Tackling security problems is challenging, and cryptography is a field with significant potential impact. A long time ago, an open-source developer advised me not to work on cryptography unless I had at least a master’s degree.

Liboqs- The library behind the scene

Liboqs is a new cryptographic library designed to protect against the threat posed by quantum computers, which can decrypt your communications and invade your privacy through advanced mathematical techniques. How serious is the threat of quantum computers? In reality, anyone can store your encrypted traffic today and decrypt it once they can access a quantum computer. Some large companies are already offering access to these experimental quantum computers.

Liboqs is maintained by cyberstorm.mu & the University of Mauritius research group Resilient and Innovative Computing Research Group (RICRG)

(https://www.uom.ac.mu/FOICDT/index.php/research-groups?view=article&id=88&catid=16)

Ritesh Gomind & Sheik Muhammad Ali Koheeallee are 2 students from the University of Mauritius who are working on research into Quantum computer-resistant cryptography and they make sure that Liboqs is properly taken care of in “pkgsrc”, which is NetBSD’s package manager.

One of the challenges in implementing a security fix for a cryptographic library is the variation in architectures and compiler technologies. NetBSD is an excellent platform for this task, as it allows you to work on multiple computers and test for code breakage. Notably, NetBSD continues to support 32-bit Intel computers, whereas Linux is phasing out support for them.

In brief, Implementing a security fix for a cryptographic library is akin to building a robust bridge that needs to withstand different weather conditions and terrain types. Each architecture and compiler technology represents a unique challenge in ensuring the bridge’s stability and safety. NetBSD acts like a versatile construction site, enabling engineers to construct and test bridges across various environments and conditions. Importantly, NetBSD still supports 32-bit Intel computers, unlike Linux, which is gradually retiring its support for these older systems, adding another layer of complexity to the construction process.

The security issue, codename CVE-2024-36405, involves the leakage of the Kyber secret key, an algorithm designed to be resistant to quantum computers. Someone managed to write code that exploits this vulnerability. NIST recognized the severity of the issue and assigned a CVE. Thanks to Cyberstorm.mu deep involvement, we learned about the security issue earlier than most and worked around the clock to experiment with the proposed fix and analyze the problem.

No code is perfect, especially cryptographic code, which is highly sensitive. Compilers often struggle to fully understand the intricacies of cryptographic code, making it challenging to ensure its correctness. Additionally, testing cryptographic code poses its own set of difficulties.

Post-Quantum Cryptography in Mauritius

Mauritius is now recognized as being very active in post-quantum cryptography, an area where many countries, such as Singapore, are setting firm deadlines for the transition to protect sensitive data, including banking transactions. We would like to extend our gratitude to the University of Mauritius and the Resilient and Innovative Computing Research Group (RICRG) for their partnership. Additionally, other universities, including the University of Mascareignes and the University of Technology, are joining us in this effort.

A legitimate question arises: why didn’t Cyberstorm.mu share details earlier within Mauritius? Due to the nature of our work, we are bound by confidentiality agreements. People trust us with sensitive information about security issues, and this trust is based on our track record.

How many companies in Mauritius were aware of this issue? Cyberstorm.mu wished we could collaborate with them, but we currently lack an effective platform to facilitate cooperation among all companies on such matters.

Article by Loganaden Velvindron, Member of cyberstorm.mu