Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBerry Races Ahead of Security Curve With Quantum-Resistant Solution (techcrunch.com)

Posted by BeauHD on from the intentionally-vague-announcements dept.

An anonymous reader quotes a report from TechCrunch: Quantum computing represents tremendous promise to completely alter technology as we've known it, allowing operations that weren't previously possible with traditional computing. The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility. The solution, which will be available next month, is actually the product of a partnership between BlackBerry and Isara Corporation, a company whose mission is to build quantum-safe security solutions. BlackBerry is using Isara's cryptographic libraries to help sign and protect code as security evolves.

"By adding the quantum-resistant code signing server to our cybersecurity tools, we will be able to address a major security concern for industries that rely on assets that will be in use for a long time. If your product, whether it's a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks," Charles Eagan, BlackBerry's chief technology officer, said in a statement. Some of the long-lived assets include aerospace equipment, connected cars, or transportation infrastructure -- basically anything that will still be in use several years from now when quantum computing attacks are expected to emerge.

7 of 39 comments (clear)

  1. Uh huh by Desler · · Score: 4, Interesting

    Why would anyone trust them after this article:

    https://www.forbes.com/sites/t...

  2. Yeah? Available for years. by Anonymous Coward · · Score: 2, Informative

    How is this better than AES-CMAC?
    Quantum only affects asymmetric cypher's mainly used for key distribution as far as I know.
    Symmetric cypher's like AES should be unaffected if you just up the number of bits a bit.

    1. Re:Yeah? Available for years. by WaffleMonster · · Score: 3, Informative

      How is this better than AES-CMAC?
      Quantum only affects asymmetric cypher's mainly used for key distribution as far as I know. Symmetric cypher's like AES should be unaffected if you just up the number of bits a bit.

      Code signing as a practical matter to be useful requires asymmetric encryption.

  3. Sound like... by Tomahawk · · Score: 3, Insightful

    Those last 2 sentences read like the blurb you get when someone is just randomly adding technical words to something to make it sound like it actually is something worth having, but isn't.

    Giving the benefit of the doubt here, does anyone have any links to technical papers about this quantum-resistant cryptographic solution?

    1. Re:Sound like... by OzPeter · · Score: 4, Funny

      Giving the benefit of the doubt here, does anyone have any links to technical papers about this quantum-resistant cryptographic solution?

      I had one on my desk here, but then I looked at it.

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:Sound like... by thePsychologist · · Score: 2

      The solutions that ISARA says are in their suite are not new solutions developed by them. For example, two systems they use are the McEliece PKE and NewHope. The former is based on coding theory and the latter is based on ring learning with errors. You can put those terms into Google/Google scholar and find a bunch of papers on them.

      Typically so-called quantum resistant algorithms are just based on a different class of problems related to lattice problems, like finding the nearest lattice vector close to some point. Such algorithms are believed to be quantum resistant because they are typically in a class of problems that are supposed to be hard, like NP-complete for instance or some other related class.

      Some of them are quite old. The reason why they were not used before is because they are worse in some ways compared to RSA or discrete log. Worse for example in having a large plaintext to ciphertext expansion, or needing huge key lengths. Of course with the possible coming of quantum computing, we would be better off accepting some of these trade-offs now.

      --
      "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
    3. Re:Sound like... by Bob+the+Super+Hamste · · Score: 3, Informative

      Since symmetric key ones are resistant, just increase the key length which is why there is a required 256 bit option for all AES entrants, you want to look at asymmetric key crypto. Here there are 2 main options available. The first is Lattice-based crypto and the other is Multivariate crypto. Both defeat Shor's algorithm which is the one to be worried about with asymmetric key crypto.

      --
      Time to offend someone