Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com) 14

Posted by EditorDavid on Sunday November 10, 2024 @03:34PM from the quantum-leaps dept.

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

Java Proposals Would Boost Resistance to Quantum Computing Attacks

Post Load All Comments

Search 14 Comments Log In/Create an Account

Comments Filter:

Here is what a real expert says (Score:5, Interesting)

by gweihir ( 88907 ) writes: on Sunday November 10, 2024 @03:54PM (#64935277)

I completely agree with this analysis:
https://www.cs.auckland.ac.nz/... [auckland.ac.nz]

Reply to This Share
Flag as Inappropriate
- Re: (Score:3)
  
  by phantomfive ( 622387 ) writes:
  
  In the corporate-to-corporate world, everyone along the chain is personally incentivized to increase bloat. Programmers get paid to do it, managers use it as an achievement to climb the ladder, customer management use it as an achievement to climb their own ladder (I made our product quantum secure!).
  
  It doesn't matter if it's fake, new features are a way to make money [zerobugsan...faster.net].
  - Re: (Score:2)
    
    by gweihir ( 88907 ) writes:
    
    And as a side-effect, everything goes to shit. Great people that do this!
    - Re: (Score:2)
      
      by phantomfive ( 622387 ) writes:
      
      I think there's a better way to do it, people tend to naturally follow what they are incentivized to do. I can't figure out how to set up the right incentivization scheme, though.
Trojan horse (Score:2)

by qbast ( 1265706 ) writes:

Any encryption standard” coming out of NIST can be assumed to be compromised by NSA. I trust everybody remembers Dual EC DRBG?
- Re: (Score:2)
  
  by jd ( 1658 ) writes:
  
  You shouldn't assume anything. NIST produces decent stuff and, yes, compromised stuff, as does the IETF, as does virtually every organisation.
  You can't judge compromise by the label. Rather, you monitor the lounges, the cryptographic mailing lists, arXiv, and the testing sites.
  You trust nothing that is new and shiny, you trust only that which is tested and found robust.
  - - Re: (Score:2)
      
      by jd ( 1658 ) writes:
      
      Neither. You NEVER have the developer test their own code and you NEVER rely on certification authorities.
      The cryptography lounges are maintained by the cryptography community and include each and every paper ever published on the strengths and weaknesses of every cryptographic algorithm.
      From these papers, many such lounges will place any given algorithm into one of four categories - currently secure, low risk, high risk, and broken.
      You never, ever use any algorithm that isn't marked OK.
Hooray! (Score:2)

by fuzzyfuzzyfungus ( 1223518 ) writes:

This should be a real comfort to all users of java applications that have run out of bugs exploitable by adversaries without sophisticated physics expertise and nation state resources available.

Anyone heard of such a java application?
- Re: (Score:2)
  
  by jd ( 1658 ) writes:
  
  There are some "Hello World" programs out there.
Potentially less interesting (Score:2)

by jd ( 1658 ) writes:

Quantum computing is coming under pressure as genetic algorithms and neural nets (but not LLMs) are starting to prove faster than their quantum counterparts, even at quantum mechanical problems.
We need to think not only about quantum computing but other areas of computing that may potentially discover vulnerabilities. After all, cryptography cannot genuinely be indistinguishable from a random oracle except with one time pads.
That isn't to say they will or can, but rather that the playing field is larger tha
Is the Hello World app at risk? (Score:2)

by thesjaakspoiler ( 4782965 ) writes:

Just asking for a friend who depends on that app.
So would uninstalling Java. (Score:2)

by Fly Swatter ( 30498 ) writes:

Someone had to say it.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com) 14

Java Proposals Would Boost Resistance to Quantum Computing Attacks More | Reply Login

Java Proposals Would Boost Resistance to Quantum Computing Attacks

Here is what a real expert says (Score:5, Interesting)

Re: (Score:3)

Re: (Score:2)

Re: (Score:2)

Trojan horse (Score:2)

Re: (Score:2)

Re: (Score:2)

Hooray! (Score:2)

Re: (Score:2)

Potentially less interesting (Score:2)

Is the Hello World app at risk? (Score:2)

So would uninstalling Java. (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot