reader comments
38 with
The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because it doesn’t rely on passwords and has the most secure form of built-in two-factor authentication. Like many existing security schemes today, though, FIDO faces an ominous if distant threat from quantum computing, which one day will cause the currently rock-solid cryptography the standard uses to completely crumble.
Over the past decade, mathematicians and engineers have scrambled to head off this cryptopocalypse with the advent of PQC—short for post-quantum cryptography—a class of encryption that uses algorithms resistant to quantum-computing attacks. This week, researchers from Google announced the release of the first implementation of quantum-resistant encryption for use in the type of security keys that are the basic building blocks of FIDO2.
The best known implementation of FIDO2 is the passwordless form of authentication: passkeys. So far, there are no known ways passkeys can be defeated in credential phishing attacks. Dozens of sites and services now allow users to log in using passkeys, which use cryptographic keys stored in security keys, smartphones, and other devices.
“While quantum attacks are still in the distant future, deploying cryptography at Internet scale is a massive undertaking which is why doing it as early as possible is vital,” Elie Bursztein and Fabian Kaczmarczyck, cybersecurity and AI research director, and software engineer, respectively, at Google wrote. “In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors.”
The path to PQC is fraught with risks. RSA and other encryption algorithms have been in use for decades with no known ways for them to be broken. Over the years, that track record has led to confidence that they are safe for use. PQC algorithms are in their infancy, and that has rightly led to concern that they can’t yet be trusted. A case in point: a PQC algorithm called SIKE. Last year, after advancing as a fourth-round candidate in a program run by the US Department of Commerce’s National Institute of Standards and Technology, SIKE was completely and spectacularly broken by a single classical computer.
The PQC algorithm used in the implementation of FIDO2 security keys takes a more cautious approach. It combines the elliptic curve digital signature algorithm—believed to be unbreakable by classical computing but easily broken with quantum computing—with a PQC algorithm known as Crystals-Dilithium. Crystals-Dilithium is now one of three PQC algorithms selected by NIST for use with digital signatures.
thanks to Boot.dev for the example).
said recently it won’t be in our lifetime. Still, as the Google researchers pointed out, adopting any PQC schemes will be slow, so it makes sense to begin work sooner rather than later.
