The Linux Foundation Projects
Skip to main content
Category

Uncategorized

Post-Quantum Cryptography: Preparing for a Quantum Future

By Uncategorized No Comments

Author:  Sal Kimmich

In a recent presentation to the Confidential Computing Consortium’s Technical Advisory Committee, Hart Montgomery discussed the pressing topic of post-quantum cryptography (PQC). The presentation highlighted the looming threat posed by quantum computers to traditional public key cryptography and outlined the proactive steps necessary to secure digital information in a post-quantum world.

The Quantum Threat

Montgomery began by addressing the fundamental issue: quantum computers, once sufficiently powerful, will be able to break nearly all existing widely deployed public key cryptography methods. These methods include widely used standards like RSA, DSA, and elliptic curve cryptography (including ECDSA). The crux of the problem is that quantum computers can solve complex mathematical problems—such as factoring large numbers and the discrete logarithm problem—exponentially faster than classical computers, rendering current cryptographic techniques vulnerable. ​ 

  • RSA (Rivest–Shamir–Adleman): A widely used public-key cryptosystem that relies on the difficulty of factoring large integers. Learn more about RSA.
  • DSA (Digital Signature Algorithm): A Federal Information Processing Standard for digital signatures, based on the difficulty of solving discrete logarithms. Learn more about DSA.
  • ECDSA (Elliptic Curve Digital Signature Algorithm): A cryptographic algorithm used by many standards for digital signatures that relies on the hardness of discrete logarithm over elliptic curves. Learn more about ECDSA.

Why Does This Matter?

The implications of quantum computers’ ability to break these cryptographic methods are far-reaching. A particularly concerning scenario is the “harvest now, decrypt later” problem, where adversaries could intercept and store encrypted data today, only to decrypt it in the future when quantum computing is sufficiently advanced. This is especially problematic for sectors like finance, where regulations often require data to be secure for decades. All experts queried by Global Risk Institute’s 2023 Quantum Threat report agreed that shift is likely to occur within the next 3 decades. 

The Power of Quantum Computing

To better understand the quantum threat, Montgomery provided a brief overview of quantum computing’s capabilities. Quantum computers operate using quantum bits, or qubits, which can exist in a superposition of states, allowing for massive parallelism in some computations. This property enables quantum algorithms, such as Shor’s algorithm, to solve problems like integer factorization exponentially faster than classical algorithms.

Shor’s algorithm, in particular, presents a significant threat to cryptography. It can factor large numbers exponentially faster than the best-known classical algorithms, such as the General Number Field Sieve (GNFS). For example, while classical algorithms might take an impractically long time to factor a 1,000-digit number, a quantum computer running Shor’s algorithm could potentially do so in a feasible amount of time.

  • Quantum Superposition: A fundamental principle of quantum mechanics where a quantum system can exist in multiple states simultaneously. Learn more about superposition.
  • Shor’s Algorithm: A quantum algorithm that can efficiently factorize large integers, threatening current public-key cryptographic systems. Learn more about Shor’s Algorithm.
  • General Number Field Sieve (GNFS): The most efficient classical algorithm for factoring large integers. Learn more about GNFS.

Quantum-Safe Cryptography

To counter the quantum threat, the cryptographic community has been developing quantum-safe cryptographic algorithms. These new methods are based on mathematical problems that are believed to be resistant to quantum attacks. One of the leading approaches is lattice-based cryptography, which involves complex mathematical structures known as lattices.

Montgomery emphasized the importance of transitioning to quantum-safe cryptography well before quantum computers reach a stage where they can break existing cryptographic systems. The timeline for the advent of quantum computers remains uncertain, with experts estimating that powerful quantum computers could emerge within the next 15 to 30 years. For organizations that need to secure data for extended periods, the shift to quantum-safe methods is urgent.

Standardization Efforts and Challenges

Montgomery highlighted the extensive efforts to standardize post-quantum cryptography. The National Institute of Standards and Technology (NIST) has been leading a global initiative to develop and evaluate quantum-safe algorithms. This process has involved rigorous review and testing by cryptographers worldwide. The first set of standardized algorithms were released in August 2024, with four key candidates emerging: Kyber, Dilithium, and Sphincs+.

While these algorithms offer security against quantum attacks, they also introduce challenges. One significant issue is the larger key sizes and computational overhead associated with these new methods. For example, lattice-based schemes like Kyber and Dilithium require larger keys and ciphertexts, which could impact performance in certain applications, particularly those involving large-scale or high-frequency cryptographic operations.

  • NIST (National Institute of Standards and Technology): A U.S. federal agency that develops and promotes measurement standards, including cryptographic standards. Learn more about NIST.
  • Kyber: A lattice-based key encapsulation mechanism (KEM) designed for post-quantum security. Learn more about Kyber.
  • Dilithium: A lattice-based digital signature algorithm designed for post-quantum security. Learn more about Dilithium.
  • Falcon: A compact lattice-based digital signature scheme optimized for post-quantum security. Learn more about Falcon. (standards still developing)
  • Sphincs+: A stateless hash-based digital signature scheme that provides post-quantum security. Learn more about Sphincs+.

Impact on Confidential Computing

The discussion also touched on the implications for confidential computing, particularly in areas like attestation, which heavily relies on cryptographic methods. Attestation is a critical component in confidential computing, used to verify the integrity and authenticity of a system or software environment. 

Montgomery noted that while the transition to post-quantum cryptography will require careful planning, many aspects of confidential computing, such as firmware and microcode, may not require significant hardware changes to implement quantum-safe cryptographic algorithms.

However, he did caution that the larger key sizes and ciphertexts associated with post-quantum cryptography could pose challenges in scenarios where numerous attestations (process of verifying the integrity and authenticity of a computing environment) or key exchanges occur frequently. Despite these challenges, the transition is crucial to ensure the long-term security of confidential computing environments.

The Post-Quantum Cryptography Alliance

To further advance the adoption of quantum-safe cryptography, Montgomery introduced the Post-Quantum Cryptography Alliance, The alliance’s goal is to build high-quality, quantum-safe cryptographic code and foster collaboration between the research community and developers to refine cryptographic algorithms that are resistant to quantum attacks. The alliance is structured similarly to other Linux Foundation projects, with an emphasis on open collaboration and transparency. Two key projects within the alliance are the Open Quantum Safe (OQS) project and the PQ Code Package project. OQS focuses on the development and implementation of quantum-safe algorithms, while the PQ Code Package project is dedicated to creating formally verified, high-assurance implementations of quantum-safe standards like Kyber.

Looking towards the Quantum Computing Era 

Post-Quantum Cryptography (PQC) addresses the quantum threat by developing cryptographic algorithms that can withstand attacks from quantum computers, ensuring that encrypted data remains secure and that signatures cannot be forged. Meanwhile, Confidential Computing (CC) protects data in use through secure enclaves and hardware-based security features, safeguarding sensitive computations from unauthorized access. 

Together, PQC and CC provide a layered security approach that covers the entire data lifecycle—from protection at rest and in transit to safeguarding data during processing. As digital threats evolve, integrating both PQC and CC into security strategies is vital for organizations looking to future-proof their operations. These technologies are not just essential on their own; they complement each other, forming the foundation of tomorrow’s secure computing environment.

As we approach the era of quantum computing, the need for quantum-safe cryptography becomes increasingly urgent. Hart Montgomery’s presentation underscored the importance of proactive measures, including the development and standardization of post-quantum cryptographic methods. While challenges remain—such as increased computational overhead and larger key sizes—the work being done today will be crucial in securing our digital future against the quantum threat.

You can watch the entire discussion on the CCC youtube channel

2023 CCC Open Source Highlights

By Blog, Uncategorized No Comments

In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community.

Our technical community made great strides on each of these. Our open source project portfolio is wider and more mature. Outside of the CCC we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.

Projects

We grew projects in two vectors. First, for our existing projects we wanted to make sure they were useful and adopted. The prime example of that is Gramine moving to Graduated status as a reflection of its maturity and broad adoption.

Second, as a still young consortium we have plenty of room to add projects to address new areas or bring new approaches to existing areas. We are delighted to have made a home for new projects originating from Red Hat, Intel, VMWare/Broadcom, Samsung, and Suse. They join a portfolio originally provided by Red Hat, Microsoft, UNC, Intel, UC Berkeley, and Arm. These projects are now in an open governance setting where individuals unaffiliated with these organizations can bring their talents and contributions.

VirTEE provides tools and libraries to make development, management, and attestation of  Virtualization-based Confidential Computing easier.

Spdm-rs implements key protocols to bring devices into the Confidential Computing boundary like accelerators for AI/ML workloads.

The Certifier Framework aims to bridge across different Confidential Computing environments for one coherent application experience.

Islet broadens our portfolio from a cloud and server focus out to phones and other mobile devices.

Finally, coconut-svsm creates a secure layer under the OS to provide trusted capabilities like virtual TPMs.

Some of these projects are still on-boarding and will be listed on the CCC website soon.

Ecosystem

One of the exciting things about Confidential Computing is that it is both developing and yet already in production. As an open source organization, we tend to focus on the development, but we also serve a role in explaining how to use it in production to solve real problems.

In 2023 we generated a number of articles in plain language about topics from attestation to homomorphic encryption. We also broadened out from our own channels to respond to government RFCs and engage other standards organizations. Our Governance, Risk, and Compliance SIG takes point on these matters and coordinates inputs from our community’s wide pool of subject matter experts. You are welcome to join us on Wednesdays.

The Attestation SIG is one of our most educational forums. This past year we made sense of a wide array of formats and attestation patterns. Our Cloud Service Providers (CSPs) discussed their attestation services and took inputs on how to evolve them to meet emerging standards while contributors from IETF, TCG, and other standards organizations shared their directions and took input on how to address requirements from hardware, software, and service vendors.  The SIG also harmonized attestation approaches for TLS. A subteam produced a spec, implemented some open-source code and got the spec adopted in the IETF.  All that in ~1 year, which by standardization time standards is quite a remarkable feat. To contribute or learn more please join us Tuesdays or make some popcorn and enjoy our youtube feed.

In our last TAC meeting of the year we ratified a new SIG. We all rely so much on the Linux kernel and yet that’s not an area where the consortium has focused. We’ll be writing up more about our plans in a separate post, but for now we’ll just note that in 2023 we recognized that engaging more with the Linux Kernel community is one of the most important things we can do to make Confidential Computing easy to adopt.

Community

It’s said that culture is more important than any individual policy or initiative of an organization. In the CCC we have a culture of Inclusivity and of Minimum Viable Governance. One way to think about that is we prioritize our resources in ways to include everyone. In the past that has included funded internships to welcome people to our community. 2023’s incremental step was identifying conferences where we can reach communities that are underrepresented in the CCC. In some cases we became aware of a conference after a deadline and so headed into 2024 we look to build on what we learned in 2023 to reach the widest possible audience. Given the rate of growth we saw in 2023, 2024 is going to be a big year for Confidential Computing and our Consortium. We are glad to have a sound culture to grow from and the opportunity to expand to make computing more secure.

Finally, as just a teaser for one more announcement hitting the news in 2024… we closed out 2023 by hiring a Technical Community Architect. We found an excellent energetic person to help activate things for CCC maintainers, grow contributors, and help champion our projects in the open source ecosystem.

2024 is going to be great!