Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com)
- Reference: 0175444953
- News link: https://developers.slashdot.org/story/24/11/10/1853200/java-proposals-would-boost-resistance-to-quantum-computing-attacks
- Source link: https://www.infoworld.com/article/3601103/java-proposals-would-boost-resistance-to-quantum-computing-attacks.html
> The two proposals reside in [2]the OpenJDK JEP (JDK Enhancement Proposal ) index.
>
> The [3]Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in [4]FIPS 204 .
>
> The [5]Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using [6]public key cryptography . ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in [7]FIPS 203 .
[1] https://www.infoworld.com/article/3601103/java-proposals-would-boost-resistance-to-quantum-computing-attacks.html
[2] https://www.infoworld.com/article/3598939/12-java-enhancement-proposals-changing-java.html
[3] https://openjdk.org/jeps/497
[4] https://csrc.nist.gov/pubs/fips/204/final
[5] https://openjdk.org/jeps/496
[6] https://www.infoworld.com/article/2270982/a-quick-guide-to-modern-cryptography.html
[7] https://csrc.nist.gov/pubs/fips/203/final
Trojan horse (Score:2)
Any encryption standard” coming out of NIST can be assumed to be compromised by NSA. I trust everybody remembers Dual EC DRBG?
Re: (Score:2)
You shouldn't assume anything. NIST produces decent stuff and, yes, compromised stuff, as does the IETF, as does virtually every organisation.
You can't judge compromise by the label. Rather, you monitor the lounges, the cryptographic mailing lists, arXiv, and the testing sites.
You trust nothing that is new and shiny, you trust only that which is tested and found robust.
Hooray! (Score:2)
This should be a real comfort to all users of java applications that have run out of bugs exploitable by adversaries without sophisticated physics expertise and nation state resources available.
Anyone heard of such a java application?
Re: (Score:2)
There are some "Hello World" programs out there.
Potentially less interesting (Score:2)
Quantum computing is coming under pressure as genetic algorithms and neural nets (but not LLMs) are starting to prove faster than their quantum counterparts, even at quantum mechanical problems.
We need to think not only about quantum computing but other areas of computing that may potentially discover vulnerabilities. After all, cryptography cannot genuinely be indistinguishable from a random oracle except with one time pads.
That isn't to say they will or can, but rather that the playing field is larger tha
Here is what a real expert says (Score:2)
I completely agree with this analysis:
[1]https://www.cs.auckland.ac.nz/... [auckland.ac.nz]
[1] https://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf
Re: (Score:2)
In the corporate-to-corporate world, everyone along the chain is personally incentivized to increase bloat. Programmers get paid to do it, managers use it as an achievement to climb the ladder, customer management use it as an achievement to climb their own ladder (I made our product quantum secure!).
It doesn't matter if it's fake, [1]new features are a way to make money [zerobugsan...faster.net].
[1] http://www.zerobugsandprogramfaster.net/essays/2.html