Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article:
The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren’t vulnerable to Shor’s algorithm when the keys are of a sufficient size.
The ML in the ML-KEM name refers to Module Learning with Errors, a problem that can’t be cracked with Shor’s algorithm. As explained here, this problem is based on a “core computational assumption of lattice-based cryptography which offers an interesting trade-off between guaranteed security and concrete efficiency.”
ML-KEM, which is formally known as FIPS 203, specifies three parameter sets of varying security strength denoted as ML-KEM-512, ML-KEM-768, and ML-KEM-1024. The stronger the parameter, the more computational resources are required.
The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it’s based on “stateful hash-based signature schemes.” These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses.
More Stories
Smashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?
Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities...
Critical Infrastructure at Risk From Email Security Breaches
Critical infrastructure security undermined by weakness in email protection, researchers warn Read More
Google Street View Images Used For Extortion Scams
Attackers use Google Street View images to put pressure on victims of “sextortion” scams Read More
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends...
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested Read...
Introducing LevelBlue’s 24/7 Managed Threat Detection and Response Service for Government
As new threat vectors emerge and cybercriminals leverage sophisticated technologies to orchestrate more targeted attacks, staying ahead of threats is...