Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Towards Discovering Quantum-Threats for Applications Using Open-Source Libraries

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14586))

Included in the following conference series:

  • 213 Accesses

Abstract

The improvement of quantum computing poses a significant threat to cryptographic security. It enables the potential utilization of quantum algorithms to compromise classical cryptographic algorithms, such as public-key cryptosystems including RSA (Rivest-Shamir-Adleman), DH (Diffie-Hellman), and ECC (Elliptic Curve Cryptography). Currently, many applications rely on open-source libraries for various functionalities, including quantum-vulnerable public-key cryptographic implementations to achieve data confidentiality, integrity, and authenticity. So how can we determine the exposure of such applications to quantum attacks? In this paper, we study the use of open-source cryptographic algorithms for the Python programming language. We first identify the most widely used Python cryptographic libraries and then establish a simple keyword-based approach to identify the potential use of vulnerable RSA, ECC, and DH algorithms within Python applications. Notably, the extracted set of 11 keywords demonstrates precision and accuracy exceeding 90%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alagic, G., et al.: Status report on the third round of the nist post-quantum cryptography standardization process. US Department of Commerce, NIST (2022)

    Google Scholar 

  2. Choi, C.Q.: Ibm’s quantum leap: the company will take quantum tech past the 1,000-qubit mark in 2023. IEEE Spectr. 60(1), 46–47 (2023)

    Article  MathSciNet  Google Scholar 

  3. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6) (1976)

    Google Scholar 

  4. Elbaz, C., Rilling, L., Morin, C.: Automated keyword extraction from one-day vulnerabilities at disclosure. In: NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2020)

    Google Scholar 

  5. Faruk, M.J.H., Tahora, S., Tasnim, M., Shahriar, H., Sakib, N.: A review of quantum cybersecurity: threats, risks and opportunities. In: 2022 1st International Conference on AI in Cybersecurity (ICAIC), pp. 1–8. IEEE (2022)

    Google Scholar 

  6. Frantz, M., Xiao, Y., Pias, T.S., Yao, D.D.: Poster: precise detection of unprecedented python cryptographic misuses using on-demand analysis. In: The Network and Distributed System Security (NDSS) Symposium (2022)

    Google Scholar 

  7. Gidney, C., Ekerå, M.: How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum 5, 433 (2021)

    Article  Google Scholar 

  8. Gouzien, É., Sangouard, N.: Factoring 2048-bit RSA integers in 177 days with 13 436 qubits and a multimode memory. Phys. Rev. Lett. 127(14), 140503 (2021)

    Article  Google Scholar 

  9. Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying grover’s algorithm to AES: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29–43. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_3

    Chapter  Google Scholar 

  10. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219 (1996)

    Google Scholar 

  11. Hekkala, J., Muurman, M., Halunen, K., Vallivaara, V.: Implementing post-quantum cryptography for developers. SN Comput. Sci. 4(4), 365 (2023)

    Article  Google Scholar 

  12. Hwang, C.L., Lai, Y.J., Liu, T.Y.: A new approach for multiple objective decision making. Comput. Oper. Res. 20(8), 889–899 (1993)

    Article  Google Scholar 

  13. Krüger, S., Späth, J., Ali, K., Bodden, E., Mezini, M.: Crysl: an extensible approach to validating the correct usage of cryptographic apis. IEEE Trans. Software Eng. 47(11), 2382–2400 (2019)

    Article  Google Scholar 

  14. Li, W., Jia, S., Liu, L., Zheng, F., Ma, Y., Lin, J.: Cryptogo: automatic detection of go cryptographic API misuses. In: Proceedings of the 38th Annual Computer Security Applications Conference, pp. 318–331 (2022)

    Google Scholar 

  15. Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)

    Article  Google Scholar 

  16. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31

    Chapter  Google Scholar 

  17. Rahaman, S., et al.: Cryptoguard: high precision detection of cryptographic vulnerabilities in massive-sized java projects. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2455–2472 (2019)

    Google Scholar 

  18. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  19. Santoli, T., Schaffner, C.: Using simon’s algorithm to attack symmetric-key cryptographic primitives. arXiv preprint arXiv:1603.07856 (2016)

  20. Shaikh, Z.A.: Keyword detection techniques: a comprehensive study. Eng. Technol. Appl. Sci. Res. 8(1), 2590–2594 (2018)

    Article  Google Scholar 

  21. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994)

    Google Scholar 

  22. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)

    Article  MathSciNet  Google Scholar 

  23. Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)

    Article  MathSciNet  Google Scholar 

  24. Vandersypen, L.M., Steffen, M., Breyta, G., Yannoni, C.S., Sherwood, M.H., Chuang, I.L.: Experimental realization of shor’s quantum factoring algorithm using nuclear magnetic resonance. Nature 414(6866), 883–887 (2001)

    Article  Google Scholar 

  25. Wickert, A.K., Baumgärtner, L., Breitfelder, F., Mezini, M.: Python crypto misuses in the wild. In: Proceedings of the 15th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 1–6 (2021)

    Google Scholar 

  26. Xie, W., Jiang, Y., Tang, Y., Ding, N., Gao, Y.: Vulnerability detection in IoT firmware: a survey. In: 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS), pp. 769–772. IEEE (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Xiaodong Ye & Jianying Zhou

  2. pQCee Pte Ltd., Singapore, Singapore

    Teik Guan Tan

Authors
  1. Xiaodong Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Teik Guan Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaodong Ye .

Editor information

Editors and Affiliations

  1. Technology Innovation Institute, Abu Dhabi, United Arab Emirates

    Martin Andreoni

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ye, X., Tan, T.G., Zhou, J. (2024). Towards Discovering Quantum-Threats for Applications Using Open-Source Libraries. In: Andreoni, M. (eds) Applied Cryptography and Network Security Workshops. ACNS 2024. Lecture Notes in Computer Science, vol 14586. Springer, Cham. https://doi.org/10.1007/978-3-031-61486-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-61486-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-61485-9

  • Online ISBN: 978-3-031-61486-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation