back

The year in post-quantum crypto

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:10:00
Language
English
Abstract
The world is finally catching on to the urgency
of deploying post-quantum cryptography:
cryptography designed to survive attacks by quantum computers.
NIST's post-quantum competition is in full swing,
and network protocols are exploring post-quantum extensions.
This talk will take the audience on a journey
through selected recent highlights
from the post-quantum world.

Post-quantum cryptography has become one of the most active
areas in cryptography,
trying to address important questions from potential users.

Is post-quantum cryptography secure?
In the first ten months of this year
we have seen several serious breaks
of submissions to the NIST competition.
At this point, out of the original 69 submissions,
13 are broken and 8 are partially broken.
Are the remaining 48 submissions all secure?
Or is this competition a denial-of-service attack
against the cryptanalysis community?
NIST will select fewer candidates for the 2nd round,
but it is not clear whether there is an adequate basis
for judging security.

Does post-quantum cryptography provide
the functionality we expect from cryptography?
For example,
the original Diffie-Hellman system
provides not just encryption
but also more advanced features
such as non-interactive key exchange
(not provided by any NIST submissions)
and blinding.
The era of post-NIST post-quantum cryptography has begun
with the exciting new CSIDH proposal,
which has non-interactive key exchange
and is smaller than any NIST submission,
but uses more CPU time and needs much more study.

Is post-quantum cryptography small enough?
Even for network protocols that rely purely on encryption,
integration remains a major problem
because of the bandwidth requirements of most post-quantum systems,
especially the post-quantum systems
with the strongest security track records.
Experiments with integration of post-quantum cryptography into TLS
have focused on encryption without post-quantum authentication.
A new generation of network protocols
has been designed from the ground up for full post-quantum security.

Is post-quantum cryptographic software fast enough,
and is it safe to use?
Adding post-quantum cryptography
to the cryptographic software ecosystem
has produced a giant step backwards in software quality.
Major areas of current activity include
software speedups,
benchmarking,
bug fixes,
formal verification,
patent avoidance, and
development of post-quantum software libraries
such as Open Quantum Safe and libpqcrypto.

The talk will be given as a joint presentation
by Daniel J. Bernstein and Tanja Lange.

Talk ID
9926
Event:
35c3
Day
2
Room
Dijkstra
Start
11:30 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
djb
Tanja Lange
Talk Slug & media link
35c3-9926-the_year_in_post-quantum_crypto

Talk & Speaker speed statistics

Very rough underestimation:
168.0 wpm
961.6 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
168.0 wpm
961.6 spm
submissionspeoplekeycodebigsecurityquantumpost-quantumsystemsthingtlpubliccryptographynistdjbkeyssignaturethingssystembrokenmessagesubmissionsmallgoodworkcryptobytesellipticlaughterattacksthreepatentsecureniceprettysizesrsatalksizeanalysiscurvespatentsproblemencryptionbitcalledyearscompetitionyearcurve