Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBerry Races Ahead of Security Curve With Quantum-Resistant Solution (techcrunch.com)

Posted by BeauHD on from the intentionally-vague-announcements dept.

An anonymous reader quotes a report from TechCrunch: Quantum computing represents tremendous promise to completely alter technology as we've known it, allowing operations that weren't previously possible with traditional computing. The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility. The solution, which will be available next month, is actually the product of a partnership between BlackBerry and Isara Corporation, a company whose mission is to build quantum-safe security solutions. BlackBerry is using Isara's cryptographic libraries to help sign and protect code as security evolves.

"By adding the quantum-resistant code signing server to our cybersecurity tools, we will be able to address a major security concern for industries that rely on assets that will be in use for a long time. If your product, whether it's a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks," Charles Eagan, BlackBerry's chief technology officer, said in a statement. Some of the long-lived assets include aerospace equipment, connected cars, or transportation infrastructure -- basically anything that will still be in use several years from now when quantum computing attacks are expected to emerge.

24 of 39 comments (clear)

  1. Uh huh by Desler · · Score: 4, Interesting

    Why would anyone trust them after this article:

    https://www.forbes.com/sites/t...

    1. Re:Uh huh by Anonymous Coward · · Score: 1

      Did you actually read the article?

      "Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption?

      "Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done."

      Because if a government "orders" you to do something through a court document, then what choice do you have? If they've designed the system properly (and remember that the NSA licensed BB's patents for ECC), then the attempt will fail.

  2. Yeah? Available for years. by Anonymous Coward · · Score: 2, Informative

    How is this better than AES-CMAC?
    Quantum only affects asymmetric cypher's mainly used for key distribution as far as I know.
    Symmetric cypher's like AES should be unaffected if you just up the number of bits a bit.

    1. Re:Yeah? Available for years. by Desler · · Score: 1

      This is guaranteed to be backdoored for law enforcement. Oh wait did you mean better for the plebes? Oh, it's not.

    2. Re:Yeah? Available for years. by Anonymous Coward · · Score: 1

      The solution is "longer keys". By example, a 8192-bit key for RSA protocol maybe unbreakable by a quantum-machine for tens of years.

    3. Re:Yeah? Available for years. by iggymanz · · Score: 1

      that's okay, it's hardly provably "quantum resistant" anyway; it's the same as any other encryption in that regard. Bunch of marketing hooey is all...

    4. Re:Yeah? Available for years. by sexconker · · Score: 1

      The hard truth we may end up facing is that asymmetric cryptography may be entirely dead, while symmetric cryptography survives, with everything boiling down to key length. If that happens, then good luck with your key exchange protocols, your cryptocurrencies, and just about everything else using the public internet.

      If quantum attacks on asymmetric encryption prove viable in real-world usage, they may lead to the discovery (or exposure, depending on your hat's material) of fun new math that lets us break them classically..

    5. Re:Yeah? Available for years. by WaffleMonster · · Score: 3, Informative

      How is this better than AES-CMAC?
      Quantum only affects asymmetric cypher's mainly used for key distribution as far as I know. Symmetric cypher's like AES should be unaffected if you just up the number of bits a bit.

      Code signing as a practical matter to be useful requires asymmetric encryption.

    6. Re:Yeah? Available for years. by WaffleMonster · · Score: 1

      Quantum computing can produce and try EVERY possible solution to a given problem simultaneously.

      No it can't.

      How would that not break symmetric encryption too?

      Enabling premise is false.

    7. Re: Yeah? Available for years. by Tomahawk · · Score: 1

      Not quite. They can't, for example, test all possibilities of a 128bit symmetric key. It doesn't actually work like that. Never mind a 256 or 512 bit key.

      However, they can be used to factor numbers very fast. Private Keys consist of 2 very large prime numbers (plus some stuff) and the correspondingly Public Key consists of the product of those 2 primes (plus some stuff).
      Factoring the public key into the 2 primes is very hard using current technology. Quantum Computing makes this much much easier.

      It's this asymmetric (i.e. public/private key) encryption that's mainly at risk here. And public/private key encryption is used, like, everywhere. Every https website, for example -- like your bank.

    8. Re:Yeah? Available for years. by Bob+the+Super+Hamste · · Score: 1

      Quantum computers are not non-deterministic Turing machines that can magically solve and verify a NP problem in P time. However they do offer a substantial speed improvement. Looking at symmetric key encryption schemes a quantum computer can use Grover's Algorithm to speed up key cracking and the speed up is impressive but no where near going from NP to P. So instead of taking 2^N attempts it will take 2^(N/2) attempts. Because the algorithm was known when AES was being designed the competition specified that there be a 256 bit key length option because cracking a 256 bit key on a quantum computer is as difficult as cracking a 128 bit key is on classical computers, and that would take a sizeable portion of the total US annual energy output to accomplish on an ideal computer which we are very far from.

      For most asymmetric key crypto schemes there is Shor's Algorithm which basically makes RSA and EC symmetric key encryption pointless but there are schemes like Lattice-based crypto or Multivariate crypto that resist Shor's Algorithm and other known attacks from quantum and classical computers. EC crypto is really weak against quantum computers, much worse than RSA, so should not be looked to as a solution.

      --
      Time to offend someone
    9. Re:Yeah? Available for years. by JoeDuncan · · Score: 1

      No it can't.

      Useless answer.

      Enabling premise is false.

      Pointless redundant statement.

  3. Sound like... by Tomahawk · · Score: 3, Insightful

    Those last 2 sentences read like the blurb you get when someone is just randomly adding technical words to something to make it sound like it actually is something worth having, but isn't.

    Giving the benefit of the doubt here, does anyone have any links to technical papers about this quantum-resistant cryptographic solution?

    1. Re:Sound like... by OzPeter · · Score: 4, Funny

      Giving the benefit of the doubt here, does anyone have any links to technical papers about this quantum-resistant cryptographic solution?

      I had one on my desk here, but then I looked at it.

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:Sound like... by thePsychologist · · Score: 2

      The solutions that ISARA says are in their suite are not new solutions developed by them. For example, two systems they use are the McEliece PKE and NewHope. The former is based on coding theory and the latter is based on ring learning with errors. You can put those terms into Google/Google scholar and find a bunch of papers on them.

      Typically so-called quantum resistant algorithms are just based on a different class of problems related to lattice problems, like finding the nearest lattice vector close to some point. Such algorithms are believed to be quantum resistant because they are typically in a class of problems that are supposed to be hard, like NP-complete for instance or some other related class.

      Some of them are quite old. The reason why they were not used before is because they are worse in some ways compared to RSA or discrete log. Worse for example in having a large plaintext to ciphertext expansion, or needing huge key lengths. Of course with the possible coming of quantum computing, we would be better off accepting some of these trade-offs now.

      --
      "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
    3. Re:Sound like... by Tomahawk · · Score: 1

      I'll look them up. Thanks.

      One wonders -- with the onset of Quantum Computing, what new public/private key algorithms could be created based on Quantum Computing itself?

    4. Re:Sound like... by Bob+the+Super+Hamste · · Score: 3, Informative

      Since symmetric key ones are resistant, just increase the key length which is why there is a required 256 bit option for all AES entrants, you want to look at asymmetric key crypto. Here there are 2 main options available. The first is Lattice-based crypto and the other is Multivariate crypto. Both defeat Shor's algorithm which is the one to be worried about with asymmetric key crypto.

      --
      Time to offend someone
  4. Superposition by Anonymous Coward · · Score: 1

    It's simple. To make their hardware quantum-resistant they simply pushed it into the super position of being both off and on but unused. Their next step is to involve concrete.

  5. I'm confused by fahrbot-bot · · Score: 1

    BlackBerry Races Ahead of Security Curve With Quantum-Resistant Solution

    So, does mean they won't run the latest versions of Firefox?

    --
    It must have been something you assimilated. . . .
  6. Well that was remarkably vacuous by Crashmarik · · Score: 1

    It's a quantum resistant solution.

    Err How does it work, what makes it quantum resistant, how long is it expected to be resistant

    ***Crickets****

    Might as well be a press release for Blackberry.

  7. If? by quonset · · Score: 1

    If your product, whether it's a car or critical piece of infrastructure, needs to be functional 10-15 years from now

    What do you mean, if it needs to be functional 10 years from now? My car IS 10 years old and in perfect working condition. It better damn well last another decade (barring people slamming into me which has happened).

    This is the problem with technology. Anything over six months old is considered not worth it to keep around. A three year-old product is considered ancient.

  8. Oh for FUCK's sake! by Opportunist · · Score: 1

    If your product, whether it's a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to disconnect it from an insecure network like the internet.

    It IS actually that simple!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re: Just sha512sum the tarball by NoseyNick · · Score: 1

    The problem isn't the checksum, nor how to make the checksum. The problem is how to know "what you expect" is correct, if it wasn't signed... by public:private crypto.

    --
    Nick Waterman, Sr Tech Director, #include <stddisclaimer>
  10. What about Key Escrow? by Agripa · · Score: 1

    Does quantum encryption solve the key escrow problem? Or would not implementing key escrow be necessary for that?

    After what happened with BlackBerry, why would I trust anything they say or do? They are as trustworthy as RSA which is to say, not trustworthy at all.