0

Are there any quantum computing-secure open key exchange algorithms already implemented in SSL/TLS which I could use on my web server? As far as I know all the available-options like RSA, DH, elliptic curves etc are insecure to quantum computer brute-force.

If (I assume) the answer is NO, are there any activities by major industry players to allow QC-secure algorithms in the near future?

L00P3R
  • 157
  • 1
  • 9
Nikolai
  • 1
  • 2
    In theory there is an NTRU based suite around. But I don't think any popular library supports it. – CodesInChaos Nov 07 '17 at 21:28
  • Quantum-secure crypto is typically called [post-quantum cryptography](https://en.wikipedia.org/wiki/Post-quantum_cryptography). – Sjoerd Jun 25 '18 at 08:18

2 Answers2

1

No, because all of them may be potentially broken by Shor’s algorithm. Such attacks may require trillions of operations on millions of physical qubits, but defending against them may still be a good practice.

In such case, symmetric cryptography may be used to solve the problem. Even though Grover’s algorithm affects the wide range of them (such as popular AES and SHA), some algorithms are still secure (GMAC59 and Poly1305) which both are MAC functions. The field is very new and quantum cryptography field is in active research now.

Google did some research on the field with New Hope project.

Also, PQCRYPTO project has published some general recommendations.

Alexey Mozzhakov
  • 29
  • 4
  • Agreed with the above. Quantum security when it comes to encryption will most likely based on fractal algorithms. Anything less will not be sufficient. – Overmind Nov 08 '17 at 08:10
  • Doesn't Grover's algorithm affects all crypto algorithms? How is Poly1305 resistant to Grover's algorithm? – Sjoerd Nov 08 '17 at 16:01
1

Are there any quantum computing-secure open key exchange algorithms already implemented in SSL/TLS which I could use on my web server?

The TLS specification allows negiotiating any encryption method to use between the client and the server, so in theory TLS can be used with quantum safe algorithms. Unfortunately, the standard implementations (openssl) currently don't support such algorithms.

There are some projects that aim to change this, such as Open Quantum Safe:

We've integrated liboqs into a fork of OpenSSL v1.0.2 to provide prototype post-quantum key exchange ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified OpenSSL to prototype quantum-resistant cryptography in Apache httpd or other applications that rely on OpenSSL. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".

So it is currently technically possible to provide quantum safe crypto, but it is still experimental.

As far as I know all the available-options like RSA, DH, elliptic curves etc are insecure to quantum computer brute-force.

All the currently used asymmetric algorithms (RSA, ECC, DH) can be broken by a quantum computer. There isn't really any "brute-force" involved either. I wrote a blog post about how this works.

are there any activities by major industry players to allow QC-secure algorithms in the near future?

Yes:

Sjoerd
  • 28,707
  • 12
  • 74
  • 102