SESSION + Live Q&A
The Quantum Risk & Future Post-Quantum Standards
This talk will describe the risk of quantum computing to cryptography, in a way suitable to an audience without quantum physics nor cryptography background. We will present the mitigations available today thanks to research in the field of post-quantum cryptography, and we'll review the ongoing standardization efforts from the US agency NIST, and what it impies for security applications in the coming years.
What is the work that you're doing today?
My specialty is applied cryptography and more generally, information security. I'm running a startup company called Teserakt, which specializes in security for IoT systems. We do a new type of protocol to provide end-to-end encryption in the IoT context to protect data from the data producer to the data consumer.
What are your goals for this talk?
To clarify a lot of misunderstandings and myths around quantum computing. A lot of things that you hear in the news or that you're hearing in vendor pitches are not accurate. I try to make this topic approachable, to give a clear message and also actionable advice, in order to help organizations manage the risks related to quantum computing.
Can you give us a preview of the advice?
Today the main risk is that quantum computers could break all the public-key cryptography deployed today, such as RSA and elliptic curve signatures, which are for example used in Bitcoin and cryptocurrencies. To address the issue today, we can use a type of cryptographic algorithms called post-quantum cryptography. The NIST agency is currently working on standardizing such algorithms, and a number of software tools are available today to integrate post-quantum cryptography in applications.
Speaker
Jean-Philippe Aumasson
Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2
Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He...
Read moreFind Jean-Philippe Aumasson at:
From the same track
Designing Secure Architectures the Modern Way, Regardless of Stack
This talk aims to attack two typical conflicts any security architect is well familiar with: 1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to...
Eugene Pilyankevich
CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling
Reconciling Performance and Security in High Load Environments
Most perceive security fixes and improvements as a necessary evil, because security is much “less tangible” than primary product functionality in terms of potential revenue. On top of not bringing any “meaningful” value to the overall system, security comes at a cost of...
Ignat Korchagin
Cryptographer, & Security Software Engineer @Cloudflare
Keep Calm and Secure Your CI/CD Pipeline
Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each...
Sonya Moisset
Lead Security Engineer @Photobox / Tech Lead @PrideInLondon
Security Vulnerabilities Decomposition
In most companies security is driven by compliance regulations. The policies are designed to contain the CWEs each company is interested to comply with. The result of this approach is a high number of insecure applications are still produced and injection is still King. Is there another way...
Katy Anton
Principal Application Security Consultant @Veracode