Welcome to the 24th edition! Let’s dive right in…

Quantum: Jekyll or Hyde?

If you’re interested in quantum cybersecurity, you should check out the paper published on arXiv last week:

“Assessing the Benefits and Risks of Quantum Computers”

It’s a broad title and a broad paper. Thirty-four pages of dense text attempt to answer the question: “Will quantum computers be economically impactful before they become a threat to cryptography?”

The authors are all big hitters in the quantum and cyber worlds, so I was keen to read it. Here are some takeaways on the crypto side:

• (Spoiler) The authors expect economic benefits to arrive first. Quantum computers that threaten cryptography are expected to arrive later.

• Several techniques appear promising for accelerating the arrival of economic value on quantum computers. However, there’s no known work in the literature that enables cryptanalysis to be performed using those same techniques.

• It is unlikely that cryptanalysis will be possible without fault tolerance. The same may not be true for economically useful activities.

• Section 4.2 provides a summary of the best resource estimates for running Shor's and breaking RSA and ECC. Later in that section, it is noted that RSA will be far harder to break than ECC for the same security strength, based on the state-of-the-art approaches.

• Section 5 goes into quite some detail on quantum-safe migrations. (I said it was a broad paper!). There is nothing fundamentally new in there from my perspective, but it’s a good read for those who don't know the topic.

Is it important to know which milestone comes first (cryptanalysis vs business use cases)? I’m not sure it is. But in answering that curious question, this paper consolidated a lot of interesting data and perspectives, which will prove helpful to the quantum cyber community.

You can read the paper here: https://arxiv.org/abs/2401.16317.

P.S. I lack a PhD in quantum computing, so I was taking much of this paper at face value.

That Certificate Looks Familiar!

Today I learned that public CAs issue certificates for compromised private keys every day!

The aptly named “pwnedkeys” service publishes a warning every time a compromised private key is certified. It scrapes the Certificate Transparency logs and compares the thumbprints of new certificates against a naughty list of broken keys. Each time a match is found, it's added to the database and posted online.

In case you’re wondering, private keys become compromised (i.e. known publicly) for all sorts of reasons. Often, developers post them to GitHub by mistake. Sometimes, software or hardware mistakes result in private keys being overly predictable.

Whatever the reason for the compromise, it’s a bad idea for a CA to issue a certificate for a broken key. And yet they do it every day.

The numbers are not staggering. However, we can assume this is the tip of the iceberg. This service is run by one guy doing his best to spot broken keys using Internet searches, and there are still several hits a day.

You can read more about this service in this blog post. And you can see the bot announcing compromises here.

Prepare Your Photons

ETSI just published an update to their Common Criteria Protection Profile for QKD.

The original document was launched with some fanfare in early 2023. It targets prepare-and-measure QKD devices (only) and helps manufacturers prepare their equipment for evaluation at a testing house.

I couldn’t see a changelog for this document, so I’m not sure what has been tweaked. But presumably, the updates are to address a year of feedback from companies passing through the process.

You can find a link to the document on the ETSI website: https://www.etsi.org/committee/qkd.