rainbow and SIKE standards, the latter of which was overcome by KU Leuven researchers in 2022 in less than an hour using an average computer. In February 2023, a team from Sweden's KTH Royal Institute of Technology used highly complex deep learning-based side-channel attacks to destabilise Kyber's official implementation, CRYSTALS-Kyber. However, this approach was one of six for which NIST published draft standards last summer, with plans to finalise the competition later this year. 

Kyber flaws 

Meanwhile, the Kyber KEM has been adopted by a number of major organisations. Google announced in August 2023 that it will be employing Kyber-768 as a part of a hybrid system to safeguard Chrome browser traffic at the transport layer security level. Similar to this, Signal secured its "Signal Protocol," which is also used to ensure end-to-end encryption in Google and WhatsApp conversations, in September by implementing Kyber-1024 in conjunction with an elliptic curve key agreement protocol. 

This hybrid approach to leveraging post-quantum encryption standards is intended to safeguard network traffic against attack in case that new vulnerabilities are discovered. Since the KyberSlash vulnerabilities were identified, the researchers say that patches have been implemented by the Kyber development team and AWS. The team also cited a GitHub library written by Kudelski Security. When approached by a local media outlet, the cybersecurity firm stated that the listed code was not utilised in any of its commercial products and should not be used in production, but that it had still incorporated a patch for the KyberSlash vulnerabilities in a new version of the library. 

Nevertheless, Cheng believes it is a significant step forward for the post-quantum encryption community because its focus on flaws has shifted from vulnerabilities in the mathematics that underpins the standards to implementation attacks. “It will be the responsibility of each organisation implementing new encryption to ensure the implementation is robust,” stated Cheng. “That’s why it is so important that teams working on the migration to post-quantum encryption have deep engineering understanding and ideally, existing experience in deploying the cryptographic algorithms. “

Hackers Deploy Agent Tesla Malware via Quantum Builder

A campaign promoting the long-standing.NET keylogger and remote access trojan (RAT) known as Agent Tesla uses a program that is available on the dark web that enables attackers to create harmful shortcuts for distributing malware. 

In the campaign that the experts observed, malicious hackers were using the developer to generate malicious LNK, HTA, and PowerShell payloads used to produce Agent Tesla on the targeted servers. The Quantum Builder also enables the creation of malicious HTA, ISO, and PowerShell payloads which are used to drop the next-stage malware. 

When compared to previous attacks, experts have found that this campaign has improved and shifted toward LNK, and Windows shortcut files. 

A spear-phishing email with a GZIP archive is swapped out for a ZIP file in a second round of the infection sequence, which also uses other obfuscation techniques to mask the harmful behavior. 

The shortcut to run PowerShell code that launches a remote HTML application (HTA) using MSHTA is the first step in the multi-stage attack chain. In turn, the HTA file decrypts and runs a different PowerShell loader script, which serves as a downloader for the Agent Tesla malware and runs it with administrative rights. 

Quantum Builder, which can be bought on the dark web for €189 a month, has recently witnessed an increase in its use, with threat actors utilizing it to disseminate various malware, including RedLine Stealer, IcedID, GuLoader, RemcosRAT, and AsyncRAT. 

Malicious hackers often change their tactics and use spyware creators bought and sold on the black market for crimes. This Agent Tesla effort is the most recent in a series of assaults in which harmful payloads were created using Quantum Builder in cyber campaigns against numerous companies. 

It features advanced evasion strategies, and the developers frequently upgrade these techniques. To keep its clients safe, the Zscaler ThreatLabz team would continue to track these cyberattacks. 

Agent Tesla, one of the most notorious keyloggers used by hackers, was shut down on March 4, 2019, due to legal issues. It is a remote access program built on the.NET platform, that has long existed in the cyber realm, enabling malicious actors to obtain remote access to target devices and transmit user data to a domain under their control. It has been in the public since 2014 and is promoted for sale on dark web forums. 

In a recent attack, OriginLogger, a malware that was hailed as the replacement for the well-known data theft and remote access trojan (RAT) noted as Agent Tesla, had its functioning dissected by Palo Alto Networks Unit 42.



Post-quantum Cryptography Achieves Standardization Milestone

 

The first four standardised protocols for post-quantum cryptography have been released, providing the foundation for the creation of "future-proof" apps and web services. 

Last Monday, the US federal government's National Institute of Standards and Technology (NIST) announced a quartet of recommended protocols as part of a continuing standardisation process. The chosen encryption algorithms will be included in NIST's post-quantum cryptography standard, which is scheduled to be completed within the next two years. 

Four more algorithms are currently being considered for inclusion in the standard. According to NIST, for most use cases, two basic algorithms should be implemented: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). 

In the event that one or more approaches prove insecure, more than one algorithm for each use case is being sought as a backup. NIST recommends CRYSTALS-Dilithium as the principal method for digital signatures, with FALCON for applications that require smaller signatures than Dilithium can offer. SPHINCS, a third algorithm, is slower than the other two but was approved since it is based on a distinct mathematical process and so gives a possibility to increase variety. Dustin Moody of NIST discussed why another round of selection was required.

“Of the four algorithms we selected, one is for encryption and three are for digital signatures,” Moody told The Daily Swig. 

“Of the four algorithms that we will continue to study in the fourth round, all four are encryption algorithms. The primary motivation for this is to find a non-lattice-based signature scheme which is suitable for general purpose use to be a backup for our lattice-based signature algorithms we are standardizing (Dilithium and Falcon),” Moody added. 

He continued: “Our current NIST public-key standards cover encryption and signatures. So that is what our standardization process was targeted for – to replace the vulnerable cryptosystems in those standards. Other functionalities may be considered in the future.” 

The ongoing quest for next-generation cryptographic systems is required since present encryption protocols, such as RSA, rely on solving mathematical problems that are beyond the capabilities of even the most powerful conventional computers. Sufficiently powerful quantum computers, which operate on a fundamentally different paradigm than today's PCs or servers, may be capable of cracking today's public key encryption techniques. Increasing the key length alone will not suffice to counter this possible danger, necessitating the creation of post-quantum cryptography methods. 

Decrypt later, store now

Despite the fact that the present generation of quantum computers is mostly experimental and hampered by engineering hurdles, attackers may be planning for their future availability using "store-now-decrypt-later" assaults.If such attacks are effective, a rising volume of normally encrypted financial, government, commercial, and health-related data will be vulnerable to attack by suitably powerful quantum computers. 

Quantum computers handle computational tasks by relying on the features of quantum states, such as superposition, interference, or entanglement, rather than the basic binary states (0 or 1) of traditional computers. When paired with quantum algorithms, the technology might solve some mathematical problems, such as integer factorization, in a manageably short period, posing a danger to current encryption systems that rely on the current intractability of such issues. Quantum-resistant algorithms are based on arithmetic problems that both traditional and quantum computers should struggle to solve.