You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

AnonAcct's avatar
AnonAcct
New member | Level 1
7 days ago
Status:
Gathering Support

Enable Post-Quantum Cryptography

Enable post quantum cryptography at various layers (TLS, etc).. A few recent resources that may be of interest to bump up roadmap priority Cloudflare’s recent implementation: https://pq.cloudfl...
Account Settings
desktop
dropbox
Hannah's avatar
Hannah
Icon for Dropbox Staff rankDropbox Staff

Hey AnonAcct, thanks for posting here and happy new year!

Can you give us some clarifications on your idea?

How do you expect this to be utilized by Dropbox? 

Any additional info on how you'd like this to work, would be really helpful.

Thanks.

AnonAcct's avatar
AnonAcct
New member | Level 1
5 days ago


Hi Hanna, 
Quantum computers can potentially break asymmetric cryptography (public/private key) systems / (TLS key exchange mechanisms), etc in the future. TLS (encryption used to protect network traffic) is at risk, particularly its key exchange mechanisms, etc, for example. This even potentially applies to data today with Harvest Now Decrypt Later (HNDL): 
Source: https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later .

It sounds like science fiction, but the threat/risk is being taken seriously by NIST (the US Government), Google, Cloudflare, Apple, and many others, don't take my word for it! 

Under the US Government, NIST has recently announced new standards in August, 2024 (as I understand it, these were 8 years in the making):

US Government source: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

Google Has a wealth of resources:
Source: https://cloud.google.com/security/resources/post-quantum-cryptography

Here is an approachable Google Podcast on the general subject with a host with a PhD in Quantum Mechanics changing his mind about the potential threat:

Source: https://cloud.withgoogle.com/cloudsecurity/podcast/ep164-quantum-computing-understanding-the-very-serious-threat-and-post-quantum-cryptography/

Dropbox could start by leading/exploring its use of TLS to support network encryption and perhaps at least start a proof of concept (POC) to implement Quantum Secure Encryption as is being done by Cloudflare here:

Source: https://pq.cloudflareresearch.com
This may be a good way for you to start testing it with a toe in the water.

Dropbox should consider any other systems it maintains that may be at risk - and alert partners of the concern (if warranted).

Source: Cloudflare has many useful/detailed blog posts tagged on the topic here: https://blog.cloudflare.com/tag/post-quantum

It would be great for Dropbox to be among the leaders in this concern as many depend on you to keep their data secure.

Thank you for your reply and your consideration!