Post-quantum Crypto: Today’s defense against tomorrow’s quantum hacker

Presented at ShmooCon XV (2019), Jan. 19, 2019, 4:30 p.m. (30 minutes).

Quantum computers pose a grave threat to the cryptography we use today. Sure, they might not be built for another decade, but today’s secrets are nonetheless at risk: indeed, many adversaries have the capabilities to record encrypted traffic and decrypt it later. In this talk I’ll give an overview of post-quantum cryptography (PQC), a set of quantum-safe alternatives developed to alleviate this problem. I’ll present the lessons we have learned from our prototype integrations into real-life protocols and applications (such as TLS, SSH, and VPN), and our experiments on a variety of devices, ranging from IoT devices, to cloud servers, to HSMs. I’ll discuss the Open Quantum Safe project for PQC development, and related open-source forks of OpenSSL, OpenSSH, and OpenVPN that can be used to experiment with PQC today. I’ll present a demo of a full (key exchange + authentication) PQC TLS 1.3 connection. Come learn about the practicality of PQC, and how to start experimenting with PQC to defend your applications and services against the looming quantum threat.


Presenters:

  • Christian Paquin
    Christian Paquin (@chpaquin) is a crypto specialist in Microsoft Research’s Security and Cryptography team. He is currently involved in projects related to post-quantum cryptography, such as the Open Quantum Safe project. He is also leading the development of the U-Prove technology. He is also interested in privacy-enhancing technologies, smart cloud encryption (e.g., searchable and homomorphic encryption), and the intersection of AI and security. Prior to joining Microsoft in 2008, he was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems working on TOR-like systems.

Links:

Similar Presentations: