Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Java Security

Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com) 14

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

Java Proposals Would Boost Resistance to Quantum Computing Attacks

Comments Filter:
  • by gweihir ( 88907 ) on Sunday November 10, 2024 @03:54PM (#64935277)

    I completely agree with this analysis:

    https://www.cs.auckland.ac.nz/... [auckland.ac.nz]

    • In the corporate-to-corporate world, everyone along the chain is personally incentivized to increase bloat. Programmers get paid to do it, managers use it as an achievement to climb the ladder, customer management use it as an achievement to climb their own ladder (I made our product quantum secure!).

      It doesn't matter if it's fake, new features are a way to make money [zerobugsan...faster.net].
      • by gweihir ( 88907 )

        And as a side-effect, everything goes to shit. Great people that do this!

        • I think there's a better way to do it, people tend to naturally follow what they are incentivized to do. I can't figure out how to set up the right incentivization scheme, though.
  • Any encryption standard” coming out of NIST can be assumed to be compromised by NSA. I trust everybody remembers Dual EC DRBG?
    • by jd ( 1658 )

      You shouldn't assume anything. NIST produces decent stuff and, yes, compromised stuff, as does the IETF, as does virtually every organisation.

      You can't judge compromise by the label. Rather, you monitor the lounges, the cryptographic mailing lists, arXiv, and the testing sites.

      You trust nothing that is new and shiny, you trust only that which is tested and found robust.

  • This should be a real comfort to all users of java applications that have run out of bugs exploitable by adversaries without sophisticated physics expertise and nation state resources available.

    Anyone heard of such a java application?
  • Quantum computing is coming under pressure as genetic algorithms and neural nets (but not LLMs) are starting to prove faster than their quantum counterparts, even at quantum mechanical problems.

    We need to think not only about quantum computing but other areas of computing that may potentially discover vulnerabilities. After all, cryptography cannot genuinely be indistinguishable from a random oracle except with one time pads.

    That isn't to say they will or can, but rather that the playing field is larger tha

  • Just asking for a friend who depends on that app.

  • Someone had to say it.

"Yes, and I feel bad about rendering their useless carci into dogfood..." -- Badger comics

Working...