NishMath - #encryption

The UK's National Cyber Security Centre (NCSC) has released a roadmap for transitioning to post-quantum cryptography (PQC), establishing key dates for organizations to assess risks, define strategies, and fully transition by 2035. This initiative aims to mitigate the future threat of quantum computers, which could potentially break today's widely used encryption methods. The NCSC’s guidance recognizes that PQC migration is a complex and lengthy process requiring significant planning and investment.

By 2028, organizations are expected to complete a discovery phase, identifying systems and services reliant on cryptography that need upgrades, and draft a migration plan. High-priority migration activities should be completed by 2031, with infrastructure prepared for a full transition. The NCSC emphasizes that these steps are essential for addressing quantum threats and improving overall cyber resilience. Ali El Kaafarani, CEO of PQShield, noted that these timelines give clear instructions to protect the UK’s digital future.

Researchers have also introduced ZKPyTorch, a compiler that integrates ML frameworks with ZKP engines to simplify the development of zero-knowledge machine learning (ZKML). ZKPyTorch automates the translation of ML operations into optimized ZKP circuits and improves proof generation efficiency. Through case studies, ZKPyTorch successfully converted VGG-16 and Llama-3 models into ZKP-compatible circuits.


References :

• The Quantum Insider: UK Sets Timeline, Road Map for Post-Quantum Cryptography Migration
• The Register - Security: The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC
• Dhole Moments: Post-Quantum Cryptography Is About The Keys You Don’t Play
• IACR News: ePrint Report: An Optimized Instantiation of Post-Quantum MQTT protocol on 8-bit AVR Sensor Nodes YoungBeom Kim, Seog Chung Seo Since the selection of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) standardization algorithms, research on integrating PQC into security protocols such as TLS/SSL, IPSec, and DNSSEC has been actively pursued. However, PQC migration for Internet of Things (IoT) communication protocols remains largely unexplored. Embedded devices in IoT environments have limited computational power and memory, making it crucial to optimize PQC algorithms for efficient computation and minimal memory usage when deploying them on low-spec IoT devices. In this paper, we introduce KEM-MQTT, a lightweight and efficient Key Encapsulation Mechanism (KEM) for the Message Queuing Telemetry Transport (MQTT) protocol, widely used in IoT environments. Our approach applies the NIST KEM algorithm Crystals-Kyber (Kyber) while leveraging MQTT’s characteristics and sensor node constraints. To enhance efficiency, we address certificate verification issues and adopt KEMTLS to eliminate the need for Post-Quantum Digital Signatures Algorithm (PQC-DSA) in mutual authentication. As a result, KEM-MQTT retains its lightweight properties while maintaining the security guarantees of TLS 1.3. We identify inefficiencies in existing Kyber implementations on 8-bit AVR microcontrollers (MCUs), which are highly resource-constrained. To address this, we propose novel implementation techniques that optimize Kyber for AVR, focusing on high-speed execution, reduced memory consumption, and secure implementation, including Signed LookUp-Table (LUT) Reduction. Our optimized Kyber achieves performance gains of 81%,75%, and 85% in the KeyGen, Encaps, and DeCaps processes, respectively, compared to the reference implementation. With approximately 3 KB of stack usage, our Kyber implementation surpasses all state-of-the-art Elliptic Curve Diffie-Hellman (ECDH) implementations. Finally, in KEM-MQTT using Kyber-512, an 8-bit AVR device completes the handshake preparation process in 4.32 seconds, excluding the physical transmission and reception times.
• The Quantum Insider: ETSI Launches New Security Standard for Quantum-Safe Hybrid Key Exchanges
• billatnapier.medium.com: Xmas Coming Early: OpenSSL Finally Enters a Quantum World

Classification:

• HashTags: #PostQuantum #Cryptography #ZeroKnowledgeProofs
• Company: Cryptography
• Target: Security
• Product: Cryptography
• Feature: ZeroKnowledge
• Type: Crypto
• Severity: Major

Recent advancements in cryptography are focusing on post-quantum solutions due to the increasing threat posed by quantum computing to current encryption methods. The PQC4eMRTD project, a significant European initiative, officially commenced on February 28th, 2025, aiming to develop and standardize quantum-resistant cryptographic protocols for electronic machine-readable travel documents (eMRTDs). Funded by the European Union under the Digital Europe Programme, the project addresses the vulnerability of eMRTDs like electronic passports to quantum threats and seeks to provide a blueprint for Europe's transition to quantum-resistant infrastructure.

Key players like Thales, Infineon Technologies, and CryptoNext Security are collaborating on this two-year project, coordinated by Infineon Technologies AG. The initiative encourages collaboration across industries, policymakers, and researchers to accelerate the adoption of Post-Quantum Cryptography (PQC) protocols, ensuring the long-term security of digital identities and electronic travel documents. Furthermore, advancements in post-quantum key encapsulation mechanisms, such as ML-KEM, are being adopted, with Go 1.24 already implementing ML-KEM, highlighting the move towards quantum-resistant cryptographic systems.


References :

• medium.com: Post-Quantum Key Encapsulation —ML-KEM Performance Benchmark Between Go Library and Cloudflare…

Classification:

• HashTags: #Cryptography #PostQuantum #LWEProblem
• Company: Cryptography
• Target: Protection
• Product: Security
• Feature: Encryption
• Type: Research
• Severity: Medium