Top Mathematics discussions
NishMath - #security
|
@www.microsoft.com
//
References:
medium.com
, www.microsoft.com
Microsoft is undertaking a significant modernization effort of its SymCrypt cryptographic library by rewriting key components in the Rust programming language. This strategic move aims to bolster memory safety and provide enhanced defenses against sophisticated side-channel attacks. The decision to use Rust is driven by its ability to enable formal verification, ensuring that cryptographic implementations behave as intended and remain secure against potential vulnerabilities, an essential component of robust security. This modernization also ensures the library can maintain backward compatibility through a Rust-to-C compiler.
This initiative is particularly focused on the implementation of elliptic curve cryptography (ECC), a vital cryptographic algorithm used to secure Web3 applications and other sensitive systems. ECC offers a modern approach to asymmetric key cryptography, providing comparable security to older methods like RSA but with significantly smaller key sizes. This efficiency is crucial for resource-constrained devices such as mobile phones and IoT devices, enabling faster encryption and decryption processes while maintaining high levels of security against cryptanalytic attacks, providing a strong foundation for secure digital interactions. The project involves incorporating formal verification methods using tools like Aeneas, developed by Microsoft Azure Research and Inria, allowing the mathematical verification of program properties. This process confirms that code will always satisfy given properties, regardless of input, thereby preventing attacks stemming from flawed implementations. Furthermore, the team plans to analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior, ensuring a comprehensive defense against a wide range of threats, solidifying Microsoft's commitment to providing cutting-edge security solutions. Recommended read:
References :
@medium.com
//
Medium is currently hosting a series of articles that delve into the core concepts and practical applications of cryptography. These articles aim to demystify complex topics such as symmetric key cryptography, also known as secret key or private key cryptography, where a single shared key is used for both encryption and decryption. This method is highlighted for its speed and efficiency, making it suitable for bulk data encryption, though it primarily provides confidentiality and requires secure key distribution. The resources available are designed to cater to individuals with varying levels of expertise, offering accessible guides to enhance their understanding of secure communication and cryptographic systems.
The published materials offer detailed explorations of cryptographic techniques, including AES-256 encryption and decryption. AES-256, which stands for Advanced Encryption Standard with a 256-bit key size, is a symmetric encryption algorithm renowned for its high level of security. Articles break down the internal mechanics of AES-256, explaining the rounds of transformation and key expansion involved in the encryption process. These explanations are presented in both technical terms for those with a deeper understanding and in layman's terms to make the concepts accessible to a broader audience. In addition to theoretical explanations, the Medium articles also showcase the practical applications of cryptography. One example provided is the combination of OSINT (Open Source Intelligence), web, crypto, and forensics techniques in CTF (Capture The Flag) challenges. These challenges offer hands-on experience in applying cryptographic principles to real-world scenarios, such as identifying the final resting place of historical figures through OSINT techniques. The series underscores the importance of mastering cryptography in the evolving landscape of cybersecurity, equipping readers with the knowledge to secure digital communications and protect sensitive information. Recommended read:
References :
@medium.com
//
The Post-Quantum Cryptography Coalition (PQCC) has recently published a comprehensive roadmap designed to assist organizations in transitioning from traditional cryptographic systems to quantum-resistant alternatives. This strategic initiative comes as quantum computing capabilities rapidly advance, posing a significant threat to existing data security measures. The roadmap emphasizes the importance of proactive planning to mitigate long-term risks associated with cryptographically relevant quantum computers. It is structured into four key implementation categories: Preparation, Baseline Understanding, Planning and Execution, and Monitoring and Evaluation.
The roadmap offers detailed steps for organizations to customize their adoption strategies, regardless of size or sector. Activities include inventorying cryptographic assets, assigning migration leads, prioritizing systems for upgrades, and aligning stakeholders across technical and operational domains. Furthermore, it underscores the urgency of Post-Quantum Cryptography (PQC) adoption, particularly for entities managing long-lived or sensitive data vulnerable to "harvest now, decrypt later" attacks. Guidance is also provided on vendor engagement, creating a cryptographic bill of materials (CBOM), and integrating cryptographic agility into procurement and system updates. In related advancements, research is focusing on enhancing the efficiency of post-quantum cryptographic algorithms through hardware implementations. A new study proposes a Modular Tiled Toeplitz Matrix-Vector Polynomial Multiplication (MT-TMVP) method for lattice-based PQC algorithms, specifically designed for Field Programmable Gate Arrays (FPGAs). This innovative approach significantly reduces resource utilization and improves the Area-Delay Product (ADP) compared to existing polynomial multipliers. By leveraging Block RAM (BRAM), the architecture also offers enhanced robustness against timing-based Side-Channel Attacks (SCAs), making it a modular and scalable solution for varying polynomial degrees. This combined with hybrid cryptographic models is a practical guide to implementing post quantum cryptography using hybrid models for TLS, PKI, and identity infrastructure. Recommended read:
References :
@quantumcomputingreport.com
//
The rapid advancement of quantum computing poses a significant threat to current encryption methods, particularly RSA, which secures much of today's internet communication. Google's recent breakthroughs have redefined the landscape of cryptographic security, with researchers like Craig Gidney significantly lowering the estimated quantum resources needed to break RSA-2048. A new study indicates that RSA-2048 could be cracked in under a week using fewer than 1 million noisy qubits, a dramatic reduction from previous estimates of around 20 million qubits and eight hours of computation. This shift accelerates the timeline for "Q-Day," the hypothetical moment when quantum computers can break modern encryption, impacting everything from email to financial transactions.
This vulnerability stems from the ability of quantum computers to utilize Shor's algorithm for factoring large numbers, a task prohibitively difficult for classical computers. Google's innovation involves several technical advancements, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes with sparse lookups. These improvements streamline modular arithmetic, reduce the depth of quantum circuits, and minimize overhead in fault-tolerant quantum circuits, collectively reducing the physical qubit requirement to under 1 million while maintaining a relatively short computation time. In response to this threat, post-quantum cryptography (PQC) is gaining momentum. PQC refers to cryptographic algorithms designed to be secure against both classical and quantum attacks. NIST has already announced the first set of quantum-safe algorithms for standardization, including FrodoKEM, a key encapsulation protocol offering a simple design and strong security guarantees. The urgency of transitioning to quantum-resistant cryptographic systems is underscored by ongoing advances in quantum computing. While the digital world relies on encryption, the evolution to AI and quantum computing is challenging the security. Professionals who understand both cybersecurity and artificial intelligence will be the leaders in adapting to these challenges. Recommended read:
References :
@www.microsoft.com
//
IACR News has highlighted recent advancements in post-quantum cryptography, essential for safeguarding data against future quantum computer attacks. A key area of focus is the development of algorithms and protocols that remain secure even when classical cryptographic methods become vulnerable. Among these efforts, FrodoKEM stands out as a conservative quantum-safe cryptographic algorithm, designed to provide strong security guarantees in the face of quantum computing threats.
The adaptive security of key-unique threshold signatures is also under scrutiny. Research presented by Elizabeth Crites, Chelsea Komlo, and Mary Mallere, investigates the security assumptions required to prove the adaptive security of threshold signatures. Their work reveals impossibility results that highlight the difficulty of achieving adaptive security for key-unique threshold signatures, particularly for schemes compatible with standard, single-party signatures like BLS, ECDSA, and Schnorr. This research aims to guide the development of new assumptions and properties for constructing adaptively secure threshold schemes. In related news, Muhammed F. Esgin is offering PhD and Post-Doc positions in post-quantum cryptography, emphasizing the need for candidates with a strong mathematical and cryptography background. Students at Monash University can expect to work on their research from the beginning, supported by competitive stipends and opportunities for teaching assistant roles. These academic opportunities are crucial for training the next generation of cryptographers who will develop and implement post-quantum solutions. Recommended read:
References :
@www.microsoft.com
//
Microsoft is actively preparing for a future where quantum computers pose a significant threat to current encryption methods. The company is exploring Post-Quantum Cryptography (PQC) solutions, with a focus on algorithms like FrodoKEM, to bolster security on Windows and Linux platforms. This move is driven by the understanding that quantum computers, with their ability to solve complex problems exponentially faster than classical computers, could break the cryptographic backbone of today’s digital world, including systems like RSA, Diffie-Hellman, and elliptic curve cryptography. The urgency is underscored by recent advances like Microsoft’s Majorana 1, a quantum processor powered by topological qubits, which marks major steps toward practical quantum computing.
Microsoft's efforts to transition to quantum-resistant cryptographic systems include adding PQC algorithms to their core cryptography library, SymCrypt. Recently, Microsoft has taken the next step by adding PQC support to Windows Insiders (Canary Build 27852+) and to Linux through SymCrypt-OpenSSL v1.9.0. These additions allow companies and developers to start testing and preparing for a quantum-secure future, preventing a potential "harvest now, decrypt later" scenario where hackers collect encrypted data today to decrypt later using quantum computers using quantum computers. This proactive approach aims to safeguard digital lives against the looming quantum threat. The new additions to Windows include ML-KEM (Module Lattice-Based Key Encapsulation Mechanism), also known as CRYSTALS-Kyber, designed for secure key exchange, and ML-DSA (Module Lattice-Based Digital Signature Algorithm), previously known as CRYSTALS-Dilithium, used for digital signatures to ensure data integrity and authenticity. NIST approved three PQC standards which are called FIPS 203, 204, and 205. FIPS 203 is a Module-Lattice-Based Key-Encapsulation Mechanism Standard that specifies a key encapsulation mechanism designed to protect information exchange over public networks, ensuring confidentiality even in the presence of quantum adversaries. FIPS 204 is a Module-Lattice-Based Digital Signature Standard that defines a digital signature scheme that provides authentication and integrity, crucial for verifying identities and securing communications. The FIPS 205:Stateless Hash-Based Digital Signature Standard outlines a stateless hash-based digital signature scheme, offering an alternative approach to digital signatures with strong security assurances. NIST encourages organizations to begin the transition to these new standards to ensure long-term data security. Recommended read:
References :
@medium.com
//
Cryptography is a critical component in today's digital landscape, ensuring secure communication, data integrity, and user authentication across various platforms. Cryptography, or “secret writing”, has been used for centuries, evolving from ancient methods like the Caesar cipher to modern, complex algorithms. In the Ethereum blockchain, cryptography is the foundation of security, underpinning trustless transactions and immutable data accessible only to authorized users. Key areas where cryptography manifests in Ethereum include digital signatures, used as electronic stamps of authenticity, and cryptographic hashes, which serve as digital fingerprints for data. Cryptography is essential for securing data in transit, verifying identities, and safeguarding sensitive information such as passwords.
Asymmetric encryption, also known as public-key cryptography (PKC), plays a vital role in Ethereum. This method uses key pairs consisting of a public key, shared freely, and a private key, kept securely. Ethereum leverages elliptic curve cryptography, specifically the secp256k1 algorithm, to generate these key pairs. This algorithm relies on mathematical properties of elliptic curves with finite fields. Quantum-resistant cryptography is also gaining traction in blockchain security due to the emerging threat of quantum computers, which have the potential to break current encryption methods like RSA and ECC. In 2025, blockchain platforms are actively testing post-quantum cryptography to ensure the long-term safety of old data, secure smart contracts, and maintain user trust. Quantum computing advancements pose a significant risk to current cryptographic methods. The U.S. House Committee on Science, Space, and Technology convened in May 2025 to discuss the future of the National Quantum Initiative (NQI). Industry leaders testified on the need to reauthorize and expand the NQI to maintain U.S. leadership in quantum technology. To counter the potential quantum threat to blockchain, developers are exploring quantum-resistant wallets and smart contract tools. Some new blockchains, like QANplatform and XX Network, are building with post-quantum crypto from the start. The importance of sustained investment in quantum sciences and the development of a skilled workforce were highlighted. Recommended read:
References :
@crypto.ku.edu.tr
//
Koç University's Cryptography, Security & Privacy Research Group is offering scholarships and internships in the field of cryptography, security, and privacy, including positions at the post-doctoral level. These opportunities are available for Ph.D. and M.Sc. students, as well as post-doctoral researchers interested in contributing to cutting-edge research. The project funding is specifically related to applied cryptography, with a focus on privacy-preserving and adversarial machine learning. This initiative aims to foster talent and innovation in these critical areas of computer science and engineering.
The research group is also offering summer internships to undergraduates and graduates to improve their research skills and plan to attend graduate school. This experience can help them decide if they want to pursue graduate education or a research career. The program is available for international students, which takes place between June 30 and August 15th. The application deadline is May 16, 2025 and the applications opened March 12, 2025. The Koç University Summer Research Program is also open to motivated high school students. The program aims to help students experience a university environment, gather information on undergraduate areas they would like to study, and learn how to conduct academic research. Applicants must have completed Year 8. All applicants should have good academic standings and be sufficient in English Language as the medium of instruction is English. Recommended read:
References :
Mohamed Abdel-Kareem@quantumcomputingreport.com
//
References:
osintteam.blog
, medium.com
Recent advances in quantum computing pose a significant threat to current cryptographic systems, necessitating the development and deployment of post-quantum cryptography (PQC). Quantum computers, leveraging quantum mechanics, can perform certain calculations exponentially faster than classical computers. This capability undermines the security of widely used public key cryptography algorithms like RSA and Elliptic Curve Cryptography (ECC), which rely on the difficulty of factoring large numbers and finding discrete logarithms. Mathematician Peter Shor's algorithm demonstrated that quantum computers could break RSA encryption, spurring interest in quantum-resistant cryptography. While symmetric key algorithms like AES and hash functions are considered more robust, the vulnerability of public key cryptography demands immediate attention and transition to PQC solutions.
The Bitcoin ecosystem is actively exploring the integration of post-quantum cryptographic solutions to safeguard against potential quantum attacks. Blockstream is seeking an Applied Cryptographer to research, evaluate, and implement PQC tailored for Bitcoin's unique challenges. This includes adapting state-of-the-art PQC research to the Bitcoin domain, exploring features relevant for Bitcoin such as threshold signatures, signature aggregation, Taproot tweaking, silent payments, and HD wallets. The focus is on analyzing the implications of integrating post-quantum schemes into Bitcoin and contributing to Bitcoin Improvement Proposals (BIPs) to standardize cryptography for use in Bitcoin. In related news, Heriot-Watt University has launched a £2.5 million Optical Ground Station (HOGS) to advance satellite-based quantum-secure communication. This facility will enable quantum key distribution (QKD) experiments with satellites, contributing to the development of a quantum-secure internet. Furthermore, U.S. Congress is considering the "Quantum Sandbox for Near-Term Applications Act" to promote the commercial advancement of quantum technology through public-private partnerships. Simultaneously, research is underway to enhance telehealth cybersecurity by integrating PQC with QKD and privacy-preserving mechanisms, ensuring data confidentiality and immutability for patient records in a post-quantum era. Recommended read:
References :
@medium.com
//
References:
medium.com
, Peter Bendor-Samuel
,
Quantum computing is rapidly advancing, bringing both immense potential and significant cybersecurity risks. The UK’s National Cyber Security Centre (NCSC) and experts across the globe are warning of a "colossal" overhaul needed in digital defenses to prepare for the quantum era. The concern is that powerful quantum computers could render current encryption methods obsolete, breaking security protocols that protect financial transactions, medical records, military communications, and blockchain technology. This urgency is underscored by the threat of "harvest now, decrypt later" attacks, where sensitive data is collected and stored for future decryption once quantum computers become powerful enough.
Across the globe, governments and organizations are scrambling to prepare for a quantum future by adopting post-quantum cryptography (PQC). PQC involves creating new encryption algorithms resistant to attacks from both classical and quantum computers. The U.S. National Institute of Standards and Technology (NIST) has already released several algorithms believed to be secure from quantum hacking. The NCSC has issued guidance, setting clear timelines for the UK’s migration to PQC, advising organizations to complete the transition by 2035. Industry leaders are also urging the U.S. Congress to reauthorize and expand the National Quantum Initiative to support research, workforce development, and a resilient supply chain. Oxford Ionics is one of the companies leading the way in quantum computing development. Oxford has released a multi-phase roadmap focused on achieving scalability and fault tolerance in their trapped-ion quantum computing platform. Their strategy includes the 'Foundation' phase, which involves deploying QPUs with 16-64 qubits with 99.99% fidelity, already operational. The second phase introduces chips with 256+ qubits and error rates as low as 10-8 via quantum error correction (QEC). The goal is to scale to over 10,000 physical qubits per chip, supporting 700+ logical qubits with minimal infrastructure change. There are also multiple bills introduced in the U.S. Congress and the state of Texas to foster the advancement of quantum technology. Recommended read:
References :
@medium.com
//
The convergence of quantum computing and cryptography is rapidly evolving, presenting both opportunities and threats to the digital landscape. EntropiQ, a startup specializing in quantum solutions, has launched Quantum Entropy as a Service (QEaaS), offering on-demand, crypto-agile quantum entropy distribution. This service is designed for critical infrastructure and integrates with existing systems via API, aligning with NIST SP 800-90 guidelines. To bolster deployment and operational validation, EntropiQ has partnered with Equinix and GIS QSP, demonstrating its platform in secure, scalable environments across various locations, including Silicon Valley and Washington, D.C.
The imminent threat posed by quantum computers to current cryptographic systems is driving the need for innovative security measures. Algorithms like RSA and ECC, which underpin much of today's digital security, are vulnerable to quantum algorithms like Shor's, which can efficiently factor large integers. This has prompted significant research into post-quantum cryptography (PQC), with solutions like SPQR-AC emerging to leverage hybrid cryptographic frameworks combining lattice-based and code-based primitives. The UK’s National Cyber Security Centre (NCSC) has issued guidance, urging organizations to plan their transition to quantum-safe cryptography by 2028 and complete migration of high-criticality systems by 2031. Artificial intelligence (AI) is increasingly being integrated into quantum cryptography to enhance security and build resilience against emerging quantum threats. This fusion of AI and quantum-resistant encryption is aimed at protecting data in the post-quantum era, as AI can aid in developing more robust and adaptive cryptographic solutions. The NCSC's recommendations emphasize the importance of understanding the risks and taking proactive steps to secure digital infrastructure. Furthermore, the concept of "crypto agility" is gaining traction, encouraging businesses to develop the capacity to rapidly adapt encryption standards as quantum computers advance, ensuring continuous protection against evolving threats. Recommended read:
References :
@thequantuminsider.com
//
Heriot-Watt University has launched a £2.5 million Optical Ground Station (HOGS) at its Research Park in Edinburgh, marking a significant advancement in satellite-based quantum-secure communication. The facility, developed under the UK Quantum Communications Hub, features a 70-cm precision telescope equipped with adaptive optics and quantum detectors. This investment positions Heriot-Watt at the forefront of quantum communication research and development.
The HOGS facility will enable quantum key distribution (QKD) experiments with satellites, facilitating secure communication channels resistant to future decryption by quantum computers. The station is equipped to monitor space debris and test ultra-high-speed optical communications for next-generation networks. This is the UK’s first major infrastructure investment in free-space quantum key distribution research, as it will serve as a testbed for space-to-ground optical links that use quantum-secure protocols to exchange encryption keys via single photons. The project marks a major step in the UK’s efforts to build a quantum-secure internet, offering a unique testbed for industry and academia. Connected via dark fibre to Heriot-Watt’s quantum labs, HOGS enables real-time simulation and validation of urban to intercontinental optical quantum networks. HOGS is part of Heriot-Watt’s leadership in the new Integrated Quantum Networks (IQN) Hub, positioning the university as a central player in the development of quantum-secure communications. The facility aims to grow Scotland’s space economy and future workforce, partnering with universities, national laboratories, and businesses, including STEM programs for students. Recommended read:
References :
|
Blogs
|