Post-Quantum Cryptography Threat Model
Version: 1.0
Last Updated: 2025-08-28
Security Classification: PUBLIC
Author: MetaMUI Security Team
Executive Summary
This document defines the comprehensive threat model for post-quantum cryptographic implementations in the MetaMUI ecosystem. It identifies quantum and classical threats, analyzes attack vectors, and establishes security assumptions for PQC deployments.
Threat Actors
Quantum-Capable Adversaries
| Actor Type | Capabilities | Timeline | Threat Level |
|---|---|---|---|
| Nation-State | Large-scale quantum computers (1000+ qubits) | 2030-2035 | Critical |
| Advanced Persistent Threats | Access to cloud quantum computing | 2028-2030 | High |
| Criminal Organizations | Limited quantum resources | 2035+ | Medium |
| Research Institutions | Experimental quantum systems | Current | Low |
Classical Adversaries
| Actor Type | Capabilities | Current Threat |
|---|---|---|
| Nation-State | Massive computational resources | High |
| APT Groups | Advanced cryptanalysis capabilities | High |
| Criminal Syndicates | Distributed computing networks | Medium |
| Individual Hackers | Standard computing resources | Low |
Quantum Threats
1. Shor’s Algorithm
Threat Description: Polynomial-time factorization and discrete logarithm solving
Affected Algorithms:
- RSA (all key sizes)
- ECDSA/ECDH (all curves)
- DSA
- ElGamal
Impact on PQC: None - PQC algorithms designed to be Shor-resistant
Mitigation:
def assess_shor_vulnerability(algorithm: str) -> dict:
"""Assess vulnerability to Shor's algorithm"""
vulnerable = {
'rsa': {'quantum_complexity': 'polynomial', 'broken': True},
'ecdsa': {'quantum_complexity': 'polynomial', 'broken': True},
'ml-kem': {'quantum_complexity': 'exponential', 'broken': False},
'dilithium': {'quantum_complexity': 'exponential', 'broken': False}
}
return vulnerable.get(algorithm.lower(), {'unknown': True})
2. Grover’s Algorithm
Threat Description: Quadratic speedup for brute-force searches
Impact:
- 128-bit symmetric keys → 64-bit effective security
- 256-bit symmetric keys → 128-bit effective security
Mitigation Strategy:
def grover_resistant_key_size(classical_bits: int) -> int:
"""Calculate Grover-resistant key size"""
# Need to double classical security bits
quantum_resistant_bits = classical_bits * 2
recommendations = {
128: 256, # AES-256 for 128-bit post-quantum security
192: 384, # Not standard, use 256
256: 512 # Future consideration
}
return recommendations.get(classical_bits, quantum_resistant_bits)
3. Quantum Period Finding
Threat Description: Attacks on hidden subgroup problems
Affected Systems:
- Discrete logarithm-based systems
- Some lattice reductions
PQC Resistance:
class QuantumPeriodFindingResistance:
"""Analyze resistance to quantum period finding"""
@staticmethod
def assess_algorithm(algorithm: str) -> bool:
"""Check if algorithm resists quantum period finding"""
resistant = {
'ml-kem': True, # Different hard problem
'dilithium': True, # SIS problem resistant
'falcon': True, # NTRU problem resistant
'slh-dsa': True, # Hash-based, no structure
'classic-mceliece': True, # Code-based
}
return resistant.get(algorithm.lower(), False)
Classical Threats
1. Implementation Attacks
Side-Channel Attacks:
class SideChannelThreats:
"""Model side-channel attack vectors"""
timing_attacks = {
'risk_level': 'high',
'affected_operations': ['key_generation', 'signing', 'decapsulation'],
'mitigation': 'constant_time_implementation'
}
power_analysis = {
'risk_level': 'medium',
'affected_platforms': ['embedded', 'iot', 'smartcards'],
'mitigation': 'power_randomization'
}
electromagnetic_emanation = {
'risk_level': 'medium',
'affected_range': '1-10 meters',
'mitigation': 'shielding_and_noise'
}
cache_timing = {
'risk_level': 'high',
'affected_systems': ['shared_hosting', 'cloud'],
'mitigation': 'cache_oblivious_algorithms'
}
Fault Injection:
class FaultInjectionThreats:
"""Model fault injection attacks"""
def assess_fault_resistance(self, algorithm: str,
implementation: str) -> dict:
"""Assess resistance to fault injection"""
vulnerabilities = {
'voltage_glitching': self.check_voltage_protection(),
'clock_glitching': self.check_clock_protection(),
'laser_fault': self.check_physical_protection(),
'rowhammer': self.check_memory_protection()
}
return {
'algorithm': algorithm,
'vulnerabilities': vulnerabilities,
'overall_risk': self.calculate_risk(vulnerabilities)
}
2. Cryptanalytic Attacks
Lattice Attacks:
class LatticeAttackAnalysis:
"""Analyze lattice-based attack vectors"""
def estimate_attack_cost(self, parameters: dict) -> dict:
"""Estimate classical attack cost on lattice problems"""
# BKZ attack cost estimation
n = parameters['dimension']
q = parameters['modulus']
# Core-SVP hardness
beta = self.optimal_bkz_blocksize(n, q)
classical_cost = 2 ** (0.292 * beta) # BKZ 2.0 estimate
quantum_cost = 2 ** (0.257 * beta) # Quantum speedup
return {
'classical_bits': math.log2(classical_cost),
'quantum_bits': math.log2(quantum_cost),
'blocksize': beta,
'secure': classical_cost > 2**128
}
Code-Based Attacks:
class CodeBasedAttackAnalysis:
"""Analyze code-based cryptosystem attacks"""
def information_set_decoding(self, n: int, k: int, t: int) -> float:
"""Estimate ISD attack complexity"""
# Prange's algorithm complexity
complexity = math.comb(n, t) * (n - k) ** 3
# Improved algorithms (Stern, May-Ozerov)
improved_complexity = complexity / (2 ** 20) # Approximate improvement
return math.log2(improved_complexity)
Hybrid System Threats
Algorithm Confusion Attacks
class HybridSystemThreats:
"""Threats specific to hybrid classical/PQC systems"""
def downgrade_attack_risk(self, protocol: dict) -> str:
"""Assess downgrade attack vulnerability"""
if not protocol.get('version_binding'):
return 'high'
if not protocol.get('algorithm_negotiation_authenticated'):
return 'high'
if protocol.get('fallback_allowed'):
return 'medium'
return 'low'
def algorithm_substitution(self, implementation: dict) -> list:
"""Identify algorithm substitution risks"""
risks = []
if not implementation.get('algorithm_validation'):
risks.append('unvalidated_algorithm_selection')
if implementation.get('dynamic_loading'):
risks.append('runtime_algorithm_substitution')
if not implementation.get('signature_on_parameters'):
risks.append('parameter_tampering')
return risks
Attack Scenarios
Scenario 1: Store-Now-Decrypt-Later (SNDL)
class SNDLAttackScenario:
"""Model Store-Now-Decrypt-Later attacks"""
def assess_risk(self, data_classification: str,
protection_lifetime: int) -> dict:
"""Assess SNDL risk for data"""
quantum_timeline = {
2025: 0.01, # Probability of quantum break
2030: 0.1,
2035: 0.5,
2040: 0.9
}
risk_score = 0
for year, probability in quantum_timeline.items():
if year <= 2025 + protection_lifetime:
risk_score = max(risk_score, probability)
return {
'classification': data_classification,
'protection_years': protection_lifetime,
'quantum_risk': risk_score,
'recommendation': 'immediate_pqc' if risk_score > 0.3 else 'planned_migration'
}
Scenario 2: Real-Time Key Exchange Attack
class RealTimeAttackScenario:
"""Model real-time quantum attacks on key exchange"""
def calculate_attack_window(self, protocol: str) -> dict:
"""Calculate time window for successful attack"""
if protocol == 'tls_1.3':
# Ephemeral keys with forward secrecy
return {
'window': 'session_duration',
'typical_time': '5-30 minutes',
'risk': 'low',
'mitigation': 'frequent_key_rotation'
}
elif protocol == 'ipsec':
# Longer-lived keys
return {
'window': 'sa_lifetime',
'typical_time': '8-24 hours',
'risk': 'medium',
'mitigation': 'hybrid_pqc_required'
}
Security Assumptions
Computational Assumptions
class PQCSecurityAssumptions:
"""Security assumptions for PQC algorithms"""
assumptions = {
'ml-kem': {
'problem': 'Module-LWE',
'assumption': 'No efficient quantum algorithm for M-LWE',
'confidence': 'high',
'years_studied': 15
},
'dilithium': {
'problem': 'Module-SIS',
'assumption': 'SIS problem remains hard quantumly',
'confidence': 'high',
'years_studied': 20
},
'falcon': {
'problem': 'NTRU',
'assumption': 'NTRU lattice problems quantum-hard',
'confidence': 'high',
'years_studied': 25
},
'slh-dsa': {
'problem': 'Hash collision',
'assumption': 'Hash functions remain one-way',
'confidence': 'very_high',
'years_studied': 40
}
}
Implementation Assumptions
class ImplementationAssumptions:
"""Security assumptions about implementations"""
required_assumptions = [
'Secure random number generation available',
'Constant-time operations properly implemented',
'Memory can be securely cleared',
'Compiler does not optimize security code',
'Hardware is not compromised',
'Side-channels are adequately protected'
]
def validate_assumptions(self, environment: dict) -> list:
"""Check which assumptions hold in environment"""
violations = []
if not environment.get('hardware_rng'):
violations.append('No hardware RNG available')
if environment.get('shared_hosting'):
violations.append('Shared environment side-channels')
if not environment.get('secure_compilation'):
violations.append('Compiler optimizations not controlled')
return violations
Risk Matrix
PQC Algorithm Risk Assessment
| Algorithm | Quantum Risk | Classical Risk | Implementation Risk | Overall |
|---|---|---|---|---|
| ML-KEM-768 | Very Low | Very Low | Medium | Low |
| Dilithium3 | Very Low | Very Low | Low | Very Low |
| Falcon-512 | Very Low | Very Low | High | Medium |
| SLH-DSA | Very Low | Very Low | Low | Very Low |
| Classic McEliece | Very Low | Very Low | Low | Very Low |
Deployment Risk Assessment
| Deployment Type | SNDL Risk | Active Attack Risk | Migration Risk |
|---|---|---|---|
| Long-term Storage | Critical | Low | High |
| TLS/HTTPS | Medium | Medium | Medium |
| Code Signing | High | Low | Low |
| Email Encryption | High | Low | Medium |
| VPN/IPSec | Medium | High | High |
Threat Mitigation Strategies
Defense in Depth
class DefenseInDepth:
"""Layered security approach for PQC"""
def build_defense_layers(self) -> list:
"""Construct defense layers"""
return [
{
'layer': 1,
'name': 'Algorithm Diversity',
'implementation': 'Use multiple PQC families'
},
{
'layer': 2,
'name': 'Hybrid Cryptography',
'implementation': 'Combine classical and PQC'
},
{
'layer': 3,
'name': 'Implementation Hardening',
'implementation': 'Side-channel countermeasures'
},
{
'layer': 4,
'name': 'Protocol Security',
'implementation': 'Authenticated algorithm negotiation'
},
{
'layer': 5,
'name': 'Monitoring',
'implementation': 'Anomaly detection and logging'
}
]
Threat Intelligence Integration
class ThreatIntelligence:
"""Integrate threat intelligence for PQC"""
def update_threat_landscape(self) -> dict:
"""Get current threat landscape"""
return {
'quantum_development': self.check_quantum_progress(),
'new_attacks': self.check_cryptanalytic_advances(),
'implementation_bugs': self.check_cve_database(),
'threat_actors': self.check_apt_activity(),
'recommendations': self.generate_recommendations()
}
def check_quantum_progress(self) -> dict:
"""Monitor quantum computing progress"""
return {
'current_qubits': 433, # IBM Osprey
'logical_qubits': 10, # Error-corrected
'threat_timeline': '5-10 years',
'confidence': 'medium'
}
Compliance Considerations
Regulatory Requirements
class ComplianceRequirements:
"""Track compliance requirements for PQC"""
requirements = {
'NIST': {
'mandate_date': '2024-2030',
'required_algorithms': ['ML-KEM', 'Dilithium', 'SLH-DSA'],
'compliance_level': 'mandatory'
},
'CNSA_2.0': {
'mandate_date': '2025-2033',
'required_algorithms': ['ML-KEM', 'Dilithium'],
'compliance_level': 'mandatory_for_natsec'
},
'EU': {
'mandate_date': 'TBD',
'guidance': 'Follow ENISA recommendations',
'compliance_level': 'recommended'
}
}
Continuous Assessment
class ContinuousThreatAssessment:
"""Continuous threat model updates"""
def schedule_assessments(self) -> dict:
"""Schedule regular threat assessments"""
return {
'daily': ['Check CVE feeds', 'Monitor quantum news'],
'weekly': ['Review implementation changes', 'Analyze logs'],
'monthly': ['Update risk matrices', 'Review mitigations'],
'quarterly': ['Full threat model review', 'Compliance check'],
'annually': ['Strategic assessment', 'Algorithm review']
}
References
- NIST PQC Threat Model
- Quantum Threat Timeline
- Side-Channel Attacks on PQC
- ENISA PQC Migration
- NSA Quantum Computing FAQ
Related Documentation
Security Guides
- PQC Implementation Security Guide
- PQC Migration Guide
- PQC Production Deployment Guide
- Security Testing Guide
- Security Best Practices