In person meetup

This months meeting is by Hoyt L Kesterson II on
Deploying the Quantum Computing Resistant Encryption Algorithms —a risk-based approach

Description:

In the 90s I was teaching a class on digital signatures to a large
number of employees of the State of Arizona government. Like many states
at that time Arizona intended to revise its laws and regulations to
address the digital signing of electronic documents.

For twenty minutes I had been enthusiastically explaining how digital
signatures. A brave woman raised her hand and asked, “What’s a key?”

I said let’s start over and talk about Julius Caesar. I learned a
valuable lesson—don’t think that the basic knowledge I have is held by
people I’m teaching.

Attendees will leave the talk knowing that at some time in the future
effective quantum computers running Shor will break the current
asymmetric algorithms such as RSA. These algorithms when applied to a
set of bits provide proof of origin and proof that the set has not been
changed. The bits could be a legal contract; they could be an executable
binary. These algorithms also allow communicating parties to agree on
the key that will be used for symmetric encryption to protect
transmitted traffic.

That same quantum computer running Grover might weaken symmetric
encryption such as AES.

Because I believe people do better at what they should do if they
understand why they’re doing it. So I will start with Julius, continue
with the new kind of encryption created by Whitfield Diffie and Martin
Hellman, and move on to the international standard standard that defined
an association of authorities that attest to a binding of a public key
to the identity of a person or object; that attestation is declared by
the issuing of a public-key certificate. That certificate is used to
support the digital signature of a set of bits.

I will describe how one threatened asymmetric encryption works; there’s
some math but it’s just multiplication and division. It’s a math problem
that’s difficult for a traditional computer to solve without some
additional information.

Unfortunately, it’s not a difficult problem for a quantum computer. We
will discuss the new encryption methods that resist quantum computing
already standardized by the National Institute for Standards and
Technology.

This short course will not explain quantum computing but it will teach
you enough to determine when the risk requires you to adopt quantum
resistant mechanisms.

Biography:
Hoyt L. Kesterson II is a Security and Risk Architect with CNC
Consulting. He has more than 50 years of experience in Information
Security. For 21 years he Chaired the International Standards Group that
created the X.509 public-key certificate, a fundamental component in
digital signature and securing web transactions. He is a Co-Chair and
Founding Member of the ABA’s Information Security Committee. He is a
testifying expert. For 12 years he was a PCI Qualified Security Assessor
who helped clients meet compliance requirements for ensuring that the
integrity and confidentiality of payment card data are maintained. He
holds the CISSP and CISA certifications. His articles on quantum
resistant cryptography, on blockchain integrity, and on the relationship
between the RSA Conference and the Law were published in the Spring
2022, Summer 2023, and Fall 2024 issues of The SciTech Lawyer.

Please also check out our previous presentations on cryptography
https://www.youtube.com/watch?v=_oMn-rW7HJU
https://www.youtube.com/watch?v=z28fRX2MfiE