Use the Intel Cryptography Primitives Library to Prepare for Post-Quantum Security.
The Importance of Cryptography for All of Us
Due to the widespread use of digital technology in many facets of everyday life, such as healthcare, economics, and communication (messengers), cryptography is essential in the contemporary world. In a setting where information may be readily intercepted, altered, or stolen, it offers the tools to protect data and guarantee privacy, integrity, and authenticity. Digital signatures, device key authentication, and encryption/decryption all aid in the protection of private information and the verification of its validity.
Developing future-proof security techniques that will remain dependable and trustworthy long after quantum computers become accessible is the challenge of a post-quantum computing world. Even those, it is assumed, will not be able to crack post-quantum encryption in a practical and acceptable amount of time.
RSA and ECC (Elliptic Curve Cryptography) are two examples of encryption, data authentication, and integrity techniques that rely on the difficulty of solving specific mathematical problems, such as discrete logarithms and integer factorization, that are computationally impossible for classical computers to solve in any given amount of time. They are almost indestructible because of this.
But that is about to change. Shor’s Factoring Algorithm and other related algorithms will probably be used more effectively by quantum computers to tackle these issues. The process of determining the prime numbers needed for RSA, ECC, and digital signature encryption may be accelerated exponentially by these new techniques. All of a sudden, the widely used encryption techniques for critical data storage and internet communication will become outdated. Data security will be compromised.
The Challenge of a Post-Quantum Computing World
Researchers in the field of cryptography are developing new security measures to combat the potential danger posed by the usage of quantum computers and their capacity to solve certain mathematical problems rapidly. Creating alternative encryption and decryption-based security methods that do not depend on the mathematical issues that quantum computers excel at solving is the obvious goal.
These new techniques use a variety of challenging challenges that would be difficult for even quantum computers to solve. Hash-based algorithms and sophisticated lattice multiplication are popular strategies for keeping up with the development of quantum computers.
In a wide range of use cases, post-quantum algorithms are and will continue to be just as significant as conventional cryptography techniques.
Apple’s iMessage mobile messaging service, which uses the PQ3 post-quantum cryptographic protocol, is one example of a use case that has already made it into the real world.
At the 4th NIST PQC Standardization Conference, NIST and IDEMEA, a French multinational technology business that specializes in identification and authentication-related security services, presented their recommendations for post-quantum protocols for banking applications. The first three NIST-backed Finalized Post-Quantum Encryption Standards were released as a result of this work and several additional contributions made as part of the NIST Post-Quantum Cryptography PQC.
Establishing forward secrecy requires the business to include post-quantum techniques early on, even before quantum computers are generally accessible. The possibility of decrypting previously intercepted and recorded encrypted communications at a later period is known as “retrospective decryption.” It is reasonable to suppose that data that has been encrypted using conventional techniques will be gathered and kept until new decryption technology becomes accessible. It is advisable to have a forward-looking security posture in order to reduce that risk.
The ideal scenario is shown in Figure 1. Long before the first massive quantum computers are constructed, cryptography applications should begin the shift to post quantum cryptography.
Working on a Future-Proof Solution
It is advised to execute the transition in hybrid mode since methods other than the first three chosen during the NIST competition are still being researched. Combining post-quantum and classical cryptographic techniques is known as a “hybrid.”
For example, it can combine two cryptographic elements to generate a single Kyber512X key agreement:
- X25519 is a traditional cryptography key agreement system;
- Kyber512 is a post-quantum key encapsulation mechanism that is impervious to cryptanalytic and quantum computer assaults.
Using a hybrid has the benefit of protecting the data against non-quantum attackers, even in the event that Kyber512 proves to be flawed.
It is crucial to remember that security encompasses both the algorithm and the implementation. For example, even if Kyber512 is completely safe, an implementation may leak via side channels. When discussing cryptography, security comes first. The drawback is that two key exchanges are carried out, which uses more CPU cycles and data on the wire.
Overview of the Intel Cryptography Primitives Library
A collection of cryptographic building blocks that is safe, quick, and lightweight, the Intel cryptographic Primitives collection is well-suited for a range of Intel CPUs (link to documentation).
You can find it on GitHub.
Support for Many Cryptographic Domains
A wide range of procedures often used for cryptographic operations are included in the library, including:
Benefits of Using the Intel Cryptography Primitives Library
- Using the Intel Cryptography Primitives Library Security (secret processing operations are executed in constant time)
- Created with a tiny footprint in mind.
- Supported hardware cryptography instructions are optimized for various Intel CPUs and instruction set architectures:
- Intel SSE2 (Intel Streaming SIMD Extensions 2)
- SSE3 Intel
- SSE4.2 from Intel
- Advanced Vector Extensions from Intel (Intel AVX)
- Advanced Vector Extensions 2 (AVX2) by Intel
- Intel Advanced Vector Extensions 512 (AVX-512)
- CPU dispatching that may be adjusted for optimal performance
- Compatibility with kernel mode
- Design that is thread-safe
FIPS 140-3 compliance building blocks (self-tests, services) are supported by the Intel Cryptography Primitives Library.
Algorithms for Post-quantum Cryptography in the Intel Cryptography Primitives Collection
The eXtended Merkle Signature Scheme (XMSS) and Leighton-Micali Signature (LMS), both stateful hash-based signature schemes, are now supported for digital signature verification by the Cryptography Primitives Library. NIST has standardized both algorithms (NIST SP 800-208).
Using XMSS and LMS Cryptography
The documentation for the Intel Cryptography Primitives Library offers thorough examples of how to utilize both:
- Scheme for Verifying XMSS Signatures
- Verification of LMS Signatures
Special functions, like as getters and setters, that are necessary to invoke algorithms are provided by the library implementations.
Comparing ECDSA and LMS Verification Usage
Intel Cryptography Primitives Library supports Post-Quantum Security using hash-based cryptography algorithms like XMSS and LMS. The lead the deployment of the latest post-quantum cryptography technologies and closely monitor standard development at NIST’s Post Quantum Cryptography PQC.
Special functions, like as getters and setters, that are necessary to invoke algorithms are provided by the library implementations.
Add Post Quantum Security to Your Application
Intel Cryptography Primitives Library supports Post-Quantum Security using hash-based cryptography algorithms like XMSS and LMS.
It lead the deployment of the latest post-quantum cryptography technologies and closely monitor standard development at NIST’s Post Quantum Cryptography PQC.
