Skip to content

Encryption: what is an Enveloped Signature

Recently, I’ve had to problem solve an issue with a SAML response being incorrect.  The client response used digital signatures, hashing, RSA public key and base 64 encoding.  Now, each process of the response needed to be worked through, to see where the error occurred.

Enveloped Signature.

  • This means the signature is contained within the XML
  • The transform Algorithm removes the signature












  • The message digest states the hashing used – eg SHA1.
  • The public key is RSA.
  • The Transform Algorithm says this is an enveloped signature.



Compute Message Digest

Remove the Signature element (enveloped means the signature is contained in the XML).

digest value

The SHA-1 digest of this data is (0x)516b984d8ba0d7427593984a7e89f1b6182b011f

or UWuYTYug10J1k5hKfonxthgrAR8= in base64.

Base64 encode or decode online tools are here:

RSA Keys

We used Alice’s RSA key to sign this, with PKCS#8 encrypted private key (password: “password”), and corresponding X.509 certificate.

Alice’s public key in XML format is



Compute Final XML

final xml



Where the whitespace does matter?

The whitespace characters shown as ♦ and line endings  below cannot be changed because they were required in the c14n forms to compute the digest value or signature value.

<Envelope xmlns="">
♦♦♦♦Olá mundo
♦♦<Signature xmlns="">
♦♦♦♦♦♦<CanonicalizationMethod Algorithm="" />
♦♦♦♦♦♦<SignatureMethod Algorithm="" />
♦♦♦♦♦♦<Reference URI="">
♦♦♦♦♦♦♦♦♦♦<Transform Algorithm="" />
♦♦♦♦♦♦♦♦<DigestMethod Algorithm="" />



From xmldsig-core:

Enveloping signature
The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).
Enveloped signature
The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.


Sorting attributes

The c14n ordering of attributes is as follows.

  1. The default namespace declaration xmlns="...", if any, comes first.
  2. Namespace declarations, sorted by prefix (the part after “xmlns:”). So xmlns:a="" comes before xmlns:b="".
  3. Unqualified attributes, sorted by name. So attr="..." comes before attr2="...".
  4. Qualified attributes, sorted by namespace URI then name. So b:attr="..." comes before a:attr="...", because we read this as"..." comes before"...". And a:attr="..." comes before a:attr2="..."
<e xmlns="" xmlns:a="" xmlns:b="" attr="I'm" attr2="all" b:attr="sorted" a:attr="out" a:attr2="now"></e>

For an excellent explanation of the rules to sort attributes when canonicalizing your data for XML-DSIG, see Keith S. Beattie’s article on attribute ordering KSB’s XML C14N Notes.



Windows 7 Alternative – LinuxLite

“We would like to take this opportunity to welcome all Windows 7 people who have come here to find a simple, fast and free alternative to Windows 7 which has reached its end of life and no longer provides security updates,” said Jerry Bezencon, Linux Lite creator and maintainer.

Linux Lite is a Linux distribution and based on Debian and Ubuntu and created by a team led by Jerry Bezencon. The distribution offers a lightweight desktop experience with a customized Xfce Desktop environment. It includes a set of Lite application to make the life easier for a novice Linux user.


Linux Lite is a ‘gateway operating system.’ It was created to make the transition from Windows to a Linux based operating system as smooth as possible.

Linux Lite makes the transition to a linux based operating system by offering a full, Microsoft compatible Office suite, familiar software like Firefox, Chrome, Teamviewer, VLC as well as full system back up tools, a comprehensive – easy to follow Help Manual to guide you on your journey, Steam so you can keep playing your Windows games and so much more familiar software.


Linux Lite Libre Office

What you can expect from Linux Lite?

A Desktop, taskbar and tray that have a familiar layout.– You get a fully featured FREE Microsoft compatible Office Suite in the form of LibreOffice.– The option to run familiar software such as Steam, DropBox, Kodi, OBS Studio, Skype, Spotify, Teamviewer all from within our Lite Software application.– A Welcome screen that greets you at first boot and makes setting up your Linux Lite install a breeze. Just click and go.– A Hardware Database containing over 30,000 existing pc configurations that is searchable. Herl my hardware run Linux Lite? Look here –– A friendly, welcoming Support Forum that will always do it’s best to find you answers.– A massive, searchable built-in and online Help Manual that covers all aspects of setting up, troubleshooting and working with Linux Lite.– A bundled powerful image editor Gimp that many refer to as a Photoshop competitor FREE in Linux Lite.– Familiar Desktop icons that get you quickly to where you want to go.VirtualBox Support:Out-of-the-box VirtualBox support for YouTube/Online Journalist reviewers and testers has been withdrawn. This was done to remove one more potential boot-up slow down from the list of variables. And there were cases where this has been a PITA for many users.

If you are reviewing or testing, install Linux Lite to the VM then do:Code: [Select]

sudo apt-get install virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11


After a fresh install. You will then have the full experience that VirtualBox provides.


Amazon Ring – A video of why you should not install Ring

Here’s a video, of why you should not install the Amazon Ring.  The Ring invades the privacy of your friends and neighbours, in addition to your family.


Home security company Ring and its parent corporation Amazon were hit with a lawsuit in federal court Thursday alleging that their cameras have been hacked on numerous occasions due to inadequate protections, confirming privacy advocates’ fears about the devices.

John Baker Orange of Alabama, the plaintiff in the case, said in the lawsuit (pdf) that his Ring security camera was recently hacked while his children were playing basketball outside of his home.

“Mr. Orange’s children were playing basketball when a voice came on through the camera’s two-way speaker system,” reads the lawsuit, which was filed in the U.S. District Court for the Central District of California. “An unknown person engaged with Mr. Orange’s children, commenting on their basketball play and encouraging them to get closer to the camera. Once Mr. Orange learned of the incident, he changed the password on the Ring camera and enabled two-factor authentication.”

“Ring does not fulfill its core promise of providing privacy and security for its customers, as its camera systems are fatally flawed,” the lawsuit states.

The lawsuit also cites the alarming breach of a Ring security camera in DeSoto County, Mississippi, where a hacker gained access to a device installed in an 8-year-old girl’s bedroom and began speaking to her.

“I’m your best friend,” the hacker said. “I’m Santa Claus.”

Privacy advocates and digital rights groups have long been sounding the alarm about the gaping security flaws in Ring devices.


Amazon should warn parents NOT to install this in an area where children will dress/undress, play etc.  This device is a paedophile’s dream – they can talk to children and watch them day and night.  Its a bad world out there… and the risks are being ignored.  If a parent can see their child in a bedroom – so can the rest of the world. For goodness sake, don’t buy these products.


Single Sign On Thesis 2016

Single sign on Thesis – 2016

SSO – AWS – Lightsail with Drupal and SimpleSAML Single Sign on

Step 1 -AWS Lightsail

AWS offer Lightsail, with Drupal.  SimpleSAML can be configured to offer Single Sign On with the website.  Select your AWS region eg Ireland or UK.

Select Linux > Drupal

Lightsail SSO step 1



Next, download SSH Keypairs

Step 1.1 – Download the keypair so that you can connect using SSH & Putty.

lightsail ssh key pair step 1.pngSelect “Enable Automatic Snapshots” if you want a daily backup image taken.

For Linux-based instances, Lightsail uses Secure SHell (SSH) to connect to your instance (a virtual private server). SSH uses a key pair (a public key and a private key) to match the remote server to an authorized user.

Lightsail creates a default key pair in each AWS Region where you create an instance. Choose Download to download the default private key if you also want to connect to your Lightsail instance using an SSH client such as PuTTY.

Step 1.2 – Select AWS Plan – Free

There is a one month free plan on AWS. Use this for testing.

lightsail free plan step 1.png

It’s important to both Name and TAG the instance.  Then select the bright orange button “Create Instance”.

lightsail name tag the instance step 1


Note that it will be in a “pending” state.  Allow a few minutes for the status to change to “running“.

Instance created pending step 1

If you take the public IP listed – and paste this into a Chrome web browser, the Drupal web page will appear.

lightsail paste public ip into chrome to see Drupal site


Once the status is running, select the 3 dots on the top right hand side.  A drop down list for connect and manage appears.

lightsail three dots to get connect manage drop down list

Select 3 dots > manage > connect via SSH

lightsail manage connect using ssh step 1

Now, AWS doesn’t make using Putty to connect to SSH easy.  There’s some additional config required, which isn’t needed for Windows (Remote desktop) connections.

You’ll need both the SSH key pair you downloaded earlier, putty and putty generator in order to connect using SSH.

Step 3: Configure PuTTYgen with your Lightsail private key

Now that you have a copy of your .pem key file, you can set up PuTTY using the PuTTY Key Generator (PuTTYgen).

  1. Start PuTTYgen (for example, from the Start menu, choose All ProgramsPuTTYPuTTYgen).

lightsail puttygen for SSH keys.png

  1. Choose Load.

    puttygen load.png

  2. By default, PuTTYgen displays only files with the .ppk extension. To locate your .pem file, select the option to display files of all types.
  3. Choose lightsailDefaultKey.pem, and then press Open.

    PuTTYgen confirms that you successfully imported the key, and then you can choose OK.

    Choose Save private key, and then confirm you don’t want to save it with a passphrase.

puttygen save private key

If you choose to create a passphrase as an extra measure of security, remember you will need to enter it every time you connect to your instance using PuTTY.

Specify a name and a location to save your private key, and then choose Save.

Close PuTTYgen.


Test your connection.

Open Putty.  Enter Public IP of Lightsail server and browse to the AUTH directory.  Browse to where you saved the Puttygen Private File.

ssh how to load putty private key for lightsail

Lightsail issues a PEM file by default.  Don’t load this.

Browse to the PPK file.  This is the private file that SSH needs to load.

SSH uses PPK private key file


Use putty to login with SSH using the PPK file.ssh login to lightsail server

User = bitnami

How do I get my bitnami password?


cat ./bitnami_credentials

bitnami user name and password

cat $HOME/bitnami_application_password

bitnami password use cat command to get password

Browse to Chrome, enter in public ip of server, user = user and password as from credentials.

Login as user

Notice the Shortcuts and edit tabs

bitnami user login

bitnami shortcuts and edit menu


Create a new Admin account.  Add user Button.

Enter user Id.  Role = Admin.

drupal add admin user


Next, use the new Admin account to install the SimpleSAML SP module

Browse to drupal site to locate latest SimpleSAML SP version

Download (green button).

drupal install saml sp 8


Extend Menu > URL or File Upload (of the new downloaded file).

drupal install simple saml via file upload

Extend > Install the new module/file


drupal SAML SP module Extend

Press Install button > Get confirmation screen

drupal 2 modules installed using Extend


Error Message

I got an error message on the simplsamlphp install module.


Download Externalauth module

Extend > module > upload ExternalAuth > follow the onscreem prompts

external authentication enabled.png

Next we have to configure the SP

The SP is configured by an entry in config/authsources.php.  The SimpleSAML Quickstart Guide is here:

This is a minimal authsources.php for a SP:

$config = [

    /* This is the name of this authentication source, and will be used to access it later. */
    'default-sp' => [

Use the locate command to find the authsources.php directories.  This command will become very useful when dealing with Bitnami directories, as they are different from default install directories.

sp configured in authsources.php

config/authsources.php – contains SP required attributes, LDAP Config

authsources php sp config file contains requred attributes oid

Bitnami does not use default directories, which is a shame.  It gets VERY messy here, simply because the default directories for simplesaml do not apply.

The installation process will create several sub-directories under the directory:


  • Servers and related tools: apache2/mysql/postgresql/apache-tomcat/, etc.
  • Languages: php/python/ruby/tcl/, etc.
  • Application files: apps/phpMyAdmin/apps/drupal/apps/joomla/apps/redmine/, etc.
  • Common libraries: common/
  • Licenses of the components included in the stack: licenses/

bitnami directories opt bitnami

Drupal Directories

cd /opt/bitnami/apps/drupal/conf

bitnami directories drupal.png

README.txt states:

The rest of this guide assumes that you installed Bitnami Drupal
Stack in /home/user/drupal-8.7.5-0 on Linux or C:\Program Files\Bitnami Drup$
on Windows or /Applications/drupal-8.7.5-0 on OS X and that you use port
8080 for Apache on Linux and port 80 on Windows and 3306 for MySQL.

Starting & stopping a service.

To start/stop/restart application on Linux you can use the included utility, as shown below:

bitnami@ip-172-26-15-231:/$ locate **

./ (start|stop|restart)
./ (start|stop|restart) mysql
./ (start|stop|restart) apache

start – start the service(s)
stop – stop the service(s)
restart – restart or start the service(s)

sudo su –

root@ip-172-26-15-231:/opt/bitnami# ./ status apache
apache already running

root@ip-172-26-15-231:/opt/bitnami# ./ restart apache

The installation process will create several subfolders under the main
installation directory:

apache2/: Apache Web server.
php/: PHP Scripting Language.
mysql/: MySQL Database.
drupal/: Drupal application folder
conf/: Drupal Apache configuration files
htdocs/: Drupal PHP application files
phpMyAdmin/: phpMyAdmin application folder (optional)

As the Bitnami documents are weak regarding simplesaml, I switched to this site.—-configuring-the-authentication-source


Install SimpleSAML to /var/simplesamlphp



tar zxf download?latest

Find the current version

ls simplesamplphp* – note down the version eg 18.3

Now, copy the contents of the directory to /var/simplesamlphp using the cp command. Be sure to replace the version number with the version you have:

sudo cp -a simplesamlphp-1.x.y/.   /var/simplesamlphp/

The -a switch ensures that the file permissions are copied along with the files and folders. The dot at the end of the source file ensures everything in the source directory including hidden files gets copied to the destination directory.


sudo apt-get update


sudo apt-get install php-xml php-mbstring php-curl php-memcache php-ldap memcached


Software check

php -m | grep ‘date\|dom\|hash\|json\|mbstring\|openssl\|pcre\|SPL\|zlib’

php check software installed

sudo systemctl restart apache2 (remember the bitnami directorys use the ./

cd /opt/bitnami/./ restart apache


Next, we need to make several changes to the core SimpleSAMLphp configuration located at /var/simplesamlphp/config/config.php.

simplesaml config directory

Finally!  We can see the config.php.


nano /var/simplesamphp/config/config.php

Set the administrator password by locating the 'auth.adminpassword' line and replacing the default value of 123 with a more secure password. This password lets you access some of the pages in your SimpleSAMLphp installation web interface.  If you keep the default password of 123, it will error.


. . .
'auth.adminpassword'        => 'your_admin_password',
. . .
'timezone' => null,

UK timezone = ‘Europe/London’

Full list of timezones =

Database change to SQL

simplesaml database change to sql

Save and close the file. You should now be able to access the site in your browser by visiting https://your_domain/simplesaml.


Apache file

Next the Apache file needs to be edited to include your server DNS or IP.

The Bitnami main config file for Apache is


apached main config is opt bitnami apache2 conf httpd conf file


Enter both public IP and private IP for server, with port 80, as shown.

Add an alias to the httpd.conf.

Alias /simplesaml /var/simplesamlphp/www

Add the directory and access rights

<Directory /var/simplesamlphp/www/>

    Require all granted



To display the main SimpleSAML home page in a web browser:


The Configuration Tab runs diagnostics checks on the SimpleSAML php setup.

simplesam main page configuration tab

The Federation Tab is where we will upload the IDP metadata and format the metadata, after we have created the AWS SSO IDP metadata.


Access your AWS free tier service.  Enter in SSO on the service.

The next step is to create an AWS SSO login, generate the metadata for this IDP, and upload this to simplesaml.




Once the AWS SSO IDP is created, we need to tell the simplesaml config, about this IDP.  The file that holds the metadata for a remote IDP is called “saml20-idp-remote.php”.

cd /var/simplesamlphp-1.18.3/config/metadata/saml20-idp-remote.php

remote idp metadata

Default config looks like this.  At this point, you enter in the AWS SSO account you created earlier.

$metadata[''] = [
    'SingleSignOnService'  => '',
    'SingleLogoutService'  => '',
    'certificate'          => 'example.pem',


Your Aws metadata in the saml idp remote config file will look like this (apologies for the artwork)

aws sso metadata into saml idp remote php file.png












SAML: On Breaking SAML: Be Whoever You Want to Be

The XML Signature standard [14] defines the syntax and processing rules for creating, representing, and verifying XML-based digital signatures.

It is possible to sign a whole XML tree or only specific elements.

One XML Signature can cover several local or global resources.

A signature placed within the signed content is called an enveloped signature.

If the signature surrounds the signed parts, it is an enveloping signature.

A detached signature is neither inside nor a parent of the signed data.

Signatures are two-pass signatures: the hash value of the resource (DigestValue) along with the used hash algorithm (DigestMethod) and the URI reference to the resource are stored in a Reference element. Additionally, the Transforms element specifies the processing steps which are applied prior to digesting of the resource. Each signed resource is represented by a Reference element in the SignedInfo element. Therefore, SignedInfo is a collection of hash values and URIs. The SignedInfo itself is protected by the signature. The CanonicalizationMethod and the SignatureMethod element specify the algorithms used for canonicalization and signature creation, and are also embedded in SignedInfo. The Base64-encoded value of the computed signature is deposited in the SignatureValue element. In addition, the KeyInfo element facilitates the transport of signature relevant key management information. The Object is an optional element that may contain any data.


EU Report States mobile SMS OTP codes are not compliant for “Something you know” security checks

Germany banks are removing SMS OTP codes as part of the “What do you know” security function.

eu stops use of sms otp for german banks

The report is here:

Article 4(30) of PSD2 defines knowledge as ‘something only the user knows’. Article 6 of the RTS refers to the requirement for PSPs to mitigate the risk that the element is ‘uncovered by, or disclosed to, unauthorised parties’ and to have mitigation measures in place ‘in order to prevent their disclosure to unauthorised parties’.
32. The EBA is of the view that the following elements could constitute a knowledge element: a password, a PIN, knowledge-based responses to challenges or questions, a passphrase and a memorised swiping path (as opposed to keystroke dynamics, namely the manner in which the PSU types or swipes, which may be considered an inherence element).
33. The EBA Opinion on the Implementation of the RTS stated that the card details and security code printed on the card would not constitute a knowledge element. In addition, while a card with a dynamic card security code may constitute a possession element, it would not constitute a knowledge element. That being said, in the event, for instance, that the card security code was not printed on the card and was sent separately to the PSU, in the same way as a PSP may send a PIN for a new card, it could constitute a knowledge element. The same may apply to virtual cards (where the PSU receives a single-use digital card number and card security code).
34. The same opinion also stated that a user ID (username) would not constitute a compliant knowledge element. Neither would an email address.
35. The EBA is also of the view that an OTP that contributes to providing evidence of possession would not constitute a knowledge element for approaches currently observed in the market. Indeed, knowledge, by contrast with possession, is an element that should exist prior to the initiation of the payment or the online access.

German banks are now leading the mitigation,  and are stopping the use of SMS based OTP codes as a security check.


Centos 8 – How to install Centos 8 using Virtual Box – Visual Guide

This is the best visual guide to installing Centos 8 on Virtual Box that I can find!

Full kudos to the author – go check out his blog.

Downloading CentOS 8 ISO Installation Image:

First, you have to download CentOS 8 ISO installation image from the official website of CentOS.

Visit the official website of CentOS and click on CentOS Linux DVD ISO button as marked in the screenshot below.

Now, click on the mirror link that is geographically closer to you.

Now, select Save File and click on OK.

Your browser should start downloading the CentOS 8 ISO installation image. It may take a while for the download to complete.

Creating a VirtualBox Virtual Machine for CentOS 8:

Open VirtualBox and click on New.

Now, type in a name for the Virtual Machine (VM), select the Type to Linux and Version to Red Hat (64-bit). Then, click on Next >.

Now, you have to set how much Memory (RAM) you want to allocate to the VM. For headless servers, 1 GB or 1024 MB is enough. For server with graphical user interface, it should be at least 2GB or 2048 MB. Then, click on Next >.

Now, you have to create a virtual hard disk. Select, Create a virtual hard disk now and click on Create.

Now, click on Next >.

Click on Next >.

Now, you have to set the virtual hard disk size. 20 GB is enough for more task.

Then, click on Create.

A new VM should be created. Now, select the VM and click on Settings.

Now, go to the Storage section. Then, click on Empty in Controller: IDE, then click on the CD icon and click on Choose Virtual Optical Disk File…

Now, select the CentOS 8 ISO installation image and click on Open.

Now, click on OK.

Now, select the VM and click on Start.

The VM should start and you should see the GRUB boot menu as you can see in the screenshot below.

Installing CentOS 8 on VirtualBox VM:

Now, select Install CentOS Linux 8.0.1905 from the GRUB menu and press <Enter>.

The CentOS 8 installer should work. Now, you can install CentOS 8 as usual on the virtual machine.

Select your language and click on Continue.

Now, click on Installation Destination.

Now, select the virtual hard drive, select Automatic from Storage Configuration section and click on Done.

Now, click on Network & Host Name.

Type in a host name and click on Apply. Then, click on Done.

If you want to install CentOS 8 server with graphical user interface, then you don’t have to do anything else.

But, if you want to install CentOS 8 headless server, then click on Software Selection.

Now, select Server and click on Done.

If you want to set up your time zone, click on Time & Date.

Now, select your Region and City and click on Done.

Once you’re happy, click on Begin Installation.

The installation should start.

Now, you have to create a new login user. To do that, click on User Creation.

Type in your personal information, check Make this user administrator and click on Done.

The installation should continue.

Once the installation is complete, click on Reboot.

VirtualBox VM may boot from the CentOS 8 Installation DVD again. To avoid that, click on Devices > Optical Drives > Remove disk from virtual drive.

Click on Force Unmount.

Now, click on Machine > Reset to reset the VM.

Click on Reset to confirm the action.

Now, the VM should boot from the virtual hard drive.

Once CentOS 8 boots, you can login using the username and password that you’ve set during the installation.



SSO SAML – How to find the Hash of your IDP metadata – Azure, Okta, SAMLTools

Here’s how you can get the SHA-256 fingerprint from the admin console of the Identity Provider.


  1. Go to your Azure portal
  2. Navigate to Azure Active Directory -> Enterprise Applications -> All Applications
  3. Search and open the Freshservice application that you have configured
  4. Click Quick Start and select Configure Single Sign-On
  5. Select Configure Freshservice on the configure SSO page
  6. This will open the configure singe-sign on screen on the right side
  7. Download the SAML XML Metadata 
  8. In the metadata, copy all the content that is between <X509Certificate> and </X509Certificate>
  9. Follow the steps at the end of this solution article under the heading “Generating the fingerprint from the XML content“.


  1. Go to the Okta admin console and select Freshservice from the Applications list
  2. Select the Sign On tab
  3. Download the Metadata 
  4. In the metadata, copy all the content that is between <X509Certificate> and </X509Certificate>
  5. Follow the steps at the end of this solution article under the heading “Generating the fingerprint from the XML content“.


  1. Go to the OneLogin admin console
  2. Navigate to Apps -> Company Apps -> Freshservice
  3. Go to the SSO Tab and select SHA 256 under the SAML Signature Algorithm dropdown and click View Details
  4. Select SHA 256 from the drop down. This will generate a new fingerprint
  5. Copy fingerprint and use it in Freshservice

Generating Fingerprint from the XML content

In the metadata, copy all the content that is between <X509Certificate> and </X509Certificate>

Select Format X509 Certificate to convert the Metadata into —BEGIN CERTIFICATE — X509 format.

Go to “Calculate Fingerprint” menu.

Paste in the formatted X508 metadata starting with —BEGIN Certificate—

calculate hash use begin x509 cert

Select the Algorithm and the fingerprint for the Certificate will be generated.

calculate hssh use sha1 or sha256


samltool calculate hash of idp


Encryption options to counter Quantum Computing

If quantum computing takes three decades to truly arrive, there’s no reason to panic. If it lands in ten years, our data is in serious trouble. But it’s impossible to predict with certainty when it will happen.

All we need to avoid crypto carnage is a new way to make public keys, and work to figure out a quantum-resistant way to generate them is already underway. But there are further hurdles, the usual banes of IT’s existence – standardisation and implementation – alongside pressure from that mystery deadline. Hence the melodrama. There have been more measured responses, such as the NSA’s call last year to start planning to shift to quantum-resistant encryption, while the National Institute for Standards and Technology (NIST) is running a competition to spur work on post-quantum algorithms. Both are signs of the slow, steady march of progress from security researchers in academia and industry.

But that march may need to be a quick step. “We do have many algorithms that potentially could be used [to fix encryption], but the timeframe on this is one thing that is potentially a concern because there’s some estimates that quantum computers could be available as early as 15 years,” says Dr Dustin Moody, a mathematician in the computer division at NIST. “No one’s really quite sure about that, because it’s a research thing, but the whole process to study algorithms, standardise them and get them deployed, that can take 15 years or longer. So there could be an issue with the time-frame, but nobody completely knows the answer to that.”

No one knows, but Dr Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo, Ontario is willing to try to put a number on it, estimating a one-in-seven chance that some fundamental public-key crypto will be broken by quantum by 2026, and a one-in-two chance of the same by 2031. It’s not as though the security industry has been sitting around waiting for a firm deadline before starting work. “We do have it in hand, but there’s a lot of variables that cause us to make sure that we want this to be high priority for people,” says Moody. “We don’t want people panicking. Quantum computers are not going to break all encryption.” Indeed, symmetric algorithms are safe so long as keys are doubled in length – a comparatively easy change – but thanks to researcher Peter Shor, the public keys we use to secure online banking and email now have an expiration date that coincides with quantum’s birthday.

Whilst at AT&T in the mid-nineties, Shor wrote a quantum algorithm that could crack encryption based on integer factorisation and discrete logarithms – taking out RSA and the Diffie-Hellman key exchange in one fell swoop. “Currently used public-key cryptosystems and signatures will be catastrophically broken,” says Dr Tanja Lange, chair of the Coding Theory and Cryptology group at Technische Universiteit Eindhoven and coordinator of the European project PQCRYPTO – post-quantum cryptography for long-term security. “An attacker needs about the same time to break the system as it takes the user to run it.”

We’ll also need a big enough quantum machine to make use of Shor’s work. If you’re unsure of what the term actually means, get the background on quantum computing here, but here’s what you really need to know: they’re exponentially more powerful than standard computers, but they’re fiddly – algorithms must be written just so or the answers they return aren’t readable – and not easy to build.

So we know the problem, and are well on the way to solving it, but it’s hard to meet a deadline when you don’t know when it is. Thankfully, we don’t need to wait for quantum computers to arrive to start protecting ourselves from their potential downsides. “Quantum-resistant computing has nothing to do with quantum at all,” explains IBM cryptographer Vadim Lyubashevsky. “It does not need quantum computing to exist or to work. Even if somebody had a quantum computer, somebody without one can potentially resist all of these attacks.

There are three potential solutions drawing attention from researchers, and NIST expects each to be represented in its competition: lattice-based, code-based and multi-variate. Encryption is all about hard maths. Lattice-based secures by using the incredible difficulty of finding the nearest point in a multi-dimensional grid of points – the public key is an arbitrary location, while the private key is the lattice point. Code-based crypto is based on how hard it is to decode a general linear code, while multi-variate quadratic systems use polynomial equations to secure encryption.


Lyubashevsky believes the real design work behind lattices is done, and some versions have already been standardised for specific uses by different organisations. “If somebody was really serious about [using lattice], that could be done within a month or so,” says Lyubashevsky. Indeed, it’s already been tested in the real world. Earlier this year Google ran a small trial on a slice of traffic in the Canary build of Chrome using the “New Hope” lattice-based algorithm, but made it clear it wasn’t a vote for that version to become a standard, merely a first punt at trialling encryption for the post-quantum future.


Alongside lattice-based, code-based and multi-variate, there’s also hash-based cryptography. “We feel pretty confident, and so do most experts, that their security is well understood, and they could be standardised sooner, within the next year or two,” says Moody of hash-based systems. “However they would only be used in a small number of applications, like digital code signing, so they’re not a solution for the entire problem that we have.”

On top of those post-quantum crypto systems, there will also be security built using quantum ideas and eventually protection using quantum computers themselves, which could guarantee encryption via the laws of physics. But we still need protection in the meantime, notes Lange.

There is one potential quantum based system that could help. Quantum Key Distribution (QKD) doesn’t require a quantum computer, it merely uses quantum physics to build a key, rather than relying on hard mathematics. “The premise is that if I send a single photon of light… if somebody looks at that single photon, then it disturbs the properties of those photons,” explains Phil Sibson, a researcher on the subject at the University of Bristol and co-founder of quantum cryptography startup KETS. Encode data on that photon, and it’s unreadable. “This is something fundamental to quantum mechanics.” However, it’s not quite ready. There are limitations in distance and the amount of data that can be sent, he says, as well as the possibility of side-channel attacks. “But in principle, this is a way to provide a robust security based on quantum mechanics,” adds Sibson.

QKD aside, of the three popular post-quantum options, we don’t yet know which will be the best; hopefully more than one will work and be widely applicable. “Very importantly, it’s too early to pick a winner,” says Mosca. “The NIST project to standardise a handful of systems is a good approach to drive greater study and scrutiny so we can have greater confidence in the slate of alternatives.”

But NIST isn’t just running a Britain’s Got Talent for post-quantum encryption algorithms – it hopes to drive their improvement, too. “We don’t yet feel that any of the proposed algorithms […] are quite yet ready for standardisation for wide-scale deployment and use,” says Moody. “For the most part, many of them are very, very new and haven’t had a lot of people studying their security. With all cryptographic algorithms, just the test of time – having people look at them for years – helps you have more confidence in their security.” Hence the competition, designed to focus the attention of academia and industry on scrutinising the proposed algorithms. The rules of the challenge are currently being discussed, with work set to begin in November.

After post-quantum encryption is security checked and standardised, which is expected to take several years, it will be time for the industry to get to work implementing new systems – and that could well be another hold-up. “In the past, when there have been transitions from one cryptographic algorithm to another, it’s taken a long time – anywhere from five years to twenty years, so it’s really hard to get these changes made quickly,” says Moody. NIST has been advising a shift change to elliptic curve cryptography since 2000, and some organisations are only now starting the transition.

Why does it take so long? First, the need for the change must be publicised so companies are aware of the work they need to do, but flipping to new technologies simply doesn’t happen overnight. “Once something is out there and in use, it just takes industry a long time, because they don’t want to replace all their brand-new equipment, they kind of wait for it to come off line and then put in new algorithms, so it just takes time,” adds Moody.

And this isn’t theoretical. Lange points to the NSA’s XKeyscore program revealed by Edward Snowden that makes it clear spying agencies are storing vast quantities of encrypted data. “Once a big quantum computer exists, it can casually break the public-key components of those communications, derive the used symmetric key, and decrypt everything,” she says. “Personally sensitive data such as health records are currently sent over the internet between caregiver, accounting centre and health insurance using systems we know not to resist quantum computers. Similar problems exist for legal or military data.”

It’s likely (though not guaranteed) that governments will be the first to get their hands on a quantum computer not only because of the large cost of building one, but because they’re well-motivated by the leg-up it would give them in digital spying and surveillance. Switching to post-quantum encryption now means that when various state-sponsored hackers get their hands on the exponential power of a quantum machine, your data will have a better chance of staying safe. “If you want to protect in the future, then you can start using the algorithms that we have – using lattice cryptography, or maybe something else – in tandem with what’s being used now,” said Lyubashevsky. “That may feel risky given none of the quantum resistant systems are yet standardised, but you can use both the future stuff and the today methods at the same time, reducing risk. You can use them at the same time, and so you’ll be no less secure than you are now, with only adding a little bit extra time and communication.”

And all of this is why standards bodies and organisations need to respond to that ticking clock and move faster, Lange argues. “The biggest challenge is to decide when a system is good enough to be standardised,” she says. “I’m sure that with enough work we will have better systems in three years. Does that mean we should wait for three years with standardising so that we get the better standard? Maybe. But how does that weigh against compromising all secretes for another three years?”

While she agrees with NIST that it’s still too early to standardise, Lange says it’s not too early to offer some advice. “Users dealing with long-term confidential data need expert recommendations and tools now,” she argues. “Those recommendations must prioritise confidence and security over convenience. Those users will happily upgrade to a more convenient system once that is available.” Simply put, move to post-quantum now if you need to. Everything encrypted today must be considered compromised once a quantum computer exists. For Lange, the problem is clear: “I would sure have sleepless nights if I had to ensure the long-term secrecy of data.”

PQCRYPTO in brief

  • Total Budget: EUR 3 964 791.25 (EU contribution: EUR 3 851 791.25)
  • Duration: 03/2015-02/2018
  • Countries involved: Netherlands (coordinator), Belgium, Denmark, France, Germany, Israel, Taiwan.

Key figures in the European Union

  • 4 out of 10 EU internet users provide payment details online.
  • In the EU in 2016, one third of internet users used cloud services.
  • The average company experiences 130 security breaches each year.


%d bloggers like this: