What is the 'cryptography technology that is difficult to decrypt even with a quantum computer' implemented in Windows and Linux?

by IBM Research

The encryption technology used in conventional computers has been considered almost impossible to decrypt with ordinary computers. However, it is said that the security of encryption technology may be compromised when quantum computers, which have computational power literally orders of magnitude greater than that of classical computers, appear. In order to prepare for future cyber attacks using quantum computers, Microsoft has introduced post-quantum cryptography (PQC) technology to the encryption libraries ' SymCrypt ' and ' SymCrypt-OpenSSL '. This update has begun testing on Windows 11 Canary build 27852 and later, and is also available for Linux.

Post-Quantum Cryptography Comes to Windows Insiders and Linux | Microsoft Community Hub
https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803

Windows 11 gets quantum-hardened cryptography technology | Tom's Hardware
https://www.tomshardware.com/software/windows/windows-11-gets-quantum-hardened-cryptography-technology

The PQC algorithm is designed based on mathematical problems that are extremely difficult to solve not only with current classical computers, but also with future quantum computers, aiming to counter attempts to crack the code using quantum computers.

Microsoft has upgraded its cryptographic library, SymCrypt, to support two PQC algorithms, ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) and ML-DSA (Module-Lattice-based Digital Signature Algorithm). The final standards for these two technologies were released by the National Institute of Standards and Technology (NIST) in August 2024.

The National Institute of Standards and Technology releases three final post-quantum cryptography standards: ML-KEM, ML-DSA, and SLH-DSA - GIGAZINE

ML-KEM is designed to counter attacks known as HNDL (Harvest Now, Decrypt Later). HNDL is an attack method in which an attacker collects encrypted data at present and decrypts it in the future when a high-performance quantum computer becomes available. To protect keys from HNDL, ML-KEM assumes that it will use 'encapsulation,' which communicates encryption keys using public key cryptography, and 'key exchange,' which shares a common encryption key.

There are several types of ML-KEM parameter sets according to the security levels defined by the National Institute of Standards and Technology (NIST) in the United States. ML-KEM 512 corresponds to NIST security level 1, ML-KEM 768 corresponds to level 3, and ML-KEM 1024 corresponds to level 5. Each has a different public key size and ciphertext size, but the size of the shared secret key is 32 bytes in all cases.

In addition, SHA-3 (Keccak) is used for ML-KEM pseudorandom number generation and input integrity checks. Microsoft says that improving Keccak's performance through hardware acceleration is key to efficient encryption, reducing resource demands, and enhancing security in post-quantum operations.

ML-DSA is a technology primarily related to digital signatures, and is used to verify the identity of data, ensure the integrity of the contents, and ensure the authenticity of the information. ML-DSA is now supported by SymCrypt and SymCrypt-OpenSSL, and is available to developers through a library called Cryptography API: Next Generation (CNG) .

Microsoft recommends an approach that combines ML-KEM and/or ML-DSA with existing encryption algorithms, with a preference for NIST Security Level 3 or higher whenever possible depending on your needs and threat model.

However, Microsoft points out that using ML-KEM or ML-DSA in the TLS protocol may increase the round-trip time required to establish a secure network channel and communicate due to the larger key and signature sizes. To mitigate this impact, the IETF , which promotes standardization of Internet technologies, is considering improvements such as accelerating cipher suite negotiations through TLS key prediction and TLS certificate compression.

Microsoft plans to introduce the digital signature algorithm 'SLH-DSA' to SymCrypt, SymCrypt-OpenSSL, and CNG in the future. Industry groups and experts are working on standardizing PQC technology to support quantum computers so that it can be used as a secure signature and authentication mechanism for the quantum computer era in the TLS protocol used for secure communication on the Internet and the X.509 standard, which is the standard format for electronic certificates.

Microsoft concluded that integrating PQC technology into Windows and Linux is an important step in preparing for the era of quantum computers. While acknowledging the potential of quantum computing to contribute to solving some of humanity's greatest challenges, the company emphasized that it is proactively addressing security concerns about current cryptography to build a digital future that harnesses the benefits of quantum computing while mitigating security risks.