Microsoft Adds Post-Quantum Cryptography To an OpenVPN Fork

An anonymous reader writes: Microsoft recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) within OpenVPN. Being developed by the Microsoft Research Security and Cryptography group, as part of their research into post-quantum cryptography, this fork is being used to test PQC algorithms and their performance and functionality when used with VPNs.

Microsoft's PQCrypto-VPN is published on Github and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are: (1) Frodo: a key exchange protocol based on the learning with errors problem (2) SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman and (3) Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs.

Trump will be forked in Federal Prison

Many, many times.

Re:Trump will be forked in Federal Prison

In Soviet America,

Trump Forks You !

Picnic is already broken.

[CajunArson]

Picnic might be secure from quantum computers.

But its basket structures are clearly vulnerable to bear based attacks where the attacker is mathematically proven to be smarter than average.

Re:Picnic is already broken.

Fuck yeah man. That took me a bit.

Re:Picnic is already broken.

[Roger+W+Moore]

But its basket structures are clearly vulnerable to bear based attacks where the attacker is mathematically proven to be smarter than average.

That's definitely a major boo-boo.

Re:Picnic is already broken.

[PoopMonkey]

How do honeypots factor into this?

Re:Picnic is already broken.

Vulnerable to Yogi Bear Attack.

Re:Picnic is already broken.

[bmxer4130]

AntiFA: An abbreviation for Anti First Amendment.

Have you ever been told you have the most punch-able signature?

_NSAKEY

https://en.wikipedia.org/wiki/NSAKEY

Wait!

[frank_adrian314159]

Microsoft? Security? Something doesn't seem quite right.

Re:Wait!

[PolygamousRanchKid+]

Microsoft? Security? Something doesn't seem quite right.

For me, security and Microsoft is not the issue. It's trust and Microsoft.

As in, "I trust Microsoft, as far as I can throw them."

Re:Wait!

[NicknameUnavailable]

Yeah, I fully expect them to implement a secure VPN. I don't trust them not to have backdoors (actual, rotating security holes, or otherwise) at each endpoint. They want access to your data, they have a vested interest in assuring others don't get it without going through them.

Re: Wait!

Only US patriots with US dollars get access to MS confidential data!

Re:Wait!

[AlanBDee]

Well, you can download the source code and examine it for back doors. I know not many will do this but it would be a huge breach of trust by Microsoft if anyone found anything like a back door. Because of this I believe it's far more likely that they created this tool to appease international customers and released it as an open source project to prove it.

Re:Wait!

[Skuld-Chan]

Hur hur - Micro$haft am I right?

Re:Wait!

I'm having trust issues with this project as well, but that has more to do with somebody trying to develop a security solution against goalposts which haven't really been defined yet than it does with the name on the top of the page. They could have done all this work and the first production quantum computer could come along and roast it in .38 seconds. Or maybe it doesn't, but a cluster of them do. They literally just went "hey, we made a thing, but it might not work because we didn't make flux capacitors first".

Re:Wait!

[PolygamousRanchKid+]

Well, you can download the source code and examine it for back doors.

Well, google on "ken thompson compiler backdoor" :-)

You can put some source code in that looks innocuous, but the compiler adds a backdoor when it sees that code:

In 1984 KenThompson was presented with the ACM TuringAward. Ken's acceptance speech Reflections On Trusting Trust (http://cm.bell-labs.com/who/ken/trust.html) describes a hack (in every sense), the most subversive ever perpetrated, nothing less than the root password of all evil.

Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.

Re: Wait!

[Zero__Kelvin]

If my trust in Microsoft could be quantified it would be a large negative number. I trust the code however as it is available on github and I have zero doubt it will be reviewed by experts more qualified than anyone who works at Microsoft. Microsoft knows this as well and even they aren't so stupid as to chance getting caught trying anything unscrupulous in this case.

Re:Wait!

[shubus]

Yah, it sure doesn't sound right. I doubt Microsoft would release code like this unless they've already figured out a backdoor even if it's not obvious in the source code.

Re:Wait!

[AHuxley]

https://www.theguardian.com/wo... (12 Jul 2013)
Recall "... newsletter entry stated that NSA already had pre-encryption access to Outlook email"

MS likes to help with tricky new crypto. Help the NSA.

Re:Wait!

[NicknameUnavailable]

Firstly, I said rotating security holes or otherwise (e.g. "bugs" which get patched regularly with new bugs added in their place.) Secondly, I said endpoints - as in Windows 10 itself is spyware, they aren't so much interested in breaking the VPN if they have the endpoint.

Re:Wait!

But if it's Open Sores, it'll be found fast! I mean, it only took heartbleed forever to be discovered, but that's besides the point.

Re: Wait!

"If my trust in Microsoft could be quantified it would be a large negative number."

  Windows 10 is possibly the worst spyware ever made.

  7 ways Windows 10 pushes ads at you

Re:Wait!

Sure they can release source code, but that does not help if the software binary is overwritten by force pushed updates. And people can not compile it by themselves, as MS requires system binaries to have their signature. In reality this is just a PR gig in their "MS loves open source" tour.

Re: Wait!

[Zero__Kelvin]

You don't seem to understand how git works or any SCM tool works. It is trivially easy to see what has changed and look closely at those changes. So no they won't be "rotating" intentional flaws.

Re: Wait!

[Zero__Kelvin]

What are you going on about? Microsoft doesn't provide the compiler unless you decide to use theirs. No self respecting security expert would use Microsoft's compiler to build secure code. It's gcc or llvm, which are also open source.

Re: Wait!

Not so. The properties of quantum computers are well understood; you can learn about them on an undergrad CS course. It's the engineering that's a problem.

Re: Wait!

[NicknameUnavailable]

You mean they won't do what they've done with every windows product since 95: release monthly patches for known security holes, thereby effectively creating a rotating backdoor only they have access to in a steady state manner due to obfuscation of what "bugs" exist at a given time? That's quite the prediction you've made there, contrasting to several decades of known practice by Microsoft.

Re: Wait!

[NicknameUnavailable]

Also, on a separate note, it's not trivial to rewrite git history but you can Google can the commands for it easily (but perhaps re-read what I've written because I wasn't suggesting anything along those particular lines.) I actually do that when I pushed to GitHub to turn all commits into organizational level bot authors and remove internal email addresses from the list of committers.

Re: Wait!

[Gr8Apes]

Not so. The properties of quantum computers are well understood; you can learn about them on an undergrad CS course. It's the engineering that's a problem.

The properties of something we are still investigating and have no samples of are well understood?

Re: Wait!

[Gr8Apes]

If my trust in Microsoft could be quantified it would be a large negative number.

It exceeds the lower bounds of a long?

I'm 99% sure they will try to slide something into the source. Who says all code submitted was written by MS employees?

Re:Wait!

The backdoor will be in the closed source pqc.dll that they place in the System32 directory. You know they won't subject their backdoors to peer review.

Re: Wait!

You should also compile with several compilers, both different makes and old versions, and compare the output.

I believe that is already suggested in the Ken Thompson paper referred to by GP but am uncertain since it was a while since I read it.

Marketing

Ante-Quantum Cryptography is much, much better, more open, and way more transparent.

After a Quantum

There is nothingness and then !BANG! the next quantum!

GitHub...

[Aethedor]

GitHub... sounds familiar. Can't remember what it was...

Re:GitHub...

You have a disturbingly small penis.

In french PQ

In french PQ stands for Toilette Paper. Everybody will laugh at this name :-D

A HARD problem.

So where's the quantum hardware to making this all work?

Re:A HARD problem.

[BitterOak]

So where's the quantum hardware to making this all work?

I was confused by this point too, till I did some reading. "Post-quantum cryptography" is NOT the same thing as "Quantum cryptography". The former merely refers to cryptographic algorithms for which there are no known algorithms for quantum computers which can break them. So, RSA would not be considered post-quantum, because Shore's algorithm can break it.

Re:A HARD problem.

Shore's algorithm can theoretically break it. If it's physically possible to build a quantum computer capable of executing it in real-world sizes, which hasn't been proven yet.

Re:A HARD problem.

[swillden]

So where's the quantum hardware to making this all work?

I was confused by this point too, till I did some reading. "Post-quantum cryptography" is NOT the same thing as "Quantum cryptography". The former merely refers to cryptographic algorithms for which there are no known algorithms for quantum computers which can break them. So, RSA would not be considered post-quantum, because Shore's algorithm can break it.

All of our current asymmetric algorithms are vulnerable to Shor's (note spelling) algorithm, assuming a sufficiently-large quantum computer. Grover's algorithm can solve any problem that requires searching a solution space of size N in sqrt(N) time. The first means we need new asymmetric algorithms (public/private key algorithms, like RSA and ECC) that are quantum resistant. The second means that our symmetric algorithms and hashes (like AES and SHA-256) have effectively half the bits of security that we thought, so we may need to reach for larger sizes.

Note that at this point all of these issues are theoretical, because no quantum computers large enough to make these attacks practical exist. With respect to Grover's algorithm, the quantum computers not only have to be sufficiently large, they also have to be quite fast because, for example, finding an AES-128 key will require 2^64 operations which is still a lot. However, it seems unwise to assume that we will never have sufficiently large/fast quantum computers and that these attacks will always remain impractical. Cryptographers like to say "attacks always get better", because they almost always do. If you see a vulnerability that might become practial in two or three decades, then you should start thinking about how to address it now, because the attacks may improve more than you expect, faster than you expect, and changing cryptosystems is going to take at least one of those decades.

We have no real way of predicting how fast progress in quantum computing will move, so we should experiment with post-quantum algorithms now, and begin trying to move to them seriously in the near future.

Re:A HARD problem.

You're making too many assumptions. We don't know whether a sufficiently capable quantum computer exists, However, given the NSA's estimated yearly budget, their previous track record, and the estimated number of their employees, it's not unlikely that they could be far ahead of civilian quantum computer development, for example. Other intelligence agencies may have comparable resources. If the history of cryptography has told us anything, then certainly that adversaries with the budget and resources have often been underestimated.

Re:A HARD problem.

Note that at this point all of these issues are theoretical, because no quantum computers large enough to make these attacks practical exist.

Or do they?

Abilities

Meanwhile: I can tie my shoes!

So Interesting!

It's on bleepingcomputer! It's about microsoft! Doing something others have done better already! As always!

Thanks msmash, another vapid bullshit piece, thank you so much for that.

Can't trust Big Software or Gov in crypto

it has to be designed by multiple independent people out of reach from U.S. gov, or it is simply too likely to be broken in secret.

Promise not to patent?

I smell submarine patents lurking in the future.

Unless the inventors are known and have disclaimed any future patent enforcement, this could be a trojan horse to get patent-pending algorithms in wide use.

Re:Promise not to patent?

https://github.com/Microsoft/P... I'll save you the click... its MIT

Shame nobody on /. will be using it.....

[Computershack]

Given that its hosted on Github which since Microsoft bought most of /. say they won't use, then I guess there won't be that many people trying it....

Re:Shame nobody on /. will be using it.....

Judging by the caliber of tech wannabee's who post on this site I doubt any of them would know what to with source code from any repository.

Re:Shame nobody on /. will be using it.....

Given that its hosted on Github which since Microsoft bought most of /. say they won't use, then I guess there won't be that many people trying it....

Hah! I knew Microsoft bought /. Explains a lot...

Trust

[manu0601]

We need a lot of independent researchers opinion on that.

Everyone remember Dual EC DRBG?

post quantum crypto!

[iggymanz]

what a stupid pandering meaningless sound-bite.

it is not known that any current crypto is unbreakable by quantum computing.

Re:post quantum crypto!

But there are people developing quantum algorithms already and Shor's algorithm seems to be how they would be use them to factor large numbers quickly.

Re:post quantum crypto!

While it is true that you could probably prove that post-quantum crypto can be secure, you'd have to first demonstrate that quantum crypto cracking exists. Right now there is no such thing.

Re:post quantum crypto!

[micahraleigh]

That's like saying first a tidal wave has to crash into the power plant to demonstrate it is defeatable.

Protocols

They forgot to include the protocol named 'GONE FISHIN'. I are being serious.

Only binaries in that repo

This repository contains only config files and DLL files. Nothing is open source. Microsoft uses github only for file hosting and nothing they share is open source.

What a joke when M$ pretends to "contribute" to open source projects..

Source supposedly in other repo

[Mathinker]

The source is supposedly in a different repo: https://github.com/Microsoft/o...

See: https://github.com/Microsoft/P...

OTOH, by not reading the repo README, you are supporting a long /. tradition, bravo!

Backdoor! Wanna bet?

I'd bet money that there is an underhanded NSA backdoor is this.
And that this is something tying OpenVPN closer to Microsoft.

It's like letting a former serial murderer who wore the skin of his victims to rape other victims write bills and have them accepted as law.
Mind you, that that analogy is based on real actual behavior of Microsoft, and merely imagines "If Microsoft was a person".
Yeah, such people might still have acceptable ideas here and there, but you better be *really* fuckin' wary!

Combine with underhanded C:

It doesn’t even have to be visible in the original source code.

There was a whole contest, revolving around getting backdoors in under the radar: The Underhanded C Contest (The official perfectly innocent web page for law-abiding good guys)

And you can bet this is serious business for any spying agency on the planet. (Would you ignore it, if you were a spying agency?)

Probably contains...

Deterministic random number generator recommended by NSA!