Acquisition International - Issue 11 2021 65 sep21910 For Quantum Security astle Shield Holdings, LLC., has successfully integrated post- quantum cryptography (PQC) into its Aeolus VPN enterprise data-in-motion solution. Aeolus VPN now offers point-to-point asymmetric PQC and symmetric encryption for UDP and TCP on Windows, Linux andmacOS platforms. Aeolus VPNoffers a streamlined approach to privacy which results in more stability and lower latency that is a perfect addition to enterprise data-in-motion security for both classic and post-quantum computing environments. Post-Quantum Cryptography refers to a set of classical cryptographic asymmetric algorithms that are believed to be “quantum-safe,” meaning that they are expected to remain safe even in the presence of quantum computers. The National Institute of Standards and Technology (NIST) has narrowed down the original 69 submissions to 7 finalists and 8 alternate candidates. Castle Shield has integrated two of the NIST Round 3 finalists PQC asymmetric encryption. NIST will select a small subset of these algorithms that will form the core of the first post-quantum cryptography standards. Selected candidates from both the finalist and alternate groups will be announced in 2022 and 2024 respectively. NIST’s objective with PQC is to offer a secure mechanism for exchanging encryption keys that cannot be broken by quantum computers. Many applications today are protected by asymmetric encryption key exchange protocols known as “public key cryptography” or PKC. Examples include RSA, RSA-EC, DSA, DH, and ECDH. These protocols rely on the assumption that it would take today’s most powerful classical computers thousands of years to solve certain mathematical problems (e.g., factoring large numbers or computing a discrete logarithm). Quantumcomputers are expected to break these cryptographic schemes in short order. If quantum computers were widely available today, most, if not all digital communications using PKCs would potentially be compromised. While the date that quantum computers will be available is uncertain, it is important for companies, organizations, government entities, and individuals to start preparing for the impending quantum computing revolution. Castle Shield is taking a lead posture by packaging and productizing two of the PQC candidates and integrating them into off-the-shelf products. This demonstrates that Castle Shield has the capability to package and productize PQC algorithms. Given our encryption agnostic approach, Castle Shield will focus on the two leading candidates in each category and will update our use of the PQC’s as they evolve. Specifically, the current PQC algorithms fall under two categories: Key Encapsulation Mechanism (KEM) and Digital Signature Algorithm (DS). The current PQC Finalist candidates are: Public-Key Encryption/KEMs • Classic McEliece • CRYSTALS-KYBER • NTRU • SABER Digital Signatures/DSAs • CRYSTALS-DILITHIUM • FALCON • RAINBOW C Castle Shield implemented PQC SABER/KEM into Aeolus VPN. SABER characteristics include the following: Parameter set Public key size (bytes) Secret key size (bytes) Ciphertext size (bytes) Light Saber 672 1568 736 Saber 992 2304 1088 FireSaber 1212 3040 1472 Customers can choose which SABER parameter to configure into Aeolus VPN based on specific requirements of their organization. Our Aeolus VPN standard PQC configuration is SABER/KEM. Castle Shield has also packaged and productized CRYSTALS- DILITHIUM/DSA. We are in the late stages of testing, and we will announce the availability of product(s) using CRYSTALS-DILITHIUM/ DSAat a later date. With SABER/KEMand CRYSTALS-DILITHIUM/DSA, we now have a PQC algorithm for both the KEM and DSA categories. In Closing, “While many corporations and government agencies are focused on the asymmetric key exchange when preparing for the quantum era, Castle Shield has adopted a holistic cryptographic approach by including quantum-resistant encryption algorithms for both asymmetric and symmetric ciphers. It is true that symmetric ciphers, like the Advanced Encryption Standard (AES), are thought to be less vulnerable in the early part of the quantum era; however, Castle Shield has decided to offer solutions with both asymmetric (PQC) and symmetric encryption that are mathematically quantum-resistant. Customers can choose to enable both types of encryptions based on their specific needs. Castle Shield is currently the only cybersecurity solutions provider to offer quantum-resistant algorithms for both. In a world where data breaches, ransomware, and other cyberattacks are occurring daily, protecting our customer’s most valued asset, their data, should not be left to chance,” said Dr. Milton Mattox, Chief Technology Officer at Castle Shield, Holdings, LLC. Aeolus VPN with PQC is available today for beta testing and proofs of concept. Customers may choose any one of the symmetric ciphers based on their needs. Aeolus VPN with PQC runs on Linux, Windows, macOS and works with both TCP and UDP which enables enterprises to securely encrypt point-to-point data-in-motion connections without compromising performance and flexibility.