Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Needs Review
Workspace Domino
Categories Security
Created by Guest
Created on Jan 30, 2025

Add Quantum-Resilient Cryptography

This idea requests to add Quantum-Resilient Cryptography (QC) for:

  • Encryption of Notes ID files,

  • Encryption of NRPC-based traffic,

  • Database Encryption,

  • Internet Protocols (http, smtp, imap, ldap, etc.),

  • Encryption of DAOS attachments,

  • Everything else not listed here,

The security risk is that attackers may copy and save encrypted Domino data for a later attack, when Quantum Computers will be available to break the encryption.

A document from NIST suggests that RSA, AES, ECDSA, EdDSA (all of traditional cryptography known today) should be "disallowed" after 2035:

https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf

The Australian government "does not approve" traditional cryptography after 2030 (even including SHA-2):

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography


As nobody knows the future, it would be good to add Quantum-Resilient Cryptography before large enough Quantum Computers become reality.

[ Toni Feric, Belsoft Collaboration ]

  • Attach files
  • Guest
    Reply
    |
    Feb 27, 2025

    Just one technical correction to this excellent idea: AES isn't as vulnerable to quantum computing as the other algorithms listed here. The current understanding is that 256 bit AES will be as secure against a quantum computing based attack as 128 bit AES is to a classical computing based attack. Quoting from that NIST document that you referenced:

    "As discussed in Sec. 4.1.3, the existing algorithm standards for symmetric cryptography are less vulnerable to attacks by quantum computers. NIST does not expect to need to transition away from these standards as part of the PQC migration. "