About the position

The Department of Information Security and Communication Technology (IIK) has a vacancy for a position as a PhD Candidate at the Faculty of Information Technology and Electrical Engineering (IE), in the cross-disciplinary field of cyber security. This is a researcher training position aimed at providing promising researcher recruits the opportunity of academic development in the form of a doctoral degree.

The position is a part of a national effort to develop the Norwegian knowledge base in cyber security according to the directions given in the newly announced Norwegian strategy for digital security (https://www.regjeringen.no/no/dokumenter/nasjonal-strategi-for-digital-sikkerhet/id2627177/

The positions working place is at the NTNU campus in Trondheim and reports to the Head of Department

Main duties and responsibilities

The appointment is for a term of 3 years, or 4 years including 25% duty work.

The position will be concerned with design and analysis of cryptographic protocols using either formal reductionist techniques or sound software analysis tools, or a combination of both. Techniques used may be experimental or theoretical, but the emphasis will be on real-world protocols. Depending on the skills of the candidate, different aspects may be emphasized, for instance by focusing on:

The research will be carried out as an integrated member of the very active NTNU Applied Cryptology Laboratory and under the guidance of Prof. Colin Boyd.

Qualification requirements

The PhD-position's main objective is to qualify for work in research positions. The qualification requirement is completion of a masters degree or second degree (equivalent to 120 credits) with a strong academic background in one or more of:

or equivalent education with a grade of B or better in terms of NTNUs grading scale. Applicants with no letter grades from previous studies must have an equally good academic foundation. Applicants who are unable to meet these criteria may be considered only if they can document that they are particularly suitable candidates for education leading to a PhD degree.

The position is also open for applicants currently studying for a Master degree at NTNU and entering their final year during 2020. Such applicants will be considered for the Integrated PhD program.

The appointment is to be made in accordance with the regulations in force concerning State Employees and Civil Servants and national guidelines for appointment as PhD, post doctor and research assistant. NTNU is committed to following evaluation criteria for research quality according to The San Francisco Declaration on Research Assessment - DORA.

Other desirable qualifications

Personal characteristics

We are searching applicants who are:

In the evaluation of which candidate is best qualified, emphasis will be placed on education, experience and personal suitability, in terms of the qualification requirements specified in the advertisement.

We offer

Salary and conditions

PhD candidates are remunerated in code 1017, and are normally remunerated at gross from NOK 479 600 per annum. From the salary, 2% is deducted as a contribution to the Norwegian Public Service Pension Fund.

The appointment is for a term of 3 years, or 4 years including 25% duty work.

Appointment to a PhD position requires admission to the PhD programme in Information Security and Communication Technology.As a PhD candidate, you undertake to participate in an organized PhD programme during the employment period. A condition of appointment is that you are in fact qualified for admission to the PhD programme within three months.

Appointment takes place on the terms that apply to State employees at any time, and after the appointment you must assume that there may be changes in the area of work.

The engagement is to be made in accordance with the regulations in force concerning State Employees and Civil Servants, and the acts relating to Control of the Export of Strategic Goods, Services and Technology. Candidates who by assessment of the application and attachment are seen to conflict with the criterias in the latter law will be prohibited from recruitment to NTNU. After the appointment you must assume that there may be changes in the area of work.

General information

A good work environment is characterized by diversity. We encourage qualified candidates to apply, regardless of their gender, functional capacity or cultural background. Under the Freedom of Information Act (offentleglova), information about the applicant may be made public even if the applicant has requested not to have their name entered on the list of applicants.

Questions about the position can be directed to Professor Colin Boyd, e-mail: colin.boyd@ntnu.no.

About the application:

Incomplete applications will be rejected.

Application deadline: 15.12.2019

NTNU - knowledge for a better world

The Norwegian University of Science and Technology (NTNU) creates knowledge for a better world and solutions that can change everyday life.

Department of Information Security and Communication Technology

Research is vital to the security of our society. We teach and conduct research in cyber security, information security, communications networks and networked services. Our areas of expertise include biometrics, cyber defence, cryptography, digital forensics, security in e-health and welfare technology, intelligent transportation systems and malware. The Department of Information Security and Communication Technology is one of seven departments in the Faculty of Information Technology and Electrical Engineering .

Deadline 15th December 2019Employer NTNU - Norwegian University of Science and TechnologyMunicipality TrondheimScope FulltimeDuration TemporaryPlace of service NTNU Campus Glshaugen

Read this article:
PhD Position in Formal Analysis of Cryptographic Protocols job with NORWEGIAN UNIVERSITY OF SCIENCE & TECHNOLOGY -NTNU | 186075 - Times Higher...

Worcester Polytechnic Institute (WPI) security researchers Berk Sunar and Daniel Moghimi led an international team of researchers that discovered serious security vulnerabilities in computer chips made by Intel Corp. and STMicroelectronics. The flaws affect billions of laptop, server, tablet, and desktop users around the world. The proof-of-concept attack is dubbed TPM-Fail

The two newly found vulnerabilities, which have been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips. The recovered keys could be used to compromise a computers operating system, forge digital signatures on documents, and steal or alter encrypted information.

If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised, said Sunar, professor of electrical and computer engineering and leader of WPIs Vernam Lab, which focuses on applied cryptography and computer security research. This chip is meant to be the root of trust. If a hacker gains control of that, theyve got the keys to the castle.

The flaws announced today are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smart phones, and tablets for the past 10 years. Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates. Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.

One of the flaws the WPI team discovered is in Intels TPM firmware, or fTPMsoftware that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor microarchitecture in 2013. Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors. The vulnerability is in the chip that supports trusted execution serviceswhat should be a secure area of the processor. These small crypto chips are the basis of the root of trust for a large portion of the computers used today. The idea is that if the TPM is secure, so is the rest of the computer.

The second flaw is in STMicroelectronics TPM. Notably, the STMicroelectronics vulnerability is in a chip that has received a strong industry-recognized security certification from Common Criteriaa highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.

The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lbeck, and Nadia Heninger, an associate professor of computer science and engineering at the University of California, San Diego.

Once discovered, the flaws were reported to the chip makers by the WPI researchers, who also have described the flaws, how they were discovered, and how they could have been exploited in a paper that will be presented at the 29th USENIX Security Symposium in Boston next August. It also will be presented at the Real World Crypto Symposium in New York City in January.

Researchers like Sunar and Moghimi routinely search for security flaws in software, hardware, and networks, and ethically report them to the companies so the problems can be patched before malicious hackers exploit them. No technology is bug free, so researchers help companies find and fix security flaws that could otherwise lead to massive hacking attacks, malware infections and zombie systems.

We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices, said Moghimi, a PhD candidate in WPIs electrical and computer engineering department.

Sunar and Moghimi were members of a multi-university research team that found the series of security flaws behind the Fallout and ZombieLoad attacks reported last spring, as well as another vulnerability known as Spoiler, which exploits side effects of speculative execution.

Broadly, these vulnerabilities are categorized as side-channel attacks, which hackers use to surreptitiously grab information about how a computer behaves while performing sensitive operations and then using that information to access internal data.

Using their own analysis tool, the researchers conducted black-box timing analysis of TPM devices to discover timing leakages that allow an attacker to apply lattice techniques to recover 256-bit private keys for and ECSchnorr cryptography signatures. The leakages make the TPMs vulnerable to remote attacks that reveal cryptographic keys and make applications that use them less secure than they would be without the TPM.

Flaw in Intel fTPM

One of the security flaws Intel patched today is in a cryptographic libraryin the fTPM set inside the Intel Management Engine processor. With this vulnerability, researchers used the timing leakage to recover the signature key in less than two minutes. Intel is patching the security flaw with an update to the library.

Intels fTPM is a widely used TPM product that runs in a dedicated microprocessor for carrying out cryptographic operations, like making sure data has not been maliciously altered, ensuring data remains confidential, and proving the identity of both the sender and recipient of the data. The microprocessor is embedded with multiple physical security measures, designed to make it tamper resistant.

WPIs Moghimi explained that if hackers gained access to the fTPM, they could forge digital signatures, enabling them to alter, delete, or steal information.

STMicroelectronics Flaw

The research team discovered a flaw in the STMicroelectronics TPM, which is based on the companys popular ST33 chip, an embedded security platform used in many SIM modules, using integrated circuits designed to securely store authentication information. The chip maker announced earlier this year that more than 1 billion ST33 chips have been sold.

The vulnerability in STMicroelectronics TPM basically leaks the signature key, which should remain safely inside the hardware. It is designed to enhance the systems security. With the key, a hacker could access, steal or alter encrypted electronic documents. Using the flaw in the STMicroelectronics chip, researchers extracted the private ECDSA key from the hardware after less than one and a half hours of data collection.

STMicroelectronics developed a new ST33 chip with vulnerability countermeasures in the firmware, said Moghimi. We verified the new chip. It is not vulnerable to TPM-Fail.

The vulnerable chip has received a CC4+ rating from Common Criteria, which ranks security levels from one (lowest) to seven (highest).

The certification has failed, said Sunar. Such certifications are intended to ensure protection against a wide range of attacks, including physical and side-channel attacks against its cryptographic capabilities. This clearly underlines the need to reevaluate the CC process.

See original here:
WPI researchers discover vulnerabilities affecting billions of computer... - ScienceBlog.com

Quantum Cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best-known example of quantum cryptography is quantum key distribution which offers an information-theoretically secure solution to the key exchange problem. The rising investment towards cybersecurity solutions is a key catalyzer for quantum cryptography market. The global quantum cryptography market growing with a compound annual growth rate (CAGR) of +30% during the forecast period 2019-2024.

Market Research Inc has as of late apportioned another market appraisal report titled Worldwide Quantum Cryptography Market Growth, Future Scenarios, and Competitive Analysis, 2019 2025. The market concentrate gives a broad comprehension of the present-day and inevitable phases of the business market dependent on variables, for example, major looked for after occasions, inquire about creativities, the executives stratagems, showcase drivers, difficulties and dreams and widely inclusive industry subdivision and local appropriation.

Request a Sample of this Report and Analysis of Key Players at https://www.marketresearchinc.com/request-sample.php?id=31016

Major Key player:

Market Segment by Regions Quantum Cryptography regional analysis covers

Get upto 40% Discount at https://www.marketresearchinc.com/ask-for-discount.php?id=31016

For product type segment

For end use/application segment

Ask Your Queries or Requirements at https://www.marketresearchinc.com/enquiry-before-buying.php?id=31016

Key Benefits for Quantum Cryptography Market:

About Us

Market Research Inc is farsighted in its view and covers massive ground in global research. Local or global, we keep a close check on both markets. Trends and concurrent assessments sometimes overlap and influence the other. When we say market intelligence, we mean a deep and well-informed insight into your products, market, marketing, competitors and customers. Market research companies are leading the way in nurturing global thought leadership. We help your product/service become the best they can with our informed approach.

Contact Us

Market Research Inc

Kevin

51 Yerba Buena Lane, Ground Suite,

Inner Sunset San Francisco, CA 94103Quantum Cryptography USA

Call Us: +1 (628) 225-1818

Write Us@ sales@marketresearchinc.com

Go here to see the original:
Growth in the Quantum Cryptography Market with Trends, Forecast, and Opportunity ID Quantique, QuintessenceLabs, NuCrypt, Qasky - Market Expert

"The xx coin and xx network will serve smartphone users and dApp developers by harnessing both the metadata-shredding anonymity and privacy of Elixxir and the security, speed and scalability of Praxxis," said Chaum. "By successfully bringing the projects together, the xx network resolves the tension between speed/scale and privacy/security."

Early supporters (but not US persons) who download the xx collective smartphone app prior to the release of the xx network whitepaper will be eligible for certain benefits entitling them to greater participation in the xx network. Details for eligible participants can be found at xx-coin.io.

The xx network was designed in response to growing public concern for user privacy as well as the emerging threat of quantum computing. The Elixxir cMix network layer provides groundbreaking privacy and security by shredding user metadata. Praxxis provides a denominated coin structure that breaks payments into individual coins to provide privacy, and distinctive hash-based cryptography, which is secure against attacks from current nation-state adversaries and future quantum computers.

The staged launch of the xx network has begun. The xx network public alpha currently supports the xx messenger, an Elixxir dApp that provides unprecedented user privacy by preventing observers from collecting metadata. The xx network beta, scheduled for release in early 2020, will provide deeper integration between Elixxir and Praxxis and run on 600 independent nodes that were selected earlier this year.

"For all of us to feel comfortable online with the more important and sometimes sensitive parts of our lives, we need money with financial privacy and security to conduct our affairs," said William Carter, COO of Praxxis. "And to support users worldwide we need low-latency, high-speed performance at scale. The xx coin provides a way for Praxxis and Elixxir software to achieve these goals running on the decentralized xx network. Next step is beta!"

To access more information on xx coin distribution and the xx network, and to use the xx messenger, download the xx collective smartphone app at xxcollective.io.

About Praxxis:

Praxxisis a digital currency and a consensus protocol underpinning a full-stack blockchain. Praxxis has been designed and developed by WBM Corp. Led by William Carter, WBM Corp. is one of the first companies officed in the Cayman Enterprise City in the Cayman Islands. Carter is a computer scientist with an extensive systems design background gained working in the blockchain space, in optics R&D, and earlier at JPL in Pasadena. The WBM team is made up of cryptographers, developers, operational personnel, and marketing professionals. Early work on the Praxxis chain was conducted at Privategrity Corporation in the Los Angeles area.

About the xx collective:

The xx collective is the global community supporting David Chaum's projects and includes over 4,500 community members who have joined to secure early access to the xx messenger and other xx network information and features. The xx collective app is available on iOS and Android to support participation in the xx network on the way to MainNet. Information is also available at http://www.xxcollective.io.

About Elixxir:

Elixxiris a privacy-protecting transaction platform supported by nodes running Elixxir cMix software. Elixxir obscures metadata generated by a user's daily activities. The platform is designed to support secure messaging, payments, and decentralized application (dApp) data transfer. Elixxir is capable of supporting high volumes with extremely fast processing to support global consumer adoption of the decentralized blockchain.

About David Chaum

David Chaumis widely known for inventing the first digital currency, e-Cash, in the early 1980s, which he later deployed in the 1990s at his company DigiCash. He has also recently been credited with proposing the first decentralized blockchain as his PhD dissertation at Berkeley in 1982.

Contact: media@praxxis.ioand elixxir@wachsman.com

Photo - https://mma.prnewswire.com/media/1028649/Praxxis_Explaining_xx_network.jpg

https://praxxis.io

SOURCE Praxxis

See original here:
David Chaum Announces the xx coin, Supporting Decentralized Messaging, Payments and dApps on the xx network - PR Newswire UK

Dr. Leemon Baird, the Founder of Hedera Hashgraph (HBAR) which is a relatively new cryptocurrency that boasts 10,000 transactions per second, has claimed that quantum computing is no threat to cryptocurrency at the Web Summit 2019.

The debate over quantum computing is popping up due to Google and NASA researchers creating the first computer that has achieved quantum supremacy, meaning it can perform a specific but non-useful task faster than the worlds top supercomputer. Specifically, the quantum computer performed a task in 200 seconds that would take the worlds top supercomputer 10,000 years to perform.

This has re-ignited fears that one day quantum computers will be strong enough to break through top encryption algorithms, which could theoretically cause all cryptocurrencies to be compromised.

Dr. Baird compares this situation to Y2K, saying like Y2K; yes, we had to make some changes to software at Y2K. Was it the end of the world? Actually, no. Dr. Baird goes on to describe how quantum computers may take over a decade to become powerful enough to crack Bitcoins (BTC) cryptography, and at that point Bitcoin (BTC) and all other cryptocurrencies could switch to a new encryption algorithm.

Indeed, as Dr. Baird points out, the National Institute for Standards and Technology (NIST) is holding a contest to find the best new encryption algorithm, and Dr. Baird thinks that cryptocurrencies could easily switch to that algorithm when quantum computing becomes a real threat.

However, it is debatable as to whether quantum computing is no threat at all. Even Dr. Baird admits quantum computing will one day be strong enough to crack the cryptography of cryptocurrencies, just that they could easily switch algorithms by then.

It remains to be seen if any classical computing algorithm will be strong enough to withstand quantum computers, since there may come a point where quantum computers are becoming exponentially more powerful. Ultimately, quantum cryptography may be the only long term answer, and that would require everyone to have quantum computers.

The question then becomes, how long will it take for the public to have quantum computers and therefore access to quantum cryptography, after the first quantum computers are made which can crack top classical encryption algorithms?

See the article here:
Hedera Hashgraph (HBAR) Founder Says Quantum Computing Is Not a Threat to Cryptocurrency, Although That Claim Is Debatable Crypto.IQ | Bitcoin and...

Kadan Stadelmann is a blockchain developer, operations security expert, and Komodo platforms chief technology officer (CTO). He started life writing code before he started school, before going on to work in operations security in the government sector in Austria and eventually working in the cryptography business. In this interview he explores his journey into blockchain, and why markets aren't a good measure of projects with the most promise.

I first came across decentralized technologies when I was in high school, a time when I was actively coding a lot. Bitcoin wasnt around back then but we used file-sharing clients, which utilized similar technologies. From 2011 to 2012, I spent some time traveling on the African continent and went through a period of personal deliberation.

I came to realize that my true passion was actively engaging with technologies that could make our world a more liberal, fair, and peaceful place. One of these technologies was Bitcoin and its underlying blockchain technology, as it has the power to offer a secure, borderless and non-inflationary form of currency, to provide global financial services to those without access to traditional banking services, and to create the foundation of a decentralized global economy thats more equitable to all people.

I started GPU mining the same year just as a non-lucrative hobby and, later, in 2013 and 2014, I started actively contributing to various crypto-related projects while keeping my main focus on security and vulnerability detection and analysis.

Be the first to get Decrypt Members. A new type of account built on blockchain.

The Komodo project was publicly announced by the team in September 2016. The ICO was held in October and November of the same year. We raised 2,639 BTC, or a little less than $2 Million USD at the market price of BTC at the time, which is still a pretty modest raise compared to most blockchain projects that hold ICOs. The KMD coins bought in the ICO were distributed in January 2017 and the mainnet went live that same month.

Did you know?

I dont have a main residence so I am largely nomadic. I travel around the world and work from wherever I am. Usually, I spend between one to three months in the same spot. Sometimes, I fall in love with a place and stay for six to 12 months or keep going back to certain places on a regular basis like Spain and Africa, for example.

When we first started Komodo, it was an enhanced fork of the privacy project Zcash. In fact, in the early days, Komodos first value proposition was Protecting Your Privacy With Bitcoins Hashrate, but since then we have evolved and challenged the larger issues of blockchain sovereignty and scalability. The Komodo vision is to provide an easy set of tools that developers, startups, and enterprise businesses can all use to launch customized, application-specific blockchains, each of which is protected with the hash rate of the Bitcoin network.

Currently, some of the barriers stopping businesses from integrating blockchain technology are the cost of hiring blockchain developers, lack of advanced coding experience, or challenges with forking existing blockchains such as Ethereum or EOS. Blockchain developers are few and far between so we aim to provide business-friendly solutions where anyone can create their own custom and autonomous blockchain, regardless of blockchain development experience. Komodos real purpose is to provide an adaptable framework for blockchain development, from customizing and launching the chain itself to programming applications and software that run directly on ones own independent chain.

Blockchains killer app is going to be a decentralized client that runs on all operating systems and devices.

Prior to Komodo, I launched an IT company in the operations security space with former university colleagues. The company was successful and we were able to sell the company for a profit but, unfortunately, Im not able to discuss this in detail, as Im still under a non-disclosure agreement. I moved away from traditional IT entrepreneurship when I began getting involved with blockchain technology.

My passion for information and electronic technologies appeared at a very young age. I was raised in Northern Africa as the son of an Austrian diplomat and an African school teacher, so I received a multilingual education. I actually coded my first simple applications, like a calculator and a text-manipulation app, before entering primary school. Later, I studied IT and economics at universities in Germany and Vienna.

After my formal education was complete, I gained deep practical experience in IT security and network development while working in operations security in the government sector in Austria. Then, my career in the crypto industry began with penetration testing and bug-hunting various blockchain projects, codebases, apps and web platforms. This was also how I first got in touch with James jl777 Lee, who is now the lead developer of Komodo.

At first, no one takes you seriouslybanks, lawyers, accounting firms and even friends or relatives. Everyone just said, What is this? Why arent you doing something real? Of course, everyone has now seen how important blockchain technology has become around the world, so their attitudes have changed since I first got involved in the industry.

Forming a cohesive team was also a pretty tough task. The initial Komodo team was basically a dozen crypto enthusiasts and the first community members, many of whom were anonymous. Over time, we became a bit more formalized, such as requiring employees to sign contracts and non-disclosure agreements, while still remaining globally distributed and fully decentralized. The team has really evolved into a group of talented, hardworking, and extremely professional crypto experts.

There are a lot of times when you know the odds are against you and there is a high chance that what you are doing or creating will not succeed or take off immediately. In those times, its important to accept the challenge and take the risk. Deliver more than what is expected and prove your potential to yourself! There is nothing more satisfying that delivering on your promises and showing everyone what you are capable of.

You need to believe in yourself and your project. Youll also need to invest a great deal of time in forming the initial team. Only with a solid team will you be able to achieve big things.

Do not look at crypto markets and financial capitalization of the various blockchain projects. The markets arent always a true reflection of which projects show the most promise. Only by distinguishing between the technology and the market will you be able to experience the true potential of blockchain technology. Money is the wrong motivation in this industry.

Be the first to get Decrypt Members. A new type of account built on blockchain.

In the beginning, Komodo didnt have the ecosystem layers we see today, which include third-party service providers, as well as many independent developers with different backgrounds and areas of expertise. So if I were to go back and do things over again, I would likely try to bring third-party projects and devs into the Komodo ecosystem earlier on.

I am really excited about new technologies that aim to bring decentralized governance to the industry, like what Tezos is doing, for example. Recently, I have also been following VerusCoin closely, a project that solved the two biggest proof-of-stake issues, the nothing at stake problem and the weak subjectivity problem.

Blockchains killer app is going to be a decentralized client that runs on all operating systems and devices (PC, smartphones, IoT, etc.) and interconnects all blockchain networks and even other p2p networks/technologies to build a base foundation layer for a trustless and meritocratic society. It would be an app that enables anyone from anywhere at any time to participate in this virtual world to communicate, earn money and/or respect and to build a reputation. Essentially, a software-collage of social networks, blockchain, fintech/banking, freedom of speech, economic systems, and meritocracy. This is something that Komodo looks to build in the long-term so not something on our immediate roadmap, but a goal that we have in the back of our minds as we continue to develop and innovate new technologies.

The biggest difference is in the people you will work with but also the structure and organizational aspects. Most blockchain companies arent just technically decentralized but also work in a decentralized manner meaning working remotely, in different timezones, and sometimes without ever meeting each other in real life. Instead of a traditional office building, encrypted channels and chat-rooms are our workspaces.

Its a decentralized and distributed network that allows different people to exchange data and value without having to trust one another. These peer-to-peer exchanges are completely secure, based on advanced cryptographic and mathematical techniques, and once a transaction is complete, no one can delete, shut down, spoof or edit.

Continue reading here:
Komodo CTO Kadan Stadelmann: Markets arent a true reflection of projects with the most promise - Decrypt

If data is the new oil, encryption is the engine that drives the digital economy. Everything from credit card transactions to health data stored on wearable devices is secured by cryptography. These complex algorithms, in turn, facilitate the safe use of the profusion of data generated every day.

The road to digitisation seems clear, but speedbumps abound. Last week, a team of researchers at Google claimed to have achieved quantum supremacy, a major milestone in computer science.

Our machine performed the target computation in 200 seconds and from measurements in our experiment we determined that it would take the worlds fastest supercomputer 10,000 years to produce a similar output, the announcement said.

This feat was achieved using a 54-qubit processor, named Sycamore that was crafted using high-fidelity quantum logic gates. A quantum computer possesses the capability to solve problems that are beyond the ambit of modern supercomputers. However, it risks undoing extant encryption standards, bringing the engine of the digital economy to a sputtering halt.

An artists rendition (left) of the Sycamore and the actual Sycamore processor (right). (Credit: Google) By truncating computing time from 10,000 years to a little under four minutes, quantum computers pose an existential threat to industry standards in cryptography that were hitherto thought to be infallible in real-world conditions. Cybersecurity experts have reason to be worried.

End-to-end encryption, the one employed by messaging platforms like WhatsApp, are considered secure as it is difficult to decrypt the coded message sent from one user to another if it is intercepted by hackers. Even the most sophisticated computers in use would take thousands of years to divine the required cryptographic key if it tried all possible combinations a practice known as brute force attack.

If quantum computers were to go mainstream, the use cases for cryptography would no longer be secure. The encryption used in professional network and in WiFi routers could be cracked in a matter of moments. Email and messaging services would be compromised. Banking transaction could be subverted, putting at risk the financial details of clients.

In its most basic form, an encryption algorithm is a math problem involving very large numbers. Encryption keys are hard to crack as they comprise of thousands of bits, making it difficult to determine the correct combination in real time. But the number of possibilities is finite, meaning that these algorithms are not foolproof if the computing power to process all combinations existed.

For instance, the 256 bit version of the Advanced Encryption Standard (AES) the standard used by WhatsApp would encode the data into cipher text that is 2256 long. It is probabilistically unlikely that one will have to skim through the whole list of possibilities before arriving at the right combination. Even if were possible to crack the code after trying out 50 per cent of the total permutations, the time taken would be inordinately long.

Chinas Tianhe-2 (MilkyWay-2), which is widely regarded as one of the fastest supercomputers on the planet, would take millions of years to crack 256-bit AES encryption. This is longer than the universes life span, as predicted by astrophysicists. However, cryptography would be turned on its head, if instead, the universe were to unexpectedly dissolve into a cloud of dust in the time it took you to make coffee?

This could pose a big problem to the way information is exchanged on the internet. The death of the universe, in this example, is tantamount to the achievement of quantum supremacy. Traditional computers use the binary system, where each digit is encoded in 0s and 1s.

Quantum computers can take up an infinite number of values between 0 and 1 using qubits or quantum bits. This implies that a large number of calculations can be made at any given point in time as each qubit can process more information that its equivalent in a classical computer.

Google has taken the lead in the quantum race, but modern cryptography could be thrown into jeopardy if such computers were to fall into the hands of malevolent actors or rogue governments. Businesses will have to devise new ways to safeguard sensitive data, with protection extending to data transmitted across a network, and that stored locally on hard disks.

Estimate of the equivalent classical computation time assuming 1M CPU cores for quantum supremacy circuits as a function of the number of qubits and number of cycles for the Schrdinger-Feynman algorithm. (Credit: Google) However, businesses have time to reorient their cybersecurity strategies given that quantum computing is still in its nascence. Quantum-proof encryption standards use algorithms that are inviolable to attack, regardless of the speed of the computer used. Most of these advanced techniques are lattice-based algorithms.

Unlike the classical encryption techniques in use today, lattice-based algorithms are impossible to crack owing to their organization in a virtual grid. The encryption key is hidden at the intersection point of a multidimensional lattice. Since the number of possibilities is infinite, quantum computers will be unable to leverage its advantage over classical computers as the number of permutations and the process of skimming through the range of possibilities is much more complex.

A rendering of lattice-based encryption. (Credit: IBM) The cryptographic key can be determined only if the attacker knows their way through the lattice, which is theoretically impossible as there is no way to compute the path. This form of tricky encryption that could stump quantum computers is currently offered by companies like SAFEcrypto and Privitar. Despite the latest breakthrough, researchers at Google are yet orders of magnitude away from attaining the computer power to crack such algorithms.

To mount a credible threat, scientists will need to fit in more qubits to the existing architecture. The Google Sycamore system that attained quantum supremacy had a 54-qubit processor. Moreover, the absence of standard libraries for lattice algorithms adds to the complexity of integrating software with quantum hardware.

While lattice-based encryption services are costly, large companies might want to consider using it to secure critical data that has a long shelf life. Transactional data that is generated in bulk every day does not arguably require that level of encryption as its value to hackers depreciates over time. The threat to national security, however, is more worrisome.

18 Oct, 2019

18 Oct, 2019

18 Oct, 2019

18 Oct, 2019

18 Oct, 2019

More:
'Quantum supremacy' and the threat it poses to data storage, digital economy - Economic Times

The blockchain community should immediately begin working on three issues to prevent being overtaken by quantum computers, a cryptography expert says.

Xinxin Fan, head of cryptography at privacy- and IoT-focused blockchain platform IoTeX, published an article in The International Business Times on Nov. 7, calling on the blockchain community to stay up to date about the progress being made on quantum computers.

While reiterating that short-term developments in quantum computing are modest, Fan argued that blockchains will have to keep pace to avoid being overtaken by quantum computers as the technology grows and improves.

As such, Fan outlined three major directions for the blockchain community to address as soon as possible, which are the standardization of quantum-resistant cryptography, cryptographic agility and blockchain governance.

According to the expert, the first direction is a process to standardized quantum-resistant cryptography as it develops. Fan noted that quantum-resistant cryptography tech has already been initiated by the National Institute of Standards and Technology.

Stressing the need for such standardization, Fan wrote:

Developing and implementing capabilities specifically designed to resist quantum computers will be key for the future of blockchains, as well as their survival. Blockchain supporters and developers should therefore closely monitor the standardization process and prepare to integrate the results into existing and future blockchain projects.

Next is cryptographic agility. Simply put, this concerns developers ability to implement quantum-resistant upgrades to existing blockchain networks.

The expert cited the Ethereum network as an example, emphasizing the importance of such platforms being able to regularly upgrade their systems due to the large number of projects that depend on them.

The third important issue is blockchain governance. According to Fan, blockchain projects must set up procedures to clearly define when and how to deploy quantum-safe upgrades to their networks.

Given the difficulty blockchains have faced in establishing optimal governance structures, the expert argued that the blockchain community should start seriously thinking and experimenting with ways to ensure governance is not a hindrance to the improvement of technology.

He concluded:

There is no doubt that quantum computing is coming, and it will have major effects across the technology space. But those who believe that its simple existence is a death knell for blockchain fail to consider that the latter will grow and evolve alongside quantum computing. There is much that can be done to make blockchains more dynamic and robust and if we do those things, we will not have to worry about quantum supremacy any time soon.

On Oct. 25, Ethereum co-founder Vitalik Buterin delivered his opinion on the issue of quantum supremacy, saying:

My one-sentence impression of recent quantum supremacy stuff so far is that it is to real quantum computing what hydrogen bombs are to nuclear fusion. Proof that a phenomenon and the capability to extract power from it exist, but still far from directed use toward useful things.

Previously, Bitcoin (BTC) educator Andreas Antonopoulos claimed that Google's latest developments in quantum computing have had no impact on Bitcoin.

Read more here:
Blockchain Must Solve These 3 Issues to Avoid Quantum Threat: Expert - Cointelegraph

NEW YORK, Nov. 5, 2019 /PRNewswire/ --Unbound Tech, a global leader in software-defined cryptography, today announced a new partnership with Cryptosense, the leading supplier of security analysis software for cryptography, to further verify the security of its virtual HSM. Unbound Tech will leverage the Cryptosense Analyzer Platform (CAP) to perform automated, systematic penetration tests of its Unbound Key Control (UKC), a virtual HSM and key management solution, and Crypto-of-Things (COT) virtual crypto key management and security solution.

Through this partnership, Unbound Tech will utilize the Cryptosense Fuzzer, a mutation-based fuzzing engine, to test the Unbound Key Control (UKC) and Crypto-of-Things (COT) PKCS#11 implementations. By sending commands to a device's PKCS#11 interface and logging the responses, the Cryptosense Fuzzer will test traces of exchanges between an application and a cryptographic library to ensure these virtual appliances are properly secured in the event of a PCKS#11 API attackone of the most common attacks on HSM and Virtual HSM devices.

"Our software enables our customers to move securely to cloud cryptography services," said Graham Steel, CEO of Cryptosense. "CAP is the only tool on the market that provides everything you need for a secure and simple migration from start to finish. Our software looks inside a running application to see what cryptography is really being used, tests the use of the cloud crypto service to check for vulnerabilities and monitors the security of the migrated application in the cloud. By partnering with Unbound, we're able to reassure our customers of the continued security of their Virtual HSM and the applications that use it."

Testing with the Cryptosense Analyzer is the latest step in a series of third-party security validations in support of Unbound's virtual HSM. In early 2019, UKC also received FIPS 140-2 Level 1 and Level 2 certification from the U.S. National Institute for Standards and Technology (NIST). They are the first and only vendor to obtain FIPS 140-2 certification for a cryptographic module that spans multiple separate machines and uses secure multiparty computation (MPC) rather than relying on physical security measures to protect keys.

"There are often misconceptions around the level of security provided and benefits of protecting encryption keys with virtual appliances versus traditional HSMs," said Guy Peer, Co-founder at Unbound Tech. "The security provided by Unbound Key Control has now been industry tested and proven to be equal to, if not better, than that provided by a physical HSM. UKC is an operational and cost-friendly alternative to hardware that provides scalable key management and secure encryption from both physical and software-based attacks, while running on any existing physical or cloud infrastructure. With Cryptosense's stamp of approval, our clients can now feel more confident in adopting this approach to securing their sensitive information."

As a software-only solution, UKC offers unique benefits not common with physical HSMs - requiring minimal effort to setup, use and maintain in a variety of environments and application delivery models. All key management and user management operations are fully automated using the CLI or REST API, giving companies the ability to scale up or down, create partitions and users, register clients and revoke keys immediately across their entire global infrastructure from a single pane of glass.

About Unbound Tech:

Unbound Tech equips companies with the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never exist anywhere in complete form. The Unbound Distributed Trust Platform stands as a new foundation for trust using secure multiparty computation to ensure secrets are always split into multiple shares and thereby eliminate any single point of compromise. Adopted by Fortune 500 companies, Unbound's elastic and agile platform protects secrets on untrusted infrastructure and removes existing dependence on dedicated security hardware, delivering a novel approach to security and privacy designed for the digital era. Serving as an engine for uninhibited growth, it allows enterprises to gain new levels of control over their secrets on any cloud, server or endpoint, and opens new possibilities for digital innovation. Founded in 2014, Unbound has been recognized with numerous industry awards and named in multiple Gartner Hype Cycle Reports. Be Trusted. Be Unbound. Visit unboundtech.com.

About Cryptosense:

Cryptosense provides software to manage cryptography throughout an organization, enabling innovation and simplifying compliance. The Cryptosense Analyzer Platform discovers cryptography use inside applications and verifies use of secure hardware, both on-premise and in the cloud. Adopted by major financial institutions and payment infrastructure providers worldwide, Cryptosense is built on years of academic research. Customers use it to save time and money by automating audits, operate securely using cloud cryptography services, and integrate crypto testing into the CI/CD toolchain. For secure cryptography everywhere, visit Cryptosense.com.

SOURCE Unbound Tech

Excerpt from:
Unbound Tech Partners With Cryptosense to Verify Security of Virtual HSM - PRNewswire

Last Updated on November 7, 2019

Micheal Novogratz, the founder of the crypto investment bank Galaxy Digital, gave an interview about his opinion of Xi Jinpings newfound positive words for blockchain technology. Novogratz believes that Xi giving a public announcement urging his people to embrace blockchain technology, has profoundly increased cryptocurrency credibility. He gave this opinion at the Reuters Global Investment Outlook 2020 Summit that happened in New York on the 5th of November.

Xi Jinping stated on the 24th of October that his people should embrace blockchain technology as a critical facet of future technologies. Novogratz considers this act something that credentialized both cryptocurrencies and the blockchains that theyre based on.

While China is embracing the use of blockchain technology, they have yet to embrace the cryptocurrencies along with it. It was an amusing clarification China had to do after the price of Bitcoin skyrocketed following Xis announcement. The Peoples Daily, the Chinese Media Outlet, stipulated that Beijings pro-blockchain sentiment is true, but they are still very anti-cryptocurrency.

Even with that statement in mind on the 6th of November, China has already made it clear that they would be in favor of a bitcoin mining operation in the country, going in contradiction of their most absolute assurances that the country has no intention allowing crypto.

While the trading of cryptocurrencies in China is banned, a new law was passed by the Standing Committee of the 13th National Peoples Congress of China. This new law passed on the 26th of October and concerns legislation over the application of cryptography and password management in the country.

Cryptography is the reason why coins are so hard to hack. The Peoples Republic of China has now told the world they are embracing blockchain and put in laws regarding cryptography and its uses that will become active starting next year. Its unclear if the PRC believes were all stupid, or if theyre doing all the workarounds to save face.

A Chinese economics think tank that happened in October, going by the name of the China Center for International Economic Changes, held a Chinese exec with different opinions. This exec predicted that China would be the first country to develop and implement a digital currency successfully.

Many things can be said about the Chinese government, but inefficient is not one of those words. The legislation regarding cryptography will be put into effect on the 1st of January 2020. With this information in mind, the Chinese digital currency will roll out next year as well, probably within the first quarter.

Anyone who can think, can see that China is gearing up for its national cryptocurrency. After its launch, the crypto exchanges will probably be opened up again with some sort of stipulation that benefits the Chinese government wholeheartedly.

View post:
Novogratz States that Xi Jinping has Credentialized The Crypto Industry - Inside Bitcoins