Quantum computers could break commonly used public key algorithms, which would affect cryptography used today. For that reason, there has been great attention on quantum safe crypto recently. We have blogged about it in numerous occasions ,  , . In that context, last week the 4th ETSI/IQC on Quantum-Safe Cryptography in Toronto, Canada brought together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition to a quantum secure era.
Cisco was among the participants of the workshop with two presentations. Scott Fluhrer presented a method for adding quantum resistance in the IKEv2 key establishment by using postquantum-secure preshared keys, and proposed a scheme for adding quantum resistance in the TLS key exchange without introducing changes to the TLS handshake. The former has been submitted to IETF in order to add quantum resistance to the IKEv2 key establishment. The TLS proposal aimed to provide a minimally-disruptive solution, without significant extensions to the protocol, by hiding a new algorithm behind the abstraction barrier of DHE. In both cases, the result is a key establishment that is postquantum secure as long as at least one of its two algorithms is secure.
David McGrew later focused on hash-based signatures (HBS) in the workshop. He summarized the most prevalent hash-based signature schemes proposed in the literature and standards bodies today. He presented the practical challenges and tradeoffs between these schemes and describe some considerations of signatures being used in certain environments. David then tried to address some of the state management challenges of stateful HBS schemes. Part of our HBS vision has been shared in our recent blog.
We also had the chance to attend interesting presentations in the CxO sessions, ISARA’s PQ browser demo, Andreas Husling’s PQCrypto presentation, NIST’s standardization effort session, quantum-safe IoT by Phillips, LWE by Jintai Ding and more.
We further had more discussions with industry peers, academics and standards representatives from ISARA, Microsoft, Intel, Entrust, NIST, CESG, ETSI and CRYPTO4A. We must say that all discussions were very interesting and converged towards the need for a strong foundation on which we build an agile framework where used algorithms can be transparently updated in a post-quantum world as necessary. Cisco will continue to influence and collaborate with various players towards this strategy.
We would like to thank ETSI and IQC for organizing a very interesting workshop.