Mastercard Develops Quantum-Safe Payment Cards

Swan wrote:

IBdaMann wrote:

Swan wrote:LOL I did not say that, I reposted what another person said.

... and in so doing, you made it your own.

So are you now admitting that you really have been mindlessly regurgitating what you have been told to believe? Are you now admitting that you have no rational basis for believing any of the absurd things you have been spouting about "entanglement" and "quantum computing"?

Why did you allow yourself to be so gullible when all you had to do was demand the architectures and immediately realize you were being taken for a ride?

So whatever I post becomes my own, ok now I understand.
...deleted spam...

MASTERCARD'S NEW CARD: SAFER FROM QUANTUM ATTACKS?
4 Comments by: Lewin Day
October 25, 2022

Quantum computers present a unique threat to many aspects of modern information technology. In particular, many cryptographic systems could be at risk of compromise in the event a malicious actor came into possession of a capable quantum computer.

Mastercard is intending to stay ahead of the game in this regard. It has launched a new contactless credit card that it says is impervious to certain types of quantum attack.


HACK-PROOF?
The card is based on new industry standards from EMVco, a technical body that works in the secure payment space. Known as the EMV Contactless Kernel Specifications, they outline functionality for payment devices like ATMs and point-of-sale terminals to process transactions. The specification includes a new "Secure Channel" method of communication between card and reader that aims to protect against common attacks like eavesdropping, relay, and man-in-the-middle attacks. The new cards are intended to be compatible with existing payment hardware out in the field.

The main highlight of the new cards, though, is in how they operate, cryptographically speaking. Traditionally, payment card systems have relied on public-key cryptography, using methods like the ever-popular RSA algorithm. As explained in our public key encryption primer, the theory is simple. A private key is two prime numbers, and the public key is their product. Encrypt a message using the public key, and it can only be decrypted with the prime numbers in the private key. The problem for attackers is that even though they know the public key, it's very difficult to figure out the private key, simply because finding two large prime factors of an even larger number is hard.


IBM quantum computer, with 50 qubits. Your credit card is safe, for now.
That is, unless you have the help of a quantum computer. A quantum computer with a sufficient number of qubits can run Shor's algorithm to quickly find prime factors of very large numbers. This can be used to reveal the private key for a wide variety of encryption algorithms. This would crack open everything from world financial systems to the encrypted documents of governments and companies around the globe. The one benefit we currently have is that no quantum computer with enough entangled qubits yet exists to break our commonly-used algorithms. Experts believe it's only a matter of time, however, and even the US government is rapidly moving to alternative quantum-secure encryption methods.

Mastercard's new plastic will thus shift towards new algorithms it says are "quantum-resistant," and thus not subject to these attacks. This will also involve the use of longer key lengths to further increase the robustness of the encryption method. Ease of use is also important, though, so the new system will keep the authentication process to under 0.5 seconds.

Interestingly, the documentation from EMVco indicates that the new cards will include Elliptic Curve Cryptography (ECC) for authentication purposes. Traditional ECC is not actually considered quantum-secure. In fact, for the key lengths currently in common use, ECC is likely slightly easier to break than RSA with a quantum computer.

So it could just be marketing bluster from Mastercard. It would seem foolhardy for one of the world's largest payment processors to roll out new technology that was already known to be incapable of solving the stated problem. Instead, it's perhaps more likely that Mastercard is using some new variant of ECC that is potentially secure against typical quantum computing attacks. Various ideas have sprouted in this area, though some have recently been proven insecure. Maybe they are focusing on some other algorithm, but will also support ECC. But then how to stop degrade attacks?

Overall, it's a good thing that companies like Mastercard are already pursuing quantum security. Rolling out such infrastructure takes plenty of time, after all. Plus, once a quantum computer is up and running in the hands of a malicious actor, it will be far too late to act. However, at the same time, new encryption methods must be rigorously explored to ensure they indeed deliver on the security we need them to have. Here's hoping the new cards have been subject to such due diligence.

HarveyH55 wrote:Follow the link, comments are pretty informative as well. Basically, quantum computers are currently expensive toys. Still a long way off from being an actual threat. How many credit cards need be hacked, to pay for the tools needed to crack them?

IBdaMann wrote:

HarveyH55 wrote:Follow the link, comments are pretty informative as well. Basically, quantum computers are currently expensive toys. Still a long way off from being an actual threat. How many credit cards need be hacked, to pay for the tools needed to crack them?

The cost of tools is no longer an issue. The tools have already been developed/created. It's simply a matter of acquiring those existing tools and configuring them for your purposes. Some examples:

I witnessed a demonstration given by a particular vendor that adapted an infrared camera for the intelligence community. A miniature (reasonably hidden) camera can capture an image of a keyboard/keypad that discerns what keys were just pressed ... and in what order ... from the increased (and fading) temperature of those keys. While the intelligence community has its own uses for such a device, the demonstration focused on how easy it is to capture PINs.

While PINs are for debit cards and not so much for credit cards, an effective way to attack credit cards is to hack WiFi networks. Tools for that are ubiquitous.

13 popular wireless hacking tools

HarveyH55 wrote:
https://hackaday.com/2022/10/25/mastercards-new-card-safer-from-quantum-attacks/

MASTERCARD'S NEW CARD: SAFER FROM QUANTUM ATTACKS?
4 Comments by: Lewin Day
October 25, 2022

Quantum computers present a unique threat to many aspects of modern information technology. In particular, many cryptographic systems could be at risk of compromise in the event a malicious actor came into possession of a capable quantum computer.

Mastercard is intending to stay ahead of the game in this regard. It has launched a new contactless credit card that it says is impervious to certain types of quantum attack.


HACK-PROOF?
The card is based on new industry standards from EMVco, a technical body that works in the secure payment space. Known as the EMV Contactless Kernel Specifications, they outline functionality for payment devices like ATMs and point-of-sale terminals to process transactions. The specification includes a new "Secure Channel" method of communication between card and reader that aims to protect against common attacks like eavesdropping, relay, and man-in-the-middle attacks. The new cards are intended to be compatible with existing payment hardware out in the field.

The main highlight of the new cards, though, is in how they operate, cryptographically speaking. Traditionally, payment card systems have relied on public-key cryptography, using methods like the ever-popular RSA algorithm. As explained in our public key encryption primer, the theory is simple. A private key is two prime numbers, and the public key is their product. Encrypt a message using the public key, and it can only be decrypted with the prime numbers in the private key. The problem for attackers is that even though they know the public key, it's very difficult to figure out the private key, simply because finding two large prime factors of an even larger number is hard.


IBM quantum computer, with 50 qubits. Your credit card is safe, for now.
That is, unless you have the help of a quantum computer. A quantum computer with a sufficient number of qubits can run Shor's algorithm to quickly find prime factors of very large numbers. This can be used to reveal the private key for a wide variety of encryption algorithms. This would crack open everything from world financial systems to the encrypted documents of governments and companies around the globe. The one benefit we currently have is that no quantum computer with enough entangled qubits yet exists to break our commonly-used algorithms. Experts believe it's only a matter of time, however, and even the US government is rapidly moving to alternative quantum-secure encryption methods.

Mastercard's new plastic will thus shift towards new algorithms it says are "quantum-resistant," and thus not subject to these attacks. This will also involve the use of longer key lengths to further increase the robustness of the encryption method. Ease of use is also important, though, so the new system will keep the authentication process to under 0.5 seconds.

Interestingly, the documentation from EMVco indicates that the new cards will include Elliptic Curve Cryptography (ECC) for authentication purposes. Traditional ECC is not actually considered quantum-secure. In fact, for the key lengths currently in common use, ECC is likely slightly easier to break than RSA with a quantum computer.

So it could just be marketing bluster from Mastercard. It would seem foolhardy for one of the world's largest payment processors to roll out new technology that was already known to be incapable of solving the stated problem. Instead, it's perhaps more likely that Mastercard is using some new variant of ECC that is potentially secure against typical quantum computing attacks. Various ideas have sprouted in this area, though some have recently been proven insecure. Maybe they are focusing on some other algorithm, but will also support ECC. But then how to stop degrade attacks?

Overall, it's a good thing that companies like Mastercard are already pursuing quantum security. Rolling out such infrastructure takes plenty of time, after all. Plus, once a quantum computer is up and running in the hands of a malicious actor, it will be far too late to act. However, at the same time, new encryption methods must be rigorously explored to ensure they indeed deliver on the security we need them to have. Here's hoping the new cards have been subject to such due diligence.

S
Follow the link, comments are pretty informative as well. Basically, quantum computers are currently expensive toys. Still a long way off from being an actual threat. How many credit cards need be hacked, to pay for the tools needed to crack them?

HarveyH55 wrote:

IBdaMann wrote:

HarveyH55 wrote:Follow the link, comments are pretty informative as well. Basically, quantum computers are currently expensive toys. Still a long way off from being an actual threat. How many credit cards need be hacked, to pay for the tools needed to crack them?

The cost of tools is no longer an issue. The tools have already been developed/created. It's simply a matter of acquiring those existing tools and configuring them for your purposes. Some examples:

I witnessed a demonstration given by a particular vendor that adapted an infrared camera for the intelligence community. A miniature (reasonably hidden) camera can capture an image of a keyboard/keypad that discerns what keys were just pressed ... and in what order ... from the increased (and fading) temperature of those keys. While the intelligence community has its own uses for such a device, the demonstration focused on how easy it is to capture PINs.

While PINs are for debit cards and not so much for credit cards, an effective way to attack credit cards is to hack WiFi networks. Tools for that are ubiquitous.

13 popular wireless hacking tools

Might be true in some cases, and I'm sure some liberal university students are already working on ways to exploit their school's tools... But, to be serious, they'll never get direct access to any quantum computer, and will leave a log trail, of what and when the submitted a job to be run. The university is going to archive everything, because you never know what some geek will come up with. Sometimes they come up with amazing stuff, and aren't intelligent enough to realize it at the time. Outside the university, someone is going to have to invest millions for their own quantum computer, geeks to run it, and such. Not exactly pocket change, nor are they likely just looking to see if it can be done, without some possible return on their invested millions. Personally, I think these quantum toys are a long way from being available and usable by most people. A very high degree of precision is required throughout, to get anything meaningful done. Someone needs to check an calibrate, probably quite often. Doubt it's just a one-time setup, and good for months. Pretty sure these will be lab-environment instruments for a long time. Really looks like the don't figure on many people going to the bother, when they can just rent time on somebody's computer, as needed. Just cheaper, and less bother. Besides, it's 'Cloud' based, and totally secure...

I remember when parallel-processing started to become a 'thing'... People were hooking up a lot of processors, and getting impressive results. Would be long before we had faster processors in our desktops, than the most advance supercomputers of the time. We got to microprocessors with 4 cores on our desktops, and the was pretty much where it stalled. I don't doubt there are processors with more than 4 cores available, or in use, but not something used by many. Our need for speed never goes away. Not sure what road-block parallel-processing ran into, but suspect a quantum computer would need to get past it, to be useful. I'm pretty sure that what they are calling 'quantum computers' is a little mis-leading, for what they are actually doing. Might work on the same concept, behave as the theories explain, but they aren't actually doing it.