Jump to content

Cryptography: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Jessica (talk | contribs)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
Cryptography is the process of converting ordinary text into unintelligible text and vice-versa. It is used to store and transmit data so that only those intended can read and process it. Cryptography protects data from theft or alteration and authenticates users.<ref>[https://economictimes.indiatimes.com/definition/cryptography Cryptography Definition, Economic Times]</ref>
'''Cryptography''' is the process of converting ordinary text into unintelligible text and vice-versa. It is used to store and transmit data so that only those intended can read and process it.<ref>[https://economictimes.indiatimes.com/definition/cryptography Cryptography Definition, Economic Times]</ref> It plays a key role in [[data Privacy|data privacy]] and authentication today. The former concerns long-term communication secrecy while the latter concerns the digital artifacts for establishing trust in communication, such as identity and authorization.<ref>[https://eprint.iacr.org/2021/1637.pdf 4 Cryptographic Security Algorithms, Internet Security and Quantum Computing by Hilarie Orman, Dec 2021]</ref>


==Trust==
==Algorithms==
* In computer science, trust refers to the generation of authorities or user access/privileges through cryptography.
Algorithms in modern cryptography depend on the difficulty of certain math problems that take huge amounts of time to solve. The two types of algorithms used nearly universally on the Internet today for digital signatures and key exchange are the RSA and Diffie-Hellman schemes. They are known mathematically as the hard problems of factoring and finding the discrete logarithms of large integers.<ref>[https://eprint.iacr.org/2021/1637.pdf 2.1 What Makes Cryptography “Secure”?, Internet Security and Quantum Computing by Hilarie Orman, Dec 2021]</ref>
* [[Zero Trust]] (ZT) is a cybersecurity paradigm concerned with moving defenses from static, network-based perimeters to a focus on users, assets, and resources.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-207, NIST]</ref>
* [[Cryptocurrency|Cryptocurrencies]] use proof of work (PoW) to achieve trust.
* Trusted certificates create secure connections to a server via the Internet.
* [[Trusted Notifier]]s


==Keys==
==Post-Quantum Cryptography==
* public keys
In the future (assumed to be at least 50 years away if ever),<ref>[https://eprint.iacr.org/2021/1637.pdf 8 Conclusions, Internet Security and Quantum Computing by Hilarie Orman, Dec 2021]</ref> large-scale quantum computers might be able to solve problems that are impossible with current computing technology because quantum computers can handle many complex processes at the same time. Such "cryptographically relevant quantum computers" (CRQCs) could find a break in an RSA or D-H scheme (which today is practically impossible) in a day or less. Post-quantum cryptography (PQC) algorithms should not be susceptible to quantum computers because they are fundamentally different from the RSA and the Diffie-Hellman. That is, they are not weakened by Shor’s algorithm.<ref>[https://news.mit.edu/2016/quantum-computer-end-encryption-schemes-0303 The beginning of the end for encryption schemes? MIT News, Jennifer Chu]</ref><ref>[https://www.icann.org/en/system/files/files/octo-031-11feb22-en.pdf Quantum Computing and the DNS, Paul Hoffman, ICANN OCTO-031]</ref>


==Cryptographic Technologies==
===Hurdles to Quantum Computing===
It is very difficult to build even very small quantum computers.<ref>[https://eprint.iacr.org/2021/1637.pdf 3.3 What are the Challenges Facing Quantum Computer Development?, Internet Security and Quantum Computing by Hilarie Orman, Dec 2021]</ref>
First, the information in qubits is very fragile, so qubits must be completely isolated from the external environment and kept at temperatures near zero degrees Kelvin during computations, which takes extensive machinery and physical space. Second, qubits are highly prone to errors during processing, which requires thousands of additional cooled qubits to correct errors for every qubit in the computation. <br/>
Moreover, building small quantum computers will not suffice to break cryptography. Running a small quantum computer for longer will not break the cryptographic keys, nor will running many small quantum computers in parallel achieve the task.


==Post-Quantum Cryptography==
==ICANN's positions==
On February 11, 2022, [[ICANN]] [[OCTO]] stated the [[ICANN Organization|org]]'s positions on the topic of the DNS and PQC:<ref>[https://www.icann.org/en/system/files/files/octo-031-11feb22-en.pdf Quantum Computing and the DNS, Paul Hoffman, ICANN OCTO-031]</ref>
* The [[ICANN Community]] has not reached a consensus on how developments in quantum computing relate to the [[DNS]].
* The [[DNSSEC]] Community does not need to consider PQC at this time.
* [[DNS]] [[ICANN Terms#Protocols|protocols]] that use [[TLS]] (such as DNS-over-TLS and DNS-over-HTTPS) should update to PQC to align with web protocols when they are updated.


==References==
==References==
[[Category:Practices]]

Latest revision as of 19:12, 1 March 2022

Cryptography is the process of converting ordinary text into unintelligible text and vice-versa. It is used to store and transmit data so that only those intended can read and process it.[1] It plays a key role in data privacy and authentication today. The former concerns long-term communication secrecy while the latter concerns the digital artifacts for establishing trust in communication, such as identity and authorization.[2]

Algorithms

Algorithms in modern cryptography depend on the difficulty of certain math problems that take huge amounts of time to solve. The two types of algorithms used nearly universally on the Internet today for digital signatures and key exchange are the RSA and Diffie-Hellman schemes. They are known mathematically as the hard problems of factoring and finding the discrete logarithms of large integers.[3]

Post-Quantum Cryptography

In the future (assumed to be at least 50 years away if ever),[4] large-scale quantum computers might be able to solve problems that are impossible with current computing technology because quantum computers can handle many complex processes at the same time. Such "cryptographically relevant quantum computers" (CRQCs) could find a break in an RSA or D-H scheme (which today is practically impossible) in a day or less. Post-quantum cryptography (PQC) algorithms should not be susceptible to quantum computers because they are fundamentally different from the RSA and the Diffie-Hellman. That is, they are not weakened by Shor’s algorithm.[5][6]

Hurdles to Quantum Computing

It is very difficult to build even very small quantum computers.[7] First, the information in qubits is very fragile, so qubits must be completely isolated from the external environment and kept at temperatures near zero degrees Kelvin during computations, which takes extensive machinery and physical space. Second, qubits are highly prone to errors during processing, which requires thousands of additional cooled qubits to correct errors for every qubit in the computation.
Moreover, building small quantum computers will not suffice to break cryptography. Running a small quantum computer for longer will not break the cryptographic keys, nor will running many small quantum computers in parallel achieve the task.

ICANN's positions

On February 11, 2022, ICANN OCTO stated the org's positions on the topic of the DNS and PQC:[8]

  • The ICANN Community has not reached a consensus on how developments in quantum computing relate to the DNS.
  • The DNSSEC Community does not need to consider PQC at this time.
  • DNS protocols that use TLS (such as DNS-over-TLS and DNS-over-HTTPS) should update to PQC to align with web protocols when they are updated.

References