Preparing for the Quantum World

Last summer, we blogged about our explorations of quantum cryptography. As a reminder, quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks.

On Github, we released our exploration project that provides JS bindings and a playground of a post-quantum asymmetric cipher compiled in WebAssembly. The next step was to integrate this project into the Dashlane app. 

Before I go into the details of what we achieved, let me explain why it’s important to start preparing for a quantum world and what the implications are for Dashlane and our customers.

Quantum computing and the quantum threat

Researchers have been trying for many years to exploit the principles of quantum physics to build quantum computers capable of solving complex mathematical problems that existing computers and super calculators can’t solve. The research in that field has accelerated recently, and a breakthrough is on the horizon.

On the internet today, and more generally in computer sciences, infrastructure security is based on cryptographic algorithms that are essentially very complex mathematical problems. If a quantum computer is built, those mathematical problems will no longer be unsolvable, rendering the whole world of security obsolete. This is commonly called the Quantum Threat.

The good news is that today’s prototype quantum computers are still far from achieving it. However, we’re already facing two potential issues:

  • Retroactive attacks: A family of attacks called “store now, decrypt later” consist of storing the secured data today, then waiting for quantum computing to be available to crack the past encryption.
  • Impersonation attacks: Quantum computing could be used to forge signatures used in the authentication mechanisms of secure channels.

That’s why it’s time for organizations like Dashlane—whose mission is to secure important customer data—to look into the implications of quantum computing.

To transition smoothly from pre-quantum to post-quantum algorithms, we’re required to live in a hybrid world where we’ll support both approaches. This has been coined crypto-agility: the capability for a product to support both types of cryptography simultaneously and manage the transition without endangering customers.

National standardization bodies such as the National Institute of Standards and Technology (NIST) in the U.S. and ANSSI in France have published white papers on this topic. NIST, in particular, is leading an evaluation and standardization of one or more quantum-resistant public-key cryptographic algorithms. They are in round four of the evaluation and hoping to publish draft standards by the end of 2024.

Even if we’re early and there aren’t any proven quantum-resistant algorithms or viable quantum computers capable of breaking today’s cryptography yet, it isn’t too early to start preparing. We hypothesize that the world will face a new Y2K moment when this happens if services and providers aren’t prepared.

What about Dashlane?

Dashlane security relies on cryptographic primitives. They are core to safely securing our customers’ data. We use them in different ways:

  • Access to the user’s data requires using their Master Password. We derive an encryption key from the Master Password using Argon2d (or PBKDF2) to compute Advanced Encryption Standard (AES) keys. This symmetric AES-256-bit key is then used to encrypt and decrypt the user’s personal data on the user’s device.
  • When adding 2FA to your Dashlane account, we will generate additional AES-256-bit keys.
  • All communications between the Dashlane app and the Dashlane servers are secured with HTTPS, and the user data only travels in AES-256 encrypted form.
  • Dashlane’s sharing relies on asymmetric encryption.
    • Each user has a pair of public and private RSA 2048-bit keys.
      • Public keys are used to encrypt information only a specific user can decrypt.
      • Private keys are used to sign actions users are performing.
    • For each shared login or Secure Note, an intermediary AES-256-bit key is created and used to perform data encryption and decryption.
  • Sharing data with a group of users follows the same security principle: Use a user’s RSA public and private keys to send protected AES keys, sign a user’s action, and use intermediary AES keys to exchange data.
  • SSO integration with Dashlane also relies on symmetric keys to encrypt and decrypt user data.

As you can see, we have a lot of cryptography in Dashlane. Check our security white paper for more details.

In practice, quantum computing mostly puts asymmetric cryptography at risk. With today’s knowledge, it’s assumed we could mitigate the threats on symmetric cryptography and ensure it’s resistant to quantum computing. This means the main encryption of the Dashlane vault isn’t at risk. The danger is related to our use of asymmetric cryptography, particularly in the context of sharing.

Post-quantum sharing

Because sharing relies on asymmetric cryptography, our follow-up experimentation focused on how to build a hybrid quantum-resistant sharing capability in Dashlane.

We are proud to announce we successfully prototyped quantum-resistant sharing in our Android app and web extension.

Without going into too many technical details, we’ve been adding to existing cryptographic flows in Dashlane to support a hybrid model compatible with today’s cryptographic risks and potential future quantum attacks.

  • We’re creating new private/public keys based on RSA, Kyber, and Falcon. First, every message is encrypted with RSA and signed with an RSA signature. Then, it is encrypted with AES-256 using Kyber (KEM) and signed with Falcon.
  • When we want to decrypt, we must first decrypt the AE-S256 with Kyber (KEM) and verify the Falcon signature. Then, we can do the usual flow: decrypt with RSA and check the RSA signature.

The current system is still valid and reinforced with a quantum-safe cryptography layer. If one of the two systems breaks, there’s still one in place to ensure the security and integrity of users’ data.

We aren’t going to ship these prototypes to production just yet. This is still in research and development, and we have many additional challenges to overcome. Most important is to ensure cross-platform compatibility and full crypto-agility so that no matter the Dashlane client applications the customer is using, sharing will work perfectly—while being resistant to both today’s traditional threats and tomorrow’s quantum ones.

We will keep sharing our experimentations and our learnings along the way. This is cutting-edge technology in the field of cybersecurity, and we’re proud to embark on the journey to a quantum world.