{"id":428250,"date":"2018-04-30T12:33:53","date_gmt":"2018-04-30T19:33:53","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&#038;p=428250"},"modified":"2024-09-30T21:14:11","modified_gmt":"2024-10-01T04:14:11","slug":"post-quantum-cryptography","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/post-quantum-cryptography\/","title":{"rendered":"Post-quantum Cryptography"},"content":{"rendered":"<h2>Cryptography in the era of quantum computers<\/h2>\n<p>The private communication of individuals and organizations is protected online by cryptography. Cryptography protects our information as it travels over and is stored on the internet\u2014whether making a purchase from an online store, uploading data to the cloud, or accessing work email remotely. Our research and engineering work has focused on protecting private information and communication from the possible threat of future quantum computers.<\/p>\n<p>Quantum Computers will advance human knowledge in many fields. To balance that, we need to update some cryptography. Existing public-key cryptography (also known as asymmetric cryptography) is based on the difficulty of factoring and the difficulty of calculating elliptic curve discrete logarithms. Because those two problems will be readily and efficiently solved by a sufficiently large-scale quantum computer, we have been studying cryptography approaches that appear to be resistant to an attacker who has access to a quantum computer, and we have been developing cryptosystems whose security relies on different, hard mathematical problems that are resistant to being solved by a large-scale quantum computer.<\/p>\n<p>Our work is open, open-source, and conducted in collaboration with academic and industry partners. The goal is robust, trusted, tested and standardized post-quantum cryptosystems.<\/p>\n<p>This work started in 2014, with our first paper published in 2015. In the intervening years we&#8217;ve submitted candidates to the NIST Post-Quantum Project and shepherded them through several rounds.<\/p>\n<p>The key points: At the end of round 3, NIST picked for standardization CRYSTALS-Kyber for public-key encryption and key establishment, and CRYSTALS-Dilithium and two other algorithms for digital signatures. Meanwhile, ISO has approved FrodoKEM and two other algorithms for standardization.<\/p>\n<h2>What\u2019s involved in post-quantum cryptography?<\/h2>\n<p>Any new cryptography has to integrate with existing internet protocols, such as TLS. A new cryptosystem must weigh:<\/p>\n<ul>\n<li>The size of encryption keys and signatures<\/li>\n<li>The time required to encrypt and decrypt on each end of a communication channel, or to sign messages and verify signatures, and<\/li>\n<li>The amount of traffic sent over the wire required to complete encryption or decryption or transmit a signature for each proposed alternative.<\/li>\n<\/ul>\n<p>The new cryptosystems also require careful cryptanalysis, to determine if there are any weaknesses that an adversary could exploit.\u00a0The work of developing new cryptosystems that are quantum-resistant must be done openly, in full view of cryptographers, organizations, the public, and governments around the world, to ensure that the new standards emerging have been well vetted by the community, and to ensure that there is international support.<\/p>\n<p>And lastly, we must keep moving quickly because we don\u2019t know exactly when today\u2019s classic cryptography will be broken. It\u2019s difficult and time-consuming to pull and replace existing cryptography from production software. Add to all that the fact that someone could store existing encrypted data and unlock it in the future once they have a quantum computer, and our task becomes even more urgent.<\/p>\n<h2>Crypto libraries, protocol integrations, and other resources<\/h2>\n<p>We are proud to participate in the <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/openquantumsafe.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Open Quantum Safe<\/a> project where we help develop the <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/github.com\/open-quantum-safe\/liboqs\">liboqs<\/a> library which is designed to further post-quantum cryptography. Additional information, protocol integrations, and related releases can be found on those sites.<\/p>\n<p><span style=\"color: #333333;font-family: 'Georgia',serif;font-size: 12pt\">\t\t\t<div class=\"ms-grid \">\n\t\t\t<div class=\"ms-row\">\n\t\t\t\t\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"0\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/post-quantum-crypto-vpn\" class=\"semibold\">Post-Quantum Crypto VPN<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tA fork of OpenVPN integrated\u00a0with post-quantum cryptography to enable testing and experimentation with these algorithms.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n<p><span style=\"color: #333333;font-family: 'Georgia',serif;font-size: 12pt\">\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"1\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/post-quantum-tls\" class=\"semibold\">Post-Quantum TLS<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tA PQ Crypto enlightened fork of OpenSSL.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n<\/span><\/p>\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"2\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/post-quantum-ssh\/\" class=\"semibold\">Post-Quantum SSH<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tA fork of OpenSSH 7.7 that adds quantum-resistant key exchange and signature algorithms.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/p>\n<h2>NIST Post-Quantum Project<\/h2>\n<p>We focused first on the <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\" target=\"_blank\" rel=\"noopener noreferrer\">NIST Post-Quantum Project<\/a>, which asked for cryptographers around the world to submit candidates for subsequent peer review and analysis. Our team is worked with academia and industry on four candidates for cryptography systems that can both withstand quantum computer capabilities, while still working with existing protocols.<\/p>\n<p>Why four? We worked on two collaborations for key exchange, and one for signatures, as well as providing code in support of a second signature system. Each proposal had different strengths and weaknesses, and each was built upon a different mathematical \u201chard problem.\u201d with different trade-offs regarding performance and key size. Pursuing multiple candidates is also appropriate as the post-quantum cryptography field is young, and many years of cryptanalysis are needed to determine whether any post-quantum proposal is secure.<\/p>\n\t\t\t<div class=\"ms-grid \">\n\t\t\t<div class=\"ms-row\">\n\t\t\t\t\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"3\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/frodokem\/\" class=\"semibold\">FrodoKEM<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tFrodoKEM is based upon the Learning with Errors problem, which is, in turn, based upon lattices.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"4\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/sike\/\" class=\"semibold\">SIKE<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tSIKE (Supersingular Isogeny Key Encapsulation) uses arithmetic operations of elliptic curves over finite fields to build a key exchange.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n<p>\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"5\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/picnic\/\" class=\"semibold\">Picnic<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tPicnic is a public-key digital signature algorithm, based on\u00a0a zero-knowledge proof system\u00a0and symmetric key primitives.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n<\/p>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t\t\t<div class=\"ms-grid \">\n\t\t\t<div class=\"ms-row\">\n\t\t\t\t\n<article class=\"msr-light-gray-bgc m-col-12-24 l-col-8-24 bg-clip-content white-bgc margin-bottom-sp3 msr-project-card\" data-bi-slot=\"6\">\n\t<div class=\"padding-horizontal padding-vertical-sp2\">\n\t\t<h3 class=\"subtitle\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/research\/project\/qtesla\/\" class=\"semibold\">qTESLA<\/a>\n\t\t\t\t\t<\/h3>\n\n\t\t<div class=\"gray-d1-c\">\n\t\t\t<div class=\"body-alt tight\">\n\t\t\t\t\t\t\t\tqTESLA is a post-quantum signature scheme based upon the Ring Learning With Errors (R-LWE) problem.\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n<\/article>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\n<p>&nbsp;<\/p>\n<h2>Tell us what you think<\/h2>\n<p>Our community will only be able to come to a consensus on the right approach through open discussion and feedback. We would like you to test and verify our ideas. Please download, use, and provide feedback on our libraries and protocol integrations. You can talk to us at <a href=\"mailto:msrsc@microsoft.com\">msrsc@microsoft.com<\/a><\/p>\n<div style=\"height: 40px\"><\/div>\n<h2>Research Team<\/h2>\n<ul class=\"msr-people-list stripped ms-row no-margin-bottom\">\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Josh-Benaloh_360x360.jpg\" alt=\"Portrait of Josh Benaloh\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/benaloh\/\">Josh Benaloh<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Senior Cryptographer<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Craig-Costello_360x360.jpg\" alt=\"Portrait of Craig Costello\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/craigco\/\">Craig Costello<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Researcher<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Karen-Easterbrook_360x360.jpg\" alt=\"Portrait of Karen Easterbrook\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/keaster\/\">Karen Easterbrook<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Principal PM Manager<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\" style=\"text-align: left\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Larry-Joy_360x360.jpg\" alt=\"Portrait of Larry Joy\" \/>\n<p class=\"body-alt no-margin-bottom\">Larry Joy<\/p>\n<p class=\"body-alt no-margin-bottom\">Senior Software Development Engineer<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Kevin-Kane_360x360.jpg\" alt=\"Portrait of Kevin Kane\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/kkane\/\">Kevin Kane<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Principal Software Development Engineer<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Patrick-Longa_360x360.jpg\" alt=\"Portrait of Patrick Longa\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/plonga\/\">Patrick Longa<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Researcher<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Michael-Naehrig_360x360.jpg\" alt=\"Portrait of Michael Naehrig\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/mnaehrig\/\">Michael Naehrig<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Researcher<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Christian-Paquin_360x360.jpg\" alt=\"Portrait of Christian Paquin\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/cpaquin\/\">Christian Paquin<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Principal Research SDE<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Dan-Shumow_360x360.jpg\" alt=\"Portrait of Dan Shumow\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/danshu\/\">Dan Shumow<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Principal Software Development Engineer<\/p>\n<\/li>\n<li class=\"xs-col-12-24 s-col-4-24 m-col-4-24 l-col-4-24 margin-bottom-sp3\"><img decoding=\"async\" class=\"avatar avatar-180 photo msr-profile-image \" src=\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2018\/04\/Greg-Zaverucha_360x360.jpg\" alt=\"Portrait of Greg Zaverucha\" \/>\n<p class=\"body-alt no-margin-bottom\"><a class=\"semibold\" href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/gregz\/\">Greg Zaverucha<\/a><\/p>\n<p class=\"body-alt no-margin-bottom\">Principal Software Development Engineer<\/p>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Cryptography in the era of quantum computers The private communication of individuals and organizations is protected online by cryptography. Cryptography protects our information as it travels over and is stored on the internet\u2014whether making a purchase from an online store, uploading data to the cloud, or accessing work email remotely. Our research and engineering work [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[243138,13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-428250","msr-project","type-msr-project","status-publish","hentry","msr-research-area-quantum","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"","related-publications":[426954,377402,365990,365999,238356,238325,168521,629640,629649,629685,629694,629994,910965,630000,645252,645261,504989],"related-downloads":[428430,428448,428454],"related-videos":[],"related-groups":[],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"slides":[],"related-researchers":[{"type":"user_nicename","display_name":"Josh Benaloh","user_id":31203,"people_section":"Section name 1","alias":"benaloh"},{"type":"user_nicename","display_name":"Craig Costello","user_id":31476,"people_section":"Section name 1","alias":"craigco"},{"type":"user_nicename","display_name":"Karen Easterbrook","user_id":32510,"people_section":"Section name 1","alias":"keaster"},{"type":"user_nicename","display_name":"Kevin Kane","user_id":32554,"people_section":"Section name 1","alias":"kkane"},{"type":"user_nicename","display_name":"Patrick Longa","user_id":33271,"people_section":"Section name 1","alias":"plonga"},{"type":"user_nicename","display_name":"Michael Naehrig","user_id":32976,"people_section":"Section name 1","alias":"mnaehrig"},{"type":"user_nicename","display_name":"Christian Paquin","user_id":31473,"people_section":"Section name 1","alias":"cpaquin"},{"type":"user_nicename","display_name":"Dan Shumow","user_id":31538,"people_section":"Section name 1","alias":"danshu"},{"type":"user_nicename","display_name":"Greg Zaverucha","user_id":31912,"people_section":"Section name 1","alias":"gregz"}],"msr_research_lab":[],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/428250"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":84,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/428250\/revisions"}],"predecessor-version":[{"id":1089228,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/428250\/revisions\/1089228"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=428250"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=428250"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=428250"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=428250"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=428250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}