QUBIP - July 2025 PQC news update

July 2025 news update 



The source, a transcript from a YouTube video titled "Innovation Manager Corner - PQC news," focuses on recent developments in Post-Quantum Cryptography (PQC) and the transition toward its adoption. It reports on the status of the NIST PQC standardization process, noting that the Augmented Key Establishment (AQC) algorithm will be standardized for key establishment. The video also discusses European cybersecurity initiatives, highlighting the release of version 2.0 of the Agreed Cryptographic Mechanism document, which emphasizes the need for hybridization using both classical and PQC schemes. Furthermore, the source examines various side-channel attacks targeting PQC algorithms like CRYSTALS-Kyber and Falcon, and announces a new European project, PQC Attack Resilience, aimed at creating robust cryptographic solutions. Finally, it mentions advancements in quantum computing hardware with devices like Microsoft's Majorana one and the launch of a 50-qubit quantum computer in Europe, along with Google's plan to implement quantum-safe digital signatures in its Key Management Service (KMS).

1. People and Organizations

1.1 Maria Chiara

  • Role: Security Engineer

  • Organization: Security Pattern

1.2 Security Pattern

  • Involvement: Collaborating in the Cub European Project

2. Cub European Project

  • Start Date: September 2023

  • Goal:
    To design a reference and replicable transition process to Post Quantum Cryptography (PQC) for protocols, networks, and systems.

3. NIST Post Quantum Cryptography Standardization (IR8545)

3.1 Document Overview

  • Title: IR8545 — Status Report on the Fourth Round of NIST PQC Standardization

  • Publication Date: March 2025

  • Content: Describes the evaluation and selection process for key establishment algorithm candidates.

3.2 Fourth-Round Candidate Algorithms

  • Bike

  • Classic McEliece (Classic Mec)

  • SIKE

  • AQC

3.3 Selection Outcome

  • Standardized Algorithm: AQC (only key establishment algorithm to be standardized by NIST)

4. European Cybersecurity Certification Group (ECCG) and ENISA

4.1 Document Release

  • Document: Agreed Cryptographic Mechanism (Version 2.0 Zero)

  • Release Date: April 2025

  • Support: ENISA

  • Purpose: Ensure consistency and security across European cybersecurity certification schemes.

4.2 Key Points

  • Marks a critical step in Europe’s preparation for the post-quantum era.

  • Approved PQC schemes are now included as part of the Agreed Mechanism.

4.3 Hybridization Approach

  • Definition: Development of paired post-quantum and classical schemes.

  • Security Model: Both schemes must be broken to compromise security.

4.4 Parameter and Algorithm Updates

  • Symmetric and dash parameters upgraded.

  • RSA (modulus < 3000 bits) acceptable only until the end of 2025.

5. Side-Channel Attacks (SCAs)

5.1 Definition

  • Attacks that recover information by observing timing, power, or electromagnetic channels.

5.2 Context

  • Occur while processing private keys, secret messages, or intermediate values.

5.3 Specific Techniques and Vulnerabilities

  • Belief propagation: A specific SCA method used in attacks on PQC.

  • Fujizaki–Yokamoto style transforms (used in MLCAM and AQC) are vulnerable to chosen ciphertext channel attacks during reencryption.

6. Recent Research on Side-Channel Attacks

6.1 Attack on Crystal Kyber

  • Researchers: Swedish group

  • Discovery: Novel channel attack breaking an implementation of Crystal Kyber.

  • Technique: Utilizes learning-based methods.

  • Innovation: Introduced recursive learning approach (a new neural network training method).

  • Note: Implementation-specific — does not break the algorithm mathematically.

6.2 Attack on Falcon

  • Researchers: North Carolina State University

  • Publication Date: April 2025

  • Target: Discrete sampling operation during key generation phase.

  • Effectiveness: A single power trace can recover the secret key in the exploited implementation.

7. European Project: PQSCA Resilience

  • Full Name: Post Quantum Side Channel Attack Resilience

  • Start Date: May 2025

  • Duration: 1.5 years

  • Objective: Create a robust framework for evaluating resilience of cryptographic algorithms against quantum and channel attacks.

8. Microsoft Quantum Hardware

  • Device: Mayorana One

  • Announcement Date: February 2025

  • Specifications:

    • Supports 8 qubits

    • Superconductivity at low temperatures