Published in News

Microsoft prepares for quantum computers

by on12 September 2024


Worried that quantum cats will eat its systems

Software King of the World Microsoft worries that when quantum computers become common, its systems will be wide open to attack by potentially dead or alive cats.

Vole has updated a key cryptographic library with two new encryption algorithms to prepare for such computers, although they have not yet appeared on the shelves.

 SymCrypt, a core cryptographic code library for handling cryptographic functions in Windows and Linux, received the updates last week.

The library started in 2006 and provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create.

The library supports federal certification requirements for cryptographic modules in some governmental environments. SymCrypt supports symmetric and asymmetric algorithms and is Vole’s main cryptographic library, Microsoft for Azure, Microsoft 365, and all supported Windows, Azure Stack HCI, and Azure Linux versions.

SymCrypt provides cryptographic security for email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a blog post.

Writing in the bog, Microsoft Principal Product Manager Lead Aabha Thipsay wrote  that the updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate new algorithms that aren't vulnerable to attacks from quantum computers.

Microsoft's first new algorithm, ML-KEM, was added to SymCrypt last month. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalised by the National Institute of Standards and Technology (NIST).

The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are sufficient.

The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes."

These algorithms are practical in particular contexts, such as firmware signing, but are not suitable for more general uses. Microsoft will add post-quantum algorithms to SymCrypt in the coming months.

They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205.

"PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimisation and integration with existing systems and standards,” Thipsay wrote.

Last modified on 13 September 2024
Rate this item
(2 votes)

Read more about: