In preparation for the quantum computers era, Microsoft has started adding post-quantum cryptography (PQC) algorithms to its SymCrypt open source core cryptographic library.
Expected to help solve complex problems in various fields, quantum computers are poised to disrupt commonly used asymmetric algorithms, breaking today’s encryption and security, which are not resilient to quantum attacks.
PQC algorithms, on the other hand, are far more resistant, as they are based on mathematical problems that are difficult for both classical and quantum computers, and are seen as the solution for future cryptography.
However, these algorithms arrive with trade-offs, such as requirements for “larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards,” Microsoft explains.
As a key participant to post-quantum computing initiatives, Microsoft has established the Quantum Safe Program (QSP), which aims to achieve quantum readiness through integrating PQC algorithms into Microsoft products and services, and to support quantum-safe transitions.
As part of these efforts, last week the tech giant released an update for SymCrypt, which is the main cryptographic library in Azure and Windows products, and in Microsoft 365, to include support for the ML-KEM (FIPS 203, formerly Kyber) and XMSS (eXtended Merkle Signature Scheme) algorithms.
In the coming months, Microsoft will add support for additional PQC algorithms to the library, including ML-DSA (FIPS 204, formerly Dilithium), SLH-DSA (FIPS 205, formerly SPHINCS+), and LMS (the Leighton-Micali Signature Scheme).
“PQC algorithms […] have been fine-tuned for efficiency in speed and size and have gone through rigorous tests for security and robustness. Efforts are ongoing within multiple industry standards organizations to ensure these algorithms are adopted into and compatible with existing standards and protocols, and that they can operate in hybrid mode alongside classical algorithms,” Microsoft explains.
The tech giant also notes that this initial generation of PQC algorithms should be viewed as an evolving and not the definitive solution for cryptography, but adds that the support for these algorithms in the underlying crypto engine is a first step towards a quantum safe world.
“SymCrypt offers a consistent interface for encryption, decryption, signing, verification, hashing, and key exchange using both symmetric and asymmetric algorithms. It is built to be fast, secure, and portable across multiple platforms and architectures,” and Microsoft uses it “to provide cryptographic security for scenarios such as email security, cloud storage, web browsing, remote access, and device management.”
Related: Crypto Vulnerability Allows Cloning of YubiKey Security Keys
Related: New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys
Related: Understanding the Evolution of Cybercrime to Predict Its Future
Related: Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data