The crypto team at #Google recently published a blog post, contributing to the ongoing public discussion regarding the potential #threat #quantum #computing poses to #cryptography. I highly recommend taking the time to read the entire post. From my perspective, the most compelling aspects are the considerations for prioritisation and the practical use cases identified.

In terms of prioritisation, Google suggests evaluating the following criteria:

- The feasibility of the quantum attack in question.

- The potential for "store now, decrypt later" attacks.

- Use cases that necessitate the use of fixed public keys over long periods.

- The timeline for system redesign.

While there's no universal set of considerations, this framework provides a solid starting point.

Regarding use cases, the Google team highlights several key areas where quantum risks could be particularly relevant:

1. Encryption in Transit: This involves a limited set of widely used protocols (e.g., TLS, SSH, Signal, ALTS), with ongoing efforts towards Post-Quantum Cryptography (PQC) implementation.

2. Firmware Signatures: The public keys used in these signatures are often embedded into silicon, or otherwise safeguarded against alteration, making it challenging to change the signature scheme.

3. Software Signatures: These are essential for secure boot processes and for making deployments resistant to tampering. Unlike firmware signatures, software signature public keys can usually be updated, offering more flexibility and a more relaxed implementation timeline.

4. Public Key Infrastructure (PKI): PKI relies on certificate chains, which makes PKI in its current form extremely susceptible to size increases from post-quantum schemes.

5. Tokens: For instance, JSON Web Tokens face the challenge of size constraints, which is a significant consideration for asymmetric tokens.

6. Other Areas (e.g., HSM, PGP, S/MIME): Key import for HSMs is another critical area of asymmetric encryption protocols requiring attention.

Direct link to the blog - https://bughunters.google.com/blog/5108747984306176/google-s-threat-model-for-post-quantum-cryptography.