Quantum is Knocking!

October 16, 2024 Dr. Rolf Lindemann 0 comments

Do you remember the movie Sneakers and the infamous black box labeled Setec Astronomy? That fictional device could decrypt any secret, an ability that seemed fantastic at the time. Now, quantum computers may turn that fiction into reality. These powerful machines have the potential to revolutionize our digital world, where nearly all internet communication is protected by cryptographic protocols like TLS, and our banking and payments systems rely on cryptography for card transactions and user authentication. We finally have arrived at the “too many secrets” moment hinted at in Sneakers.

Let’s dive deeper into what is driving this change, why it is urgent, and what lies ahead in this rapidly evolving space.

The Drivers

Cryptography enables us to securely encrypt information, ensuring that only authorized entities can view sensitive data, even when it is transmitted through public networks like the internet. It plays a critical role in remotely authenticating users and systems, as well as signing data to protect message integrity “at rest” and “in transit”. Essentially, cryptography is the security of the internet, since relying on dedicated communication lines without proper cryptographic protections is impractical.

Recent advances in quantum computing push the boundaries of what is possible – they are on the verge of surpassing classical computers. Certain complex problems that are challenging for classical computers can be solved more efficiently by quantum computers. The most notable example is SHOR’s algorithm, which enables quantum computers to factorize integers in polynomial time, where classical computers require exponential time. This is relevant for the RSA algorithm, which depends on the difficulty of factorization to ensure security. Note there are still (I should say: researchers believe there will be) problems which remain difficult for both classical and quantum computers, such as the “traveling salesman problem”. So in short, quantum computers are powerful, but not like the all-powerful “black box” decryption machines featured in Sneakers.

The Urgency

The NSA set 2035 as the deadline to transition to post-quantum cryptography (PQC) algorithms in national security systems. While not all systems are as sensitive as national security systems, this deadline serves as a good indicator for other industries to consider as well.

So why 2035? In the quantum computing world, performance is measured in qubits. In 2020, IBM predicted it would have a quantum computer with 1 million physical qubits by 2030. In 2023, IBM refined its projections with a more concrete plan to reach 100k physical qubits by 2033.

Current research suggests that 4,099 (fault-tolerant) qubits are sufficient to break RSA with 2048 bit keys – a widely used cryptographic algorithm today. This estimation assumes perfect fault-tolerant qubits. Since today’s quantum computers are very noisy, Quantum Error Correction (QEC) is required, and that adds a large qubit overhead, in the range of 10 – 100 or even up to 1000 physical qubits to implement a single fault-tolerant qubit. This means 40,000 to 4 million physical qubits are required to break RSA 2048. Based on current progress, experts predict that by 2035, quantum computers capable of breaking modern cryptographic algorithms such as RSA 2048 may exist. For context, quantum computers with 1180 physical qubits are available today, more than doubling last year’s 433 physical qubits limit.

While 2035 may seem far away, multiple factors drive a sense of urgency. In high security applications, cryptographic operations are often performed using hardware such as payment cards, hardware security modules, FIDO security keys, smartphones, and electronic ID cards. Hardware tends to have a longer lifetime than software. Especially devices like FIDO security keys and electronic ID cards that are expected to have a lifetime of 10 years, which means by 2025 there will be a demand for cryptographic hardware that is already enabled for PQC. While hardware devices, such as network communication devices or hardware security modules, might be able to add PQC support through firmware updates, others, such as FIDO security keys and electronic ID cards typically require hardware support that cannot be updated.

While it is sufficient to have PQC in place for signing and authentication use cases by 2035, encryption is a more urgent challenge. Known as “harvest now, decrypt later”, adversaries may be harvesting encrypted data hoping to decrypt it in the future using high-performance quantum computers. As a result, encryption solutions may need to be updated even sooner to mitigate this risk.

What Happens Next

NIST’s PQC project has made great progress with the publication of the first three PQC algorithms: FIPS 203, FIPS 204 and FIPS 205, and a fourth in the works.

This milestone provides the necessary clarity for protocol designers to add PQC to critical systems like TLS, FIDO, and payment networks. This in turn serves as the basis for security software products to implement PQC support.

For security engineers, especially those working on cryptographic hardware, this development is equally important. Hardware-level implementations require more lead time due to the complexity of securing firmware against side-channel attacks and other vulnerabilities. Designing, optimizing, producing, and certifying new PQC-ready chips requires more time and careful attention to ensure the security.

At that point we will see more proof-of-concept implementations and pilot deployments, eventually transitioning users to a new generation of cryptographic algorithms. In an ideal world users won’t even notice the transition and all the hard work that went into it.

As an inventor of the FIDO authentication protocol and a co-founder of the FIDO Alliance, Nok Nok continues to lead the way in supporting post-quantum cryptography. We closely monitor advances in PQC and actively help evolve the FIDO protocols to stay ahead of emerging threats. Nok Nok products are designed with built-in flexibility to support post-quantum cryptography, ensuring that our customers stay secure both now and in the future.

09 Oct

5 Min read

Nok Nok Announces Innovative Solutions that Simplify Deploying and Managing Passkeys

October 9, 2024 Nok Nok News 0 comments

New AI-powered functionality will enhance security, user experience, and operational efficiency

Nok Nok Authentication Cloud available through AWS Marketplace

SAN JOSE, Calif., October 9, 2024 — Nok Nok, a leader in passwordless authentication for the world’s largest organizations, today announced new product offerings that can be leveraged with its Nok Nok^™ S3 Authentication Suite. With these product releases, Nok Nok introduces significant innovations: Nok Nok Intelligent Credential Detection, Nok Nok Smart Analytics, and Nok Nok Smart Sense. With Nok Nok’s S3 Authentication Suite and Authentication Cloud, organizations can now manage their authentication strategies more efficiently, addressing key challenges deploying passkeys.

In response to the accelerated cyber threat landscape, and the need for optimizing the user experience and improving authentication KPIs, Nok Nok implemented AI to improve efficiency and user experience. These AI-driven features not only detect anomalies indicating elevated fraud risks but also identify deviations in critical authentication KPIs that provide actionable insights. By leveraging AI, Nok Nok significantly reduces the operational effort required to implement modern authentication that delights users while providing robust enterprise protection against current threats including AI generated phishing attacks and deep fakes.

“As enterprises transition from multi-factor authentication to more advanced passkey solutions, they need to provide heightened security and streamlined user experiences,” said Todd Thiemann, Senior Analyst, Enterprise Security Group. “Nok Nok’s AI-driven features are important in addressing the evolving cybersecurity threats while reducing operational complexity for organizations seeking robust, passwordless authentication.” These new innovations include:

Revolutionizing User Experience with Intelligent Credential Detection
Nok Nok’s new Intelligent Credential Detection method marks a substantial improvement in user experience. This feature automatically prompts the use of credentials available on the specific user device. By enhancing the ability to “prime” or prepare users for the next steps when authenticating, this functionality significantly improves success rates and reduces the time it takes to authenticate.
Empowering Decision-Making with Smart Analytics
Smart Analytics introduces unprecedented insights into authentication performance. This cloud-based service integrates seamlessly with the S3 Authentication Suite and Nok Nok Authentication Cloud, providing detailed reporting on key performance indicators (KPIs) related to authentication. What sets Smart Analytics apart is its ability to benchmark these KPIs against industry averages and offer actionable suggestions for improvements.

Enhancing Security with AI-Powered Smart Sense
The introduction of Smart Sense represents Nok Nok’s innovative approach to risk assessment in a passwordless world. Utilizing advanced AI and machine learning algorithms, Smart Sense learns user behavior to provide anomaly scores that can seamlessly be used through the Nok Nok authentication rules engine. This feature is specifically optimized for the passkey ecosystem, helping organizations fine-tune user experiences while enhancing fraud prevention.

These advancements come at a crucial time as organizations worldwide grapple with the challenges of securing and authenticating identities in an increasingly complex threat landscape. Nok Nok’s latest offerings provide a comprehensive solution that addresses the key pain points of implementing and maintaining strong, passwordless authentication.

“For years, Nok Nok has been at the forefront of helping enterprises transition to passkeys, and now with AI-driven innovations, we’re giving our customers powerful tools to make the use of passwordless authentication more intuitive and efficient than ever before,” said Rolf Lindemann, Vice President of Products, Nok Nok. “Our Intelligent Credential Detection streamlines the authentication process by tailoring it to each user’s available credentials, while the new Nok Nok Smart Analytics and benchmarking capabilities provide actionable insights to optimize and enhance user experience. With Nok Nok Smart Sense, we’re also addressing the evolving threat landscape by offering AI-powered, context-aware risk assessments, giving organizations the ability to fine-tune user experiences while bolstering security.”

Streamlined Procurement through AWS Marketplace
To further simplify adoption, Nok Nok also announced that its Authentication Cloud offering is now available through AWS Marketplace. This integration allows organizations to consolidate their ordering and billing processes, making it easier than ever to deploy phishing-resistant authentication using existing AWS budgets.

For more information about Nok Nok’s S3 Authentication Suite and these latest product offerings, visit Nok Nok.

About Nok Nok
Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the authentication market today. Nok Nok empowers organizations to dramatically improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon. For more information, https://noknok.com/.

Read the official press release.