"First, it's marketing to the victim. 'Post-quantum encryption' sounds a lot scarier than 'we used AES,' especially to non-technical decision-makers who might be evaluating whether to pay. It's a psychological trick. They're not worried about someone breaking the encryption a decade from now. They want payment within 72 hours."
"Second, implementation cost is low. Kyber1024 libraries (renamed to ML-KEM) are available and well-documented. Ransomware doesn't encrypt your files directly with Kyber1024. That would be slow. Instead, it generates a random AES key, encrypts your files with that AES key, and encrypts that AES key with Kyber1024."
"Despite the hype, Kyber suggests that PQC is attracting the attention of less technically inclined attorneys and executives deciding how to respond to ransom demands. Kyber developers are hoping the impression that the encryption has overwhelming security will influence payment decisions."
Kyber developers have chosen a post-quantum cryptography (PQC) key-exchange algorithm primarily for marketing purposes rather than practical benefits. Quantum computers capable of breaking current encryption methods are still years away. The actual implementation of encryption in ransomware involves using AES keys, with Kyber1024 serving as a secondary layer. This approach is cost-effective and easy to implement, allowing developers to create a perception of advanced security that appeals to non-technical decision-makers, despite the actual risks being minimal in the near term.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]