TechLetters #88 Buckets of cold water poured on post-quantum encryption - SIKE/SIDH completely broken. UN cyber experts group successfully adopt a report, it's filled with something.

Security

Post-quantum cryptography. Amazon’s AWS to offer the recently selected cipher suits. But…

Some post-quantum cryptography system broken. Specifically, Supersingular Isogeny Diffie–Hellman protocol, key extraction possible. That was fast. It’s crucial to study this stuff prior to mass deployment or transition. Zero practical impact because the thing was fortunately not deployed. While Cloudflare offered SIDH, but it was (1) a voluntary opt-in (2) it worked in hybrid mode, meaning that it operated along side of a construct where the old-style systems with good security has been retained. More accessible description of the attack here. Still requires some advanced math knowledge. Also of note, by breaking SIKE, authors are now "eligible to claim the $50,000 prize" from Microsoft.

UN OEWG adopts a yearly report. United Nations group of governmental experts on ICT/cybersecurity/information security adopted its report. Contents are modest, and reflect the pace of work/statements. The biggest advantage of this report is that it is being issued at all, considering the current circumstances. What are the practical effects, or those on technology? Absolutely none at all.

---

In case you feel it's worth it to forward this content further:

If you’d like to share: