Facebook has announced the winner of its 2016 Internet Defense Prize. This year, the $100,000 reward went to a team of researchers whose work has focused on post-quantum security for TLS.
Quantum computers, which rely on quantum mechanics to process information, are far more powerful than traditional computers. In theory, a quantum computer could easily crack the advanced encryption systems used today, including the cryptographic primitives used for Transport Layer Security (TLS), the protocol behind HTTPS.
Only a few experimental quantum computers exist today and they have been used for other tasks, but experts believe the possibility of a future quantum computer that could decrypt any Internet communications should not be ignored. As a result, they have started proposing methods for ensuring that cryptographic primitives cannot be cracked even by quantum computers – this is known as post-quantum cryptography.
Last year, researchers described a method for improving post-quantum security for TLS. The team that won this year’s Internet Defense Prize proposed a new post-quantum algorithm and defense methods against backdoors and all-for-the-price-of-one attacks. The winning team includes members from the Ege University in Turkey, Centrum Wiskunde & Informatica in the Netherlands, Infineon Technologies AG in Germany, and the Radboud University in the Netherlands.
“Using these measures — and for the same lattice dimension — they were able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks,” Facebook said.
The algorithm that won the prize, named “New Hope,” has already been integrated into the Canary version of Google’s Chrome web browser and there are plans to use it in Tor.
This year’s list of finalists also included the experts who developed the DROWN attack method against TLS, and the researchers who identified CVE-2016-5696, a vulnerability that allows off-path attackers to terminate TCP connections and conduct data injection attacks.
Last year, the $100,000 prize went to a team that proposed a new technique for detecting bad casting or type confusion vulnerabilities.
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Latest News
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
