Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Facebook Awards $100,000 for Post-Quantum TLS Security Research

Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.

Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.

Quantum computers, which rely on quantum mechanics to process information, are far more powerful than traditional computers. In theory, a quantum computer could easily crack the advanced encryption systems used today, including the cryptographic primitives used for Transport Layer Security (TLS), the protocol behind HTTPS.

Only a few experimental quantum computers exist today and they have been used for other tasks, but experts believe the possibility of a future quantum computer that could decrypt any Internet communications should not be ignored. As a result, they have started proposing methods for ensuring that cryptographic primitives cannot be cracked even by quantum computers – this is known as post-quantum cryptography.

Last year, researchers described a method for improving post-quantum security for TLS. The team that won this year’s Internet Defense Prize proposed a new post-quantum algorithm and defense methods against backdoors and all-for-the-price-of-one attacks. The winning team includes members from the Ege University in Turkey, Centrum Wiskunde & Informatica in the Netherlands, Infineon Technologies AG in Germany, and the Radboud University in the Netherlands.

“Using these measures — and for the same lattice dimension — they were able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks,” Facebook said.

The algorithm that won the prize, named “New Hope,” has already been integrated into the Canary version of Google’s Chrome web browser and there are plans to use it in Tor.

This year’s list of finalists also included the experts who developed the DROWN attack method against TLS, and the researchers who identified CVE-2016-5696, a vulnerability that allows off-path attackers to terminate TCP connections and conduct data injection attacks.

Last year, the $100,000 prize went to a team that proposed a new technique for detecting bad casting or type confusion vulnerabilities. 

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.