On Tuesday, Google dropped a major announcement with potentially industry-changing implications - the introduction of a quantum resilient FIDO2 security key as part of their OpenSK efforts. This is a quantum leap in cybersecurity circles and could signal significant improvements in our defensive capabilities against cyber threats.
OpenSK is a security keys project built on open-source technology. It's an implementation framework coded in the Rust language that adheres to both the FIDO U2F and FIDO2 standards of protocol. This reveal makes a lot of noise because it embeds a groundbreaking ECC/Dilithium hybrid signature model. The scheme has been masterfully engineered to derive strength from ECC's robust defenses against conventional attack vectors, while also leveraging Dilithium's resilience to stand firm against quantum-level attacks.
The announcement arrives promptly following a previous declaration by Google where they detailed their plans to incorporate quantum-resistant encryption algorithms in the upcoming Chrome 116. This incorporation is intended to facilitate the establishment of symmetric keys in TLS connections and is part of a larger strategy to gradually transition to cryptographic algorithms capable of countering quantum attacks in the future.
There is growing recognition of the importance of preemptive preparation for a quantum future and Google's moves illustrate that they are keen to lead the charge in this direction. Luckily, the recent standardization of various public key quantum resilient cryptographic methods, such as the Dilithium algorithm, has provided a roadmap on how to ensure security keys are armored against quantum threats.
In the same way, Chrome's hybrid mechanism merges X25519 and Kyber-768, the proposed FIDO2 security key approach combines the Elliptic Curve Digital Signature Algorithm (ECDSA) with the recently standardized Dilithium, which is quantum resistant. This pioneering signature model has been crafted in partnership with ETH Zürich. It's coded in Rust, a language renowned for its clear syntax and modern features, and it's impressively efficient, requiring a mere 20 KB of memory. This makes it ideally suited to function seamlessly on the limited hardware capacities of security keys.
Google's anticipation is that this innovative implementation, or a variant thereof, will be standardized as a part of FIDO2 key specifications. The aim is for it to gain widespread acceptance by major web browsers. By doing so, it will ensure that users' credentials are firmly secure against potentially devastating quantum attacks. Alongside providing a daily dose of cybersecurity news and advice, Google is leading from the front in devising cutting-edge solutions to stay ahead of the relentless evolution of cyber threats.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.