Mastodawn

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show thread

ohir 1d ago

@filippo
> In symmetric encryption, we don’t need to do anything, thankfully

Ok. So the IoT garden must rewind to the Kerberos or physical provisioning. I can't imagine lattices on small silicon yet.

Thank you, Filippo.

Show thread

m_eiman 1d ago

@ohir @filippo I’m involved in modernizing crypto for protocol that needs to work at 9600 baud. These key sizes are going to be a terrible problem… and that’s just the bandwidth side, them there”s RAM and CPU on small embedded devices.

Show thread

Filippo Valsorda 1d ago

@mikaeleiman @ohir yup, it's not great, but it is what it is. (RAM is kinda fine if you optimize for it, and CPU is actually faster than classical. But yes, size sucks.)

Show thread

Koos Pol 🇺🇦

@filippo @mikaeleiman @ohir Small devices which are part of a bigger system, but which are unable to take care of themselves should be behind a gateway/proxy anyway.

Show thread

m_eiman 1d ago

@KoosPol @filippo there’s no gateway to hide behind in this case unfortunately, it’s all small devices (and no Internet involved). And we’d like to be able to firmware update existing devices to the new stuff, replacing with new hardware would be very expensive.

Show thread

Koos Pol 🇺🇦1d ago

@mikaeleiman @filippo Then you have an system architecture problem. You can't have important devices in operation without proper safeguards. And if one of the safeguards is crypto, while these devices can't deliver, then you need to tuck them behind a gateway. And if you can't then the devices aren't important enough. You can't have the cake and eat it.

Show thread

m_eiman 1d ago

@KoosPol @filippo That's why I'm looking forward to someone coming up with a quantum resistant variant of key exchange with smaller keys that's workable for smallish embedded MCUs :]

Currently it's looking like there's no way forward for our users that's not expensive, disruptive and time consuming.

Show thread

ohir 20h ago

@KoosPol @filippo @mikaeleiman
> should be behind a gateway/proxy anyway

IoT devices are not expected to have any external protection. This is a consumer market. We can not expect home owner to provide secure environment before they change old dumb LED-bulb for a new one equipped with BLE, motion sensors and microphones. Whether they use "smart" features of this bulb or not.

Then we have many mandated by law devices that must be put in the car for safety and for national security reasons. A prime example are the direct TPMS sensors. E.g. a hackable TPMS in the tire will not deny our abilities to accurately monitor the good actors movements, but it may afflict our ability to track movements of the bad actors were they able to tamper with emitted by the tire IDs to mimic a secure-facility employee's car.

Show thread

Koos Pol 🇺🇦3h ago

@ohir @filippo @mikaeleiman For the consumer market i.r.t iot devices crypto is hardly relevant. Either you're a sysadmin and you've got your safe guards in place (e.g. vlan separation) or you're legally blonde and already clicked every permission your phone asked you to. In both cases PQ is "greenwasning".
But, I do strongly agree with you this needs legislation. Because then we can tackle the whole field.