Towards Discovering Quantum-Threats for Applications Using Open-Source Libraries

The improvement of quantum computing poses a significant threat to cryptographic security. It enables the potential utilization of quantum algorithms to compromise classical cryptographic algorithms, such as public-key cryptosystems including RSA (Rivest-Shamir-Adleman), DH (Diffie-Hellman), and ECC (Elliptic Curve Cryptography). Currently, many applications rely on open-source libraries for various functionalities, including quantum-vulnerable public-key cryptographic implementations to achieve data confidentiality, integrity, and authenticity. So how can we determine the exposure of such applications to quantum attacks? In this paper, we study the use of open-source cryptographic algorithms for the Python programming language. We first identify the most widely used Python cryptographic libraries and then establish a simple keyword-based approach to identify the potential use of vulnerable RSA, ECC, and DH algorithms within Python applications. Notably, the extracted set of 11 keywords demonstrates precision and accuracy exceeding 90%.

Published in ACNS Workshops 2024. Link