You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Enable post quantum cryptography at various layers (TLS, etc)..
A few recent resources that may be of interest to bump up roadmap priority
Cloudflare’s recent implementation: https://pq.cloudflareresearch.com
Another helpful background resource: https://www.pqconnect.net/crypto.html
A couple helpful Cloudflare blog posts:
https://blog.cloudflare.com/pq-2024
https://blog.cloudflare.com/nists-first-post-quantum-standards
Google Willow blog post (see the section on the compute power): https://blog.google/technology/research/google-willow-quantum-chip
Thank you for your consideration!
Let’s Encrypt community Post Quantum Encryption discussion (includes many useful links):
“The current weak spots in the ecosystem, and the immediate target of improvements, are all in the [TLS] key exchanges.” [1]
Hi Hanna,
Quantum computers can potentially break asymmetric cryptography (public/private key) systems / (TLS key exchange mechanisms), etc in the future. TLS (encryption used to protect network traffic) is at risk, particularly its key exchange mechanisms, etc, for example. This even potentially applies to data today with Harvest Now Decrypt Later (HNDL):
Source: https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later .It sounds like science fiction, but the threat/risk is being taken seriously by NIST (the US Government), Google, Cloudflare, Apple, and many others, don't take my word for it!
Under the US Government, NIST has recently announced new standards in August, 2024 (as I understand it, these were 8 years in the making):
US Government source: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standardsGoogle Has a wealth of resources:
Source: https://cloud.google.com/security/resources/post-quantum-cryptographyHere is an approachable Google Podcast on the general subject with a host with a PhD in Quantum Mechanics changing his mind about the potential threat:
Source: https://cloud.withgoogle.com/cloudsecurity/podcast/ep164-quantum-computing-understanding-the-very-serious-threat-and-post-quantum-cryptography/Dropbox could start by leading/exploring its use of TLS to support network encryption and perhaps at least start a proof of concept (POC) to implement Quantum Secure Encryption as is being done by Cloudflare here:
Source: https://pq.cloudflareresearch.com
This may be a good way for you to start testing it with a toe in the water.Dropbox should consider any other systems it maintains that may be at risk - and alert partners of the concern (if warranted).
Source: Cloudflare has many useful/detailed blog posts tagged on the topic here: https://blog.cloudflare.com/tag/post-quantum
It would be great for Dropbox to be among the leaders in this concern as many depend on you to keep their data secure.
Thank you for your reply and your consideration!
Please note, In July, 2022 CISA (US Government) posted "Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now"
https://www.cisa.gov/news-events/alerts/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum-based-threatsThe NIST (US government) standard was published in Aug, 2024: (linked above)
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
