The PQC Risk Map: Identifying Vulnerable Assets in Digital Signatures, SSL/TLS, and Blockchain

Introduction

The advent of Post-Quantum Cryptography (PQC) has brought to the forefront the critical need to assess the vulnerability of our cryptographic infrastructure to quantum attacks. As the quantum threat becomes increasingly targeted, it is essential to identify all reliance on RSA and ECC, including critical functions like digital signatures, SSL/TLS key establishment, and the cryptographic security underpinning blockchain networks and cryptocurrencies.

The Quantum Threat

Quantum computers, equipped with quantum algorithms, can efficiently factor large numbers and compute discrete logarithms, rendering RSA and ECC vulnerable to attacks. The most significant concerns lie in the potential for:

  • Quantum Key Exchange (QKE) attacks on SSL/TLS key establishment
  • Quantum Forgery attacks on digital signatures
  • Quantum Side-Channel attacks on blockchain transactions

Digital Signatures

Digital signatures, a cornerstone of secure communication, rely on public-key cryptography. The most common algorithms used are RSA and ECDSA. However, with the advent of quantum computers, these signatures become easily forgeable. To mitigate this risk, it is essential to transition to Post-Quantum Digital Signatures (PQDS) based on algorithms like:

# PQC Algorithms for Digital Signatures

* Lattice-based signatures: e.g., Ring-LWE (RLWE) and Module-Lattice-Based Signatures (MLBS)
* Code-based signatures: e.g., McEliece and Rainbow
* Multivariate signatures: e.g., Rainbow and SIDH

SSL/TLS Key Establishment

SSL/TLS, the de facto standard for secure communication, relies heavily on RSA and ECC for key establishment. Quantum computers can efficiently factor large numbers, making RSA vulnerable to attacks. ECC, though more resistant, is still vulnerable to quantum attacks. To ensure the security of SSL/TLS key establishment:

# PQC Algorithms for Key Establishment

* Lattice-based key establishment: e.g., New Hope and FrodoKEM
* Code-based key establishment: e.g., SIDH and SPHINCS

Blockchain and Cryptocurrencies

Blockchain networks and cryptocurrencies rely heavily on cryptographic security. Quantum computers can efficiently factor large numbers, making RSA and ECC vulnerable to attacks. To ensure the security of blockchain transactions:

# PQC Algorithms for Blockchain Security

* Lattice-based cryptography: e.g., Ring-LWE (RLWE) and Module-Lattice-Based Cryptography (MLBC)
* Code-based cryptography: e.g., McEliece and Rainbow

Risk Assessment and Mitigation

To identify vulnerable assets, a comprehensive risk assessment is necessary. This includes:

  • Identifying all reliance on RSA and ECC
  • Assessing the impact of quantum attacks on critical functions
  • Implementing PQC-based solutions
  • Regularly updating and patching cryptographic software and systems

Conclusion

The PQC Risk Map serves as a vital tool in identifying vulnerable assets and mitigating the quantum threat. By understanding the implications of quantum attacks on digital signatures, SSL/TLS key establishment, and blockchain security, we can proactively transition to Post-Quantum Cryptography and ensure the continued security of our cryptographic infrastructure.

References

  • [1] "Post-Quantum Cryptography" by Daniel J. Bernstein
  • [2] "Quantum Key Exchange" by Peter W. Shor
  • [3] "Lattice-Based Cryptography" by Craig Gentry and Shai Halevi