trnck.dev
blog.trnck.dev
update link to IBM's quantum roadmap
+1
-1
+1
-1
_posts/2023-10-01-hello-internet.md
+1
-1
_posts/2023-10-01-hello-internet.md
···
5
5
6
6
As we're already accustomed to, the web becomes more secure every single day. This time around, we're discussing two emerging standards: Kyber-based hybrid post-quantum key exchange and <abbr title="Encrypted Client Hello">ECH</abbr>. Both are currently "Active Internet-Draft"s, yet they've already begun to roll out on major sites, at least one of them.
7
7
8
-
Let's start with Kyber. Now that we have quantum computers and their qubits are [ever-increasing](https://www.ibm.com/quantum/roadmap), we need to start thinking about protecting our quantum-vulnerable encryption algorithms against them. Fortunately, this neither means that your data is at risk now or that we need to replace all cryptography at use today. The algorithms vulnerable to quantum computers implementing Shor's algorithm are the ones used for key exchange, the part of an encrypted communication responsible for setting up a shared key. The biggest ones we're aiming to replace are <abbr title="Diffie-Hellman">DH</abbr>, <abbr title="Elliptic Curve Diffie-Hellman">ECDH</abbr>, and RSA.
8
+
Let's start with Kyber. Now that we have quantum computers and their qubits are [ever-increasing](https://www.ibm.com/quantum/technology#roadmap), we need to start thinking about protecting our quantum-vulnerable encryption algorithms against them. Fortunately, this neither means that your data is at risk now or that we need to replace all cryptography at use today. The algorithms vulnerable to quantum computers implementing Shor's algorithm are the ones used for key exchange, the part of an encrypted communication responsible for setting up a shared key. The biggest ones we're aiming to replace are <abbr title="Diffie-Hellman">DH</abbr>, <abbr title="Elliptic Curve Diffie-Hellman">ECDH</abbr>, and RSA.
9
9
10
10
<abbr title="The National Institute of Standards and Technology">NIST</abbr> is on track to standardize the Lattice-based CRYSTALS-Kyber algorithm as a successor to the vulnerable ones by 2024. Some very clever engineers have already embarked on real-world implementations: Signal [recently unveiled](https://signal.org/blog/pqxdh/) their take on the impending standard: Post-Quantum Extended Diffie-Hellman or PQXDH for short. The Signal protocol update features a hybrid[^1] blend of the current KEM, X25519 (ECDH), **and** CRYSTALS-Kyber, for a simple reason: new encryption standards, are often broken[^2], but rarely on day one. This approach mirrors the trajectory of the latest post-quantum hybrid key agreement algorithms for TLS: X25519Kyber512Draft00 and X25519Kyber768Draft00, both encapsulating X25519 + Kyber. They have been under beta testing by tech giants like Google and Cloudflare for over a year now. [[1](https://blog.cloudflare.com/post-quantum-for-all/)]
11
11