Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Facebook Awards $100,000 for Post-Quantum TLS Security Research

Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.

Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.

Quantum computers, which rely on quantum mechanics to process information, are far more powerful than traditional computers. In theory, a quantum computer could easily crack the advanced encryption systems used today, including the cryptographic primitives used for Transport Layer Security (TLS), the protocol behind HTTPS.

Only a few experimental quantum computers exist today and they have been used for other tasks, but experts believe the possibility of a future quantum computer that could decrypt any Internet communications should not be ignored. As a result, they have started proposing methods for ensuring that cryptographic primitives cannot be cracked even by quantum computers – this is known as post-quantum cryptography.

Last year, researchers described a method for improving post-quantum security for TLS. The team that won this year’s Internet Defense Prize proposed a new post-quantum algorithm and defense methods against backdoors and all-for-the-price-of-one attacks. The winning team includes members from the Ege University in Turkey, Centrum Wiskunde & Informatica in the Netherlands, Infineon Technologies AG in Germany, and the Radboud University in the Netherlands.

“Using these measures — and for the same lattice dimension — they were able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks,” Facebook said.

The algorithm that won the prize, named “New Hope,” has already been integrated into the Canary version of Google’s Chrome web browser and there are plans to use it in Tor.

This year’s list of finalists also included the experts who developed the DROWN attack method against TLS, and the researchers who identified CVE-2016-5696, a vulnerability that allows off-path attackers to terminate TCP connections and conduct data injection attacks.

Last year, the $100,000 prize went to a team that proposed a new technique for detecting bad casting or type confusion vulnerabilities. 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.