The latest release of Cyph includes a major upgrade to our underlying cryptography stack. 🎉
As a result of all the valuable work performed by the global cryptography community throughout the NIST Post-Quantum Cryptography (PQC) competition, we have made the following changes to our quantum-resistant algorithm selections:
- For asymmetric encryption: McEliece (pre-PQC variant, code-based) + NTRU (pre-PQC variant, lattice-based) + SIKE/SIDH (defeated by cryptanalysis) -> Kyber (PQC winner, lattice-based) + HQC (PQC Round 4 candidate, code-based)
- For digital signing: SPHINCS (hash-based) -> Dilithium (PQC winner, lattice-based)
- For higher-security signing (e.g. code signing): SPHINCS (hash-based) -> SPHINCS+ (PQC winner, hash-based)
The new algorithms will provide noticeable improvements to the general performance of Cyph, on top of greater security guarantees against future quantum attacks.
One noteworthy result of NIST PQC was the total loss of SIKE as a viable algorithm, due to a published theoretical attack which demonstrated it to be fundamentally insecure. Whereas most published attacks against established algorithms merely highlight areas of improvement or deficiencies in parameter recommendations, this result was extraordinary in that it broke the algorithm entirely.
This result validates Cyph’s approach of combining multiple post-quantum encryption algorithms that rely on different mathematical principles. This helps to ensure the long-term security of data stored within Cyph, even as efforts to crack these algorithms continue to accelerate.
As before, our stack cascades all post-quantum cryptography with battle-hardened classical algorithms based on elliptic curves, for the best of both worlds.