Java Proposals Would Boost Resistance to Quantum Computing Attacks (infoworld.com) 14
"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation."
The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.
The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.
The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.
The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.
The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.
Here is what a real expert says (Score:5, Interesting)
I completely agree with this analysis:
https://www.cs.auckland.ac.nz/... [auckland.ac.nz]
Re: (Score:3)
It doesn't matter if it's fake, new features are a way to make money [zerobugsan...faster.net].
Re: (Score:2)
And as a side-effect, everything goes to shit. Great people that do this!
Re: (Score:2)
Trojan horse (Score:2)
Re: (Score:2)
You shouldn't assume anything. NIST produces decent stuff and, yes, compromised stuff, as does the IETF, as does virtually every organisation.
You can't judge compromise by the label. Rather, you monitor the lounges, the cryptographic mailing lists, arXiv, and the testing sites.
You trust nothing that is new and shiny, you trust only that which is tested and found robust.
Re: (Score:2)
Neither. You NEVER have the developer test their own code and you NEVER rely on certification authorities.
The cryptography lounges are maintained by the cryptography community and include each and every paper ever published on the strengths and weaknesses of every cryptographic algorithm.
From these papers, many such lounges will place any given algorithm into one of four categories - currently secure, low risk, high risk, and broken.
You never, ever use any algorithm that isn't marked OK.
Hooray! (Score:2)
Anyone heard of such a java application?
Re: (Score:2)
There are some "Hello World" programs out there.
Potentially less interesting (Score:2)
Quantum computing is coming under pressure as genetic algorithms and neural nets (but not LLMs) are starting to prove faster than their quantum counterparts, even at quantum mechanical problems.
We need to think not only about quantum computing but other areas of computing that may potentially discover vulnerabilities. After all, cryptography cannot genuinely be indistinguishable from a random oracle except with one time pads.
That isn't to say they will or can, but rather that the playing field is larger tha
Is the Hello World app at risk? (Score:2)
Just asking for a friend who depends on that app.
So would uninstalling Java. (Score:2)