Post-Quantum Cryptography Conference

The U.S. National Institute of Standards and Technology (NIST) has been actively engaged in the solicitation, evaluation, and standardization of quantum-resistant public-key cryptographic algorithms. This year, in August, marked a significant milestone as NIST released a request for comments on the first three draft Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography, following their successful completion of the initial four evaluation rounds.

In this presentation, Mr. Bill Newhouse and Dr. Dustin Moody from NIST will provide a comprehensive update, offering insights into the status of standardization, and the development of practices to ease migration from quantum-vulnerable public-key cryptography to quantum-resistant public-key cryptography.

Furthermore, in his Wednesday presentation, Dr. Dustin Moody will offer a more comprehensive examination of the standardization process for additional signature schemes. The first round of candidates was unveiled in July, and during his presentation, Dr. Moody will illuminate the various approaches taken and the feedback received since their initial announcement.

Considering the rapidly evolving landscape in the realm of quantum computing and its potential implications for cybersecurity, this talk delves into the governance and regulatory framework surrounding Post-Quantum Cryptography in the United States.

The backdrop for this discussion is the enactment of HR 7535, known as the “Quantum Computing Cybersecurity Preparedness Act,” on December 21, 2022, by President Joe Biden. Among its many facets, this legislation underscores the critical role of cryptography in ensuring the national security of the United States and the continued functionality of its economy.

Mr. Bill Newhouse, will provide valuable insights into how the United States is proactively preparing both its federal government and a spectrum of organizations, with a particular focus on those supporting critical infrastructure, for the era of Post-Quantum Cryptography. This presentation highlights the collaborative efforts of key entities, including the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST), in shaping the governance and regulatory landscape that will govern Post-Quantum Cryptography within the nation.

Lattices are underlying three out of the four new PQC standards of the NIST: Kyber, Dilithium and Falcon. But what is a lattice? What kind of computation does it involves? What are the challenges related to implementing such schemes?

This talk aims at giving an overview at the principles of lattice-based cryptography, covering both public key encryption and digital signature.

* This is a 40 minute session

The rapid development of quantum computing creates a new set of challenges for European cybersecurity. In recent years, the European Union has pursued an ambitious cybersecurity agenda but nevertheless, there are still questions about the current framework’s fitness to respond to these new challenges. Particularly worrisome is the advent of quantum attacks on encryption that risk rendering current cryptographic systems obsolete as they are in use. In July 2023, the European Policy Centre, with the support of Quantum Delta NL, published a discussion paper in which it analyses the criticality of preparing for quantum attacks on encryption by the creation of a new quantum cybersecurity agenda that improves technical and political coordination between EU member states and EU bodies and institutions for the transition to post-quantum cryptography and the future use of other quantum-safe technologies.

The European Policy Centre (EPC) is an independent, not-for-profit think tank dedicated to fostering European integration through analysis and debate, supporting and challenging decision-makers at all levels to make informed decisions based on evidence and analysis, and providing a platform for engaging partners, stakeholders and citizens in EU policy-making and in the debate about the future of Europe.

In the point of view of the Federal Office for Information Security in Germany (BSI), the question of “if” or “when” there will be quantum computers is no longer paramount. First post-quantum algorithms have been selected by NIST for standardisation and post-quantum cryptography will be used by default. Therefore, the migration to post-quantum cryptography should be pushed forward.

In this presentation, the BSI will expound upon its post-quantum cryptography policy and roadmap. We will emphasize the significance of the migration to post-quantum algorithms in safeguarding critical digital infrastructure, data, and communications. The presentation will elucidate the BSI’s approach, outlining the trajectory of post-quantum cryptography adoption as the default cryptographic standard.

Stateful hash based signatures provide thorough security and a high level of maturity. However, their requirement of proper handling the state of the key raises concerns for certain use cases. In this talk we want to shade some light on the state handling challenge and how an ideal solution should look like to allow a smooth transition into the PQC era.

* This is a 40 minute session

In this presentation, we will delve into the Dutch central governments’ approach to mitigate the risks of quantum technology. Quantum resilient Cryptography governance and regulation can help in mitigating these risks. Positioned at the forefront of quantum-resilient cryptography, a resource was crafted that extends beyond theoretical discussions, offering organizations concrete steps and invaluable advice. Because of our approach this will not only reach the government, but also IT-providers, and (vital) sectors in the Netherlands.

The commitment to fortifying global cybersecurity is exemplified by the Dutch PQC Migration Handbook. This indispensable resource equips organizations with pragmatic guidance on how to proactively mitigate the imminent threat posed by quantum computers to today’s cryptographic systems.

Join us to discover how the Dutch central government is diligently preparing for transition to quantum-resilient cryptographic solutions.

Last summer, several lattice-based schemes were chosen for standardization in NIST’s effort to standardize post-quantum cryptography. The process of selecting candidates is however not over, with the focus now being primarily on code-based and multivariate schemes. In this talk I will discuss code-based cryptosystems, their basic design principles, security and challenges. I will focus on the candidates remaining in the NIST competition - the well-established KEM designs, but also the new emerging signature designs.

* This is a 40 minute session

An engaging Q&A session on the global Governance and Regulation of Post-Quantum Cryptography. In this panel discussion, esteemed speakers from previous sessions will come together to answer your burning questions and provide a comprehensive overview of how various nations are addressing the impending quantum threat.

Discover how nations are navigating the intricate balance between innovation and security, and gain valuable insights into the diverse regulatory approaches that have emerged. Whether you’re interested in the regulatory intricacies of a specific region or seeking a broader understanding of global efforts, this Q&A session promises to offer a wealth of knowledge and expert perspectives on the Governance and Regulation of Post-Quantum Cryptography worldwide. Don’t miss this opportunity to engage with our panelists and explore the evolving landscape of quantum cybersecurity governance.

The whole industry is working on standardizing and implementing post-quantum cryptography, in order to mitigate the risk from future quantum computers. One question that is (and will probably remain) unanswered is “when are quantum computers going to be powerful enough to break cryptography?”. At the same time, there are regular press releases about new methods of breaking cryptography in the short term. These publications often cause panic and confusion which is counter-productive to the process of mitigating the quantum risk.

In this presentation we give a high-level description on how quantum algorithms work, and what still needs to happen before such algorithms can be implemented on real hardware. A simple model can be used to make sense of past and future announcements on the nearing moment of the cryptopocalypse (the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack public-key cryptography). We discuss some of the examples from the past year.

The Leighton-Micali Signature (LMS) system is a stateful hash-based signature scheme whose security relies on properties of hash functions, standing at a comfortable security level against attackers in possession of quantum computers. As such, LMS has been standardized by NIST in SP-800-208 and is regarded as a suitable post-quantum signature algorithm in industry.

At its core, generating an LMS private key and obtaining its corresponding public key involves computing an exponential number of hashes and eventually representing large Merkle trees in memory. Moreover, signing with this key later requires recovering subsets of the hashes computed at key generation time. Sequential, high memory approaches to these operations achieve best signature speed, but make LMS key generation prohibitively slow and resource-intensive. While there are a number of hardware-oriented efforts to optimize LMS, some open-source software implementations do not take advantage of known memory trade-offs and opt for small parameter sets.

In this talk, we describe how to make LMS key generation procedure faster with SIMD hashing (by adapting the low-memory iterative algorithm of RFC8554) and recall algorithms that trade off signature speed against succinct representations of private keys in memory.

The GSMA Post Quantum Telco Network Task Force has been dedicated to exploring the implications of Post-Quantum Cryptography (PQC) within the telecommunications space. Our mission extends beyond theoretical discussions, focusing on the tangible impacts on Network Operators and the broader telco supply chain.

The task force is a collaborative effort involving more than 50 companies representing operators, government and the wider Telco supply chain, including over 20 major network operators globally.

Earlier this year, we published a comprehensive Post Quantum Telco Network Impact Assessment Whitepaper. Building on this groundwork, we are now actively developing Quantum Risk Management guidelines tailored specifically to the telecommunications industry. Additionally, we are crafting best practice guidelines that delve into Telco use cases, with a particular emphasis on Public Key Infrastructure (PKI) implications.

In this presentation, we will provide insights into our findings and ongoing initiatives, shedding light on the practical steps being taken to ensure the resilience and security of Telco networks in the age of quantum computing. Our comprehensive approach ensures that the telecommunications industry is well-prepared to face the security challenges and opportunities presented by the quantum era.