Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article:
The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren’t vulnerable to Shor’s algorithm when the keys are of a sufficient size.
The ML in the ML-KEM name refers to Module Learning with Errors, a problem that can’t be cracked with Shor’s algorithm. As explained here, this problem is based on a “core computational assumption of lattice-based cryptography which offers an interesting trade-off between guaranteed security and concrete efficiency.”
ML-KEM, which is formally known as FIPS 203, specifies three parameter sets of varying security strength denoted as ML-KEM-512, ML-KEM-768, and ML-KEM-1024. The stronger the parameter, the more computational resources are required.
The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it’s based on “stateful hash-based signature schemes.” These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses.
More Stories
The AI Fix #16: GPT-4o1, AI time travelers, and where’s my driverless car?
In episode 16 of The AI Fix, Mark and Graham meet GPT-4o1 and ask if it knows how many cousins...
US Looks to Align Security Across Government
CISA project will align cybersecurity polices across the Federal Civilian Executive Branch of US government Read More
Remotely Exploding Pagers
Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did...
ICO Acts Against Sky Betting and Gaming Over Cookies
Online gambling site, Sky Betting and Gaming, found to have “unlawfully” processed data through advertising cookies Read More
Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks
83% of organizations use AI to generate code despite rising concerns from security leaders, found a Venafi survey Read More
Singapore Launches Accelerator for International Cybersecurity Startups
The CyberBoost: Catalyse is supported by the Cyber Security Agency of Singapore, the National University of Singapore and UK-based innovation...