QuantumLock Overview

QuantumLock was previously called DoubleLock.

Introduction

Secret Server's quantumlock is a feature that provides an additional security layer by protecting secret data using asymmetric encryption (a public/private key pair) where the private key is a human-generated password. This feature is independent of regular permissions, Secret Server login access, or physical access to the machine running Secret Server.

A shortcut way of thinking about quantumlocks is as an extra password for secrets that is held by a set group of users. In addition, both the password and the group of users are reusable for other secrets. In addition, quatumlocks future-proof our digital security infrastructure against the advancing capabilities of quantum computing.

Quantumlock is an upgrade of the earlier doublelock feature. Besides the name change, the difference is quantumlock offers the option to use a quantum-safe algorithm for encapsulation to protect the private key, specifically CRYSTALS Kyber-1024, which is designed to counter the potential threat from quantum computers to current encryption methods. That threat is closer than you might think—"harvest now, decrypt later" attacks steal encrypted data now for later decryption by quantum computers.

The private key being protected by Kyber-1024 is a human-generated user password. Once encapsulated (encrypted) that password is called a cyphertext. Once that private key is decapsulated (decrypted), it is used by a symmetric algorithm, such as AES-256, to decrypt the protected data. This two-step process (key encapsulation followed by symmetric encryption) applies the strengths of both asymmetric (for secure, fast key exchange) and symmetric cryptography (for efficient message encryption), providing a robust, efficient method for secure communication.

Today's asymmetric-key encapsulation methods, such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), rely on the difficulty of solving mathematical problems, such as factoring large numbers or solving discrete logarithms, with classical computers. However, quantum computers, which operate on principles of quantum mechanics, could solve these problems much faster, rendering these encapsulation methods vulnerable.

Quantum-safe or post-quantum (PQ) algorithms are cryptographic methods that are believed to be secure against quantum computer attacks. They are based on mathematical problems that are considered difficult for both classical and quantum computers to solve, ensuring the security of encapsulated keys, even in the era of quantum computing. PQ algorithm types include lattice-based cryptography, hash-based cryptography, code-based cryptography, and multivariate polynomial cryptography, among others.

Kyber-1024's resistance to quantum attacks is, by design, approximately the same as AES-256's resistance to conventional computer attacks.

The PQ cryptographic algorithm Kyber-1024 is specifically designed for key-encapsulation mechanisms (KEM), a process where a key is encapsulated (encrypted ) with a public key, sent over an insecure channel, and then decrypted with a private key. Typically a symmetric key algorithm, such as AES-256 (Advanced Encryption Standard) , is used for encrypting the message content itself because symmetric-key algorithms are faster and more efficient for large amounts of data than asymmetric-key algorithms. Algorithms like AES are examples of symmetric cryptography.

You might wonder how well protected the encrypted data at rest is to quantum-computer attacks. Symmetric algorithms, such as AES, are PQ if their keys are sufficiently long, which is not an issue with their typical use cases.
The Kyber algorithm comes in different security levels, and Kyber-1024 specifically aims at security roughly equivalent to AES-256, with a private key size of 3168, a public key size of 1568, and a ciphertext size of 1568. It is part of Cryptographic Suite for Algebraic Lattices (CRYSTALS), which is a package submitted to the NIST post-quantum standardization effort.

Comparing RSA-2048 to Kyber-1024

QuantumLock without the quantumlock feature enabled is essentially the same as its predecessor, doublelock, and relies on RSA-2048 for key encapsulation.

Comparing the encryption, decryption, and key-generation speeds of RSA-2048 and Kyber-1024 involves understanding the efficiency of these algorithms under practical implementations. The specific speeds can vary based on the software and hardware used for the implementation, but here is a general overview based on their cryptographic principles and typical use cases.

RSA-2048

  • Key Generation: RSA-2048 key generation is relatively slow because it involves finding two large prime numbers and calculating their product along with other related mathematical operations. This process is computationally intensive.

  • Encapsulation: RSA-2048 encryption is faster than its key generation. However, compared to Kyber-1024, RSA-2048 encryption is usually slower because it involves modular exponentiation, which is a heavy operation especially for large key sizes like 2048 bits.

  • Decapsulation: RSA-2048 decryption is also computationally intensive, similar to encryption, because it requires modular exponentiation. RSA decryption is generally slower than encryption due to the nature of the private key operations.

Kyber-1024

  • Key Generation: Kyber-1024 generally has faster key generation than RSA-2048. This efficiency comes from its use of lattice-based cryptography, which involves operations on vectors and matrices that are more efficient than the prime number operations in RSA.

  • Encapsulation: Kyber-1024 is designed for fast encryption operations. It uses simple arithmetic operations on small integers, making it very efficient and faster than RSA-2048 encryption.

  • Decapsulation: Like its encryption, Kyber-1024 decryption is also fast and efficient. The algorithm benefits from the same lattice-based operations, optimized for quick decryption times.

Summary

  • RSA-2048 is generally slower across all three operations compared to Kyber-1024. The difference in speed is primarily due to RSA's reliance on large prime numbers and modular arithmetic, which are computationally heavier, especially as key sizes increase to improve security.

  • Kyber-1024, being a post-quantum algorithm designed with efficiency in mind, uses lattice-based cryptography that allows for quicker key generation, encryption, and decryption operations. This makes it particularly suitable for environments where speed and efficiency are critical.

While Kyber-1024 offers advantages in speed and quantum resistance, the choice between RSA-2048 and Kyber-1024 (or any cryptographic algorithm) depends on the specific security requirements, computational resources, and threat models relevant to the application in question.

When to Use QuantumLock

Both Kyber-1024 and RSA-2048 QuantumLocks

Enabling quantumlock (or the earlier doublelock) on any secret only grants users access if they have access to the quantumlock and enter their quantumlock password. Enabling quantumlock disables the RPC features for the secret. It also prevents heartbeat. Thus, quantumlock should not be used for secrets that require a password rotation or heartbeat check.

QuantumLock use cases include:

  • Global admin passwords

  • Root account passwords

  • Bank account passwords

  • PINs, Social Security numbers, or other personal information.

When users protect secrets with quantumlock, only that user has access to the secret. If multiple users are in a group, members have access to the secret, but each will have their own unique quantumlock.

Even an administrator or a user with unlimited admin privileges cannot recover a quantumlocked secret if the user forgets his or her password. If there is a single user in a quantumlock group and that user account is deleted, those secrets will not be accessible by anyone! Thus, we recommend adding at least two users to the group to be safe.

Kyber-1024 QuantumLocks

Enabling the PQ feature of quantumlock depends on your circumstances. NIST believes quantum computers could break current public key encryption as early as 2025 or as late as 2030. It might be wise to apply it sooner rather than later for long-term data and devices. However, Kyber-1024 is not yet an industry standard, and RSA-2048 is currently uncrackable.