Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.
Quantum computers, which rely on quantum mechanics to process information, are far more powerful than traditional computers. In theory, a quantum computer could easily crack the advanced encryption systems used today, including the cryptographic primitives used for Transport Layer Security (TLS), the protocol behind HTTPS.
Only a few experimental quantum computers exist today and they have been used for other tasks, but experts believe the possibility of a future quantum computer that could decrypt any Internet communications should not be ignored. As a result, they have started proposing methods for ensuring that cryptographic primitives cannot be cracked even by quantum computers – this is known as post-quantum cryptography.
Last year, researchers described a method for improving post-quantum security for TLS. The team that won this year’s Internet Defense Prize proposed a new post-quantum algorithm and defense methods against backdoors and all-for-the-price-of-one attacks. The winning team includes members from the Ege University in Turkey, Centrum Wiskunde & Informatica in the Netherlands, Infineon Technologies AG in Germany, and the Radboud University in the Netherlands.
“Using these measures — and for the same lattice dimension — they were able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks,” Facebook said.
The algorithm that won the prize, named “New Hope,” has already been integrated into the Canary version of Google’s Chrome web browser and there are plans to use it in Tor.
This year’s list of finalists also included the experts who developed the DROWN attack method against TLS, and the researchers who identified CVE-2016-5696, a vulnerability that allows off-path attackers to terminate TCP connections and conduct data injection attacks.
Last year, the $100,000 prize went to a team that proposed a new technique for detecting bad casting or type confusion vulnerabilities.