An Update on Post-Quantum Work at Dashlane
As technology advances, so does the need for stronger and more secure methods of encryption. With the advent of quantum computing, traditional cryptographic methods may soon become obsolete, making it crucial for businesses to prepare for post-quantum cryptography.
One challenge with post-quantum cryptography is that every piece of information that’s encrypted today and intended to remain secret for many years is at risk of being broken in the future.
At Dashlane, we understand the importance of staying ahead of the curve, which is why we’re working toward implementing post-quantum cryptography in our password manager.
We already shared some of our work in past articles:
- Our first explorations and the playground we built, which you can find on Github
- How we have been integrating post-quantum cryptographic algorithms into Dashlane sharing
What to know about quantum computing
Before we dig into our progress, let’s start with a refresher on why this matters.
First, let's recap what quantum computing is and why it poses a threat to traditional encryption methods. Quantum computers use quantum bits (qubits) to process information in a way that will, in the future, allow them to perform certain tasks exponentially faster than classical computers. This includes breaking some cryptographic algorithms currently considered secure. For example, the widely used RSA and ECC encryption algorithms could one day be broken by a quantum computer.
To address this, researchers have been developing post-quantum cryptographic algorithms resistant to quantum attacks. These algorithms use different mathematical approaches than traditional encryption methods and rely on complex mathematical problems that cannot be solved efficiently by a quantum computer. The National Institute of Standards and Technology (NIST) in the U.S. has been evaluating those new algorithms. The goal is to identify and standardize one or more quantum-resistant cryptographic algorithms.
An update on what Dashlane is doing to prepare
Some parts of the Dashlane application, such as the ability to share credentials between users, rely on cryptographic algorithms that may be impacted in the future. To prepare for a post-quantum world, we have developed a working post-quantum sharing mechanism that’s now cross-platform compatible, between our Android app and our web extension. This is a critical use case for us since we must be able to share credentials in a secure way between various platforms and ecosystems.
The next challenge is to clarify how we’ll roll this out to customers to ensure backward compatibility. Having full “cryptographic agility” is not easy. We must ensure our implementation is compatible cross-platform and also with existing systems and applications. We need to protect against “downgrade attacks” in which a client application would be tricked into using legacy cryptography by pretending the receiving client doesn’t support post-quantum secure cryptography.
Also, in the case of sharing, there are different questions to solve:
- How do you manage credentials that were previously shared?
- How do you ensure proper sharing between customers that might have different versions of applications and different post-quantum support?
As such, we’re working to ensure our platform can support both traditional cryptographic methods and post-quantum cryptography, allowing us to make a smooth transition as the technology advances.
Another important consideration is the validation of post-quantum cryptographic algorithms. NIST is still in the process of evaluating and standardizing post-quantum cryptographic algorithms. The candidate algorithms to be standardized were announced on July 5, 2022 but it’s unclear yet when that “round 4” will complete. Once the algorithms are validated, we’ll be able to implement them with greater confidence.
At Dashlane, we take security seriously, and we are committed to providing our users with the highest level of protection possible. We’ll continue to monitor the development of post-quantum cryptography and work toward implementing it in our platform as it becomes more widely adopted.
In conclusion, post-quantum cryptography is an important step toward securing our data in a quantum computing era. At Dashlane, we’re taking the necessary steps to prepare for this future, including developing and testing post-quantum cryptographic algorithms and ensuring backward compatibility. While there are still challenges to overcome, we’re confident our efforts will result in a more secure platform for our users.
Dive deeper into our security by reading our white paper, Dashlane’s Security Principles and Arch.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.