Sessions

Secure Java Applications against Quantum Threats

Ana Maria Mihalceanu - Oracle

While we all get excited imagining the many happy path scenarios using quantum computers, what if such computation power will be employed for compromising the cryptographic algorithms that secure data and communications? While Y2Q or Q-Day feels distant, bad actors steal currently unreadable encrypted data with the expectation of being able to decrypt in the future.

Java applications can resist classic and quantum attacks by adopting Hybrid Public Key Encryption (HPKE), a new standard that leverages asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption. This talk covers the connection between these concepts, their implementation in the JDK security and demonstrates how can these be integrated to achieve secure quantum-resistant messaging in Java.

By the end of this talk you will understand how to take advantage of JDK security and toolchain capabilities (keytool, jfr) to fortify your application and withstand the quantum-era threats.