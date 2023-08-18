The FIDO2 industry standard, which was adopted five years ago, provides a highly secure method for logging into websites without passwords through built-in two-factor authentication. However, there is a potential threat to FIDO due to the future development of quantum computing, which could render the current cryptography used by the standard obsolete. To counter this threat, researchers from Google have released the first implementation of quantum-resistant encryption that can be used in FIDO2 security keys.

The most well-known form of FIDO2 is passwordless authentication using passkeys, which have proven to be highly resilient to credential phishing attacks. Passkeys utilize cryptographic keys stored in security keys, smartphones, and other devices. The release of quantum-resistant encryption for security keys is aimed at ensuring the continued security of passkeys in the face of quantum computing advancements.

The path to post-quantum cryptography (PQC) is not without its challenges and risks. Traditional encryption algorithms such as RSA have been used for decades without being broken, which has instilled confidence in their security. PQC algorithms, on the other hand, are still in their early stages and thus raise concerns regarding their reliability. An example is the SIKE algorithm, which was broken by a classical computer despite being a fourth-round candidate in a program run by the US Department of Commerce’s National Institute of Standards and Technology.

The implementation of quantum-resistant encryption in FIDO2 security keys takes a cautious approach by combining the elliptic curve digital signature algorithm (ECDSA) with a PQC algorithm called Crystals-Dilithium. Crystals-Dilithium is one of three PQC algorithms selected by NIST for use in digital signatures. The specific implementation of Dilithium used in the release addresses several important issues, such as the need to defeat both ECDSA and PQC encryption to compromise security, as well as the usage of smaller keys compared to other PQC algorithms.

The development of this hybrid signature schema was a technical challenge, requiring the optimization of a Rust memory to be small enough to run on the constrained hardware of security keys. The implementation also focuses on maintaining signature speed within expected specifications. Google researchers believe that further improvements in signature speed could be achieved through hardware acceleration, resulting in more responsive keys.

Google hopes that this implementation, or a variant thereof, will be standardized as part of the FIDO2 key specification and supported by major web browsers, offering protection against quantum attacks for user credentials. To facilitate testing and contributions to security key research, Google has provided an open-source implementation called OpenSK. The security of traditional forms of asymmetric encryption, such as RSA, is based on mathematical problems that are difficult to calculate but easy to verify, such as factorizing prime numbers.