Back to all videos

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS PQC Standards

By F5 DevCentral Community

TechnologyAIScience
Share:

Key Concepts

  • Post-quantum cryptography
  • Cipher suites
  • TLS (Transport Layer Security)
  • ECDHE (Elliptic-curve Diffie–Hellman Ephemeral)
  • RSA (Rivest–Shamir–Adleman)
  • AES (Advanced Encryption Standard)
  • GCM (Galois/Counter Mode)
  • SHA (Secure Hash Algorithm)
  • Shor's algorithm
  • Grover's algorithm
  • FIPS (Federal Information Processing Standards) 203, 204, 205
  • MLKM (Module Lattice Key Encapsulation Mechanism)
  • MLDSSA (Module Lattice Digital Signature Algorithm)
  • SLHDSA (Stateless Hash-Based Digital Signature Algorithm)
  • NIST (National Institute of Standards and Technology)
  • CNSA (Commercial National Security Algorithm) 2.0
  • ECCDH (Elliptic Curve Diffie-Hellman)
  • OpenSSL
  • Open Quantum Safe (OQS) project

Cipher Suite Breakdown and Vulnerabilities

A typical modern classical cryptography TLS cipher string (e.g., TLS ECDHE RSA with AES 256 GCM mode SHA 256) is composed of three main parts:

  1. Key Exchange and Authentication (ECDHE RSA): This part is responsible for creating keys and providing authentication. It relies on complex mathematics, often involving large prime integers.
  2. Encryption (AES 256 GCM): This part handles the bulk of data transport and needs to be very fast. AES (Advanced Encryption Standard) with a 256-bit key strength is used in Galois/Counter Mode (GCM).
  3. Hashing (SHA 256): This part ensures data integrity using a hash function. SHA (Secure Hash Algorithm) 256 is used.

Vulnerabilities:

  • Shor's Algorithm: This algorithm poses a significant threat to the key exchange and authentication part, as it can efficiently factor large prime numbers in polynomial time on a quantum computer, breaking the underlying mathematical assumptions of algorithms like RSA and ECC.
  • Grover's Algorithm: This algorithm weakens the encryption part, especially if a weaker bit strength is used. While AES 256 is considered sufficiently strong against Grover's algorithm compared to other classical attacks, it still represents a potential vulnerability.
  • Hashing: Both Shor's and Grover's algorithms can weaken or break the hashing algorithms used for data integrity.

FIPS Standards for Post-Quantum Cryptography

To address these vulnerabilities, NIST has defined several FIPS standards for post-quantum cryptography:

  • FIPS 203: Defines Module Lattice Key Encapsulation Mechanism (MLKM) for TLS keys. This strengthens the key exchange process.
  • FIPS 204: Defines Module Lattice Digital Signature Algorithm (MLDSSA) for digital signatures. This secures the authentication process.
  • FIPS 205: Defines Stateless Hash-Based Digital Signature Algorithm (SLHDSA) for digital signatures. This provides an alternative approach to authentication.

These standards have undergone multiple rounds of evaluation and have been adopted by the NSA in their CNSA 2.0 suite.

Hybrid Post-Quantum Cryptography

The implementation of post-quantum cryptography often involves a hybrid approach, combining classical and post-quantum algorithms.

  • MLKM Implementation: Combines the classical Elliptic Curve X25519 with a post-quantum key exchange scheme like Kyber 768 or Kyber 1024. The specific Kyber variant depends on the required security level.
  • Hybrid Key Exchange: The output of both the classical (X25519) and post-quantum (e.g., Kyber 768) algorithms is combined to create the session key used for encrypting the TLS connection.
  • ECCDH and MLKM: X25519 facilitates key exchange through Elliptic Curve Diffie-Hellman (ECCDH), while MLKM adds post-quantum key encapsulation.

Example: SECP 256 (a common elliptic curve used in OpenSSL) is combined with MLKM 768 to create a hybrid post-quantum key exchange.

Implementation Methods

Post-quantum cryptography is being implemented through various methods:

  1. Hardware Vendors: Integrating proprietary or open-source libraries into their hardware (e.g., firewalls, web application firewalls, SSL termination devices).
  2. OpenSSL and BoringSSL: Using OpenSSL or BoringSSL (Google's fork of OpenSSL) with post-quantum cipher support.
  3. Open Quantum Safe (OQS) Project: The OQS project provides a separate binary of libraries specifically for quantum-resistant ciphers that can be integrated into OpenSSL.

OpenSSL Integration:

  • Prior to version 3.5, integrating OQS required compiling a custom liboqs provider and adding specific statements to the genkey command.
  • As of version 3.5, OpenSSL has built-in support for post-quantum ciphers, simplifying the compilation process.

Practical Demonstration

F5 DevCentral has created a lab environment available on GitHub that allows users to spin up a VM or Docker container and run their own OpenSSL post-quantum cryptographic secured certificate authority.

Conclusion

The transition to post-quantum cryptography is crucial to mitigate the threats posed by quantum computers to existing cryptographic systems. Hybrid approaches, combining classical and post-quantum algorithms, are being implemented through various methods, including hardware integration, OpenSSL support, and dedicated libraries like those provided by the OQS project. The availability of practical demonstration environments, such as the F5 DevCentral lab, facilitates experimentation and adoption of these new cryptographic techniques.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS PQC Standards". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video