Frédéric Rivain, CTO of Dashlane is interviewed by Yuval Boger. They discuss the intersection of quantum computing and cybersecurity. Frédéric explains how Dashlane is preparing for the post-quantum era by testing cryptographic algorithms, implementing crypto-agility, and anticipating the “Harvest Now, Decrypt Later” threat. They explore the role of NIST in standardization, the challenges of migrating to post-quantum cryptography, and the evolving nature of credential security. Last, they cover AI-powered phishing attacks, government preparedness for Q-Day, and much more.
Transcript
Yuval Boger: Hello Frédéric, and thank you for joining me today.
Frédéric Rivain: Thank you for having me, Yuval. Happy to be here.
Yuval: So, who are you and what do you do?
Frédéric: Sure, I’m Frédéric Rivain. I’m the CTO of Dashlane. I lived these days in New York, but was, as you can tell from my accent, coming from Paris originally.
Yuval: And what does Dashlane do?
Frédéric: Dashlane is a credential manager. We are serving both consumers if you want to manage your passwords at home and that keeps you safe, or also more these days, securing the employees in the organization, making sure they have the right credential hygiene, the right habits, and the right protection for all their authentication means.
Yuval: So credential managers basically try to ensure that I am who I say I am or something like that?
Frédéric: They make sure that you can access all your online services the right way, conveniently and securely, most of all.
Yuval: In this podcast, we talk about quantum technologies. So why is this related to quantum?
Frédéric: Yeah, for sure. Well, because we have to store and protect very sensitive data, your passwords, your payment means, your identity, and so on. Of course, we use a lot of cryptography inside Dashlane. We use cryptography to secure your vault, to encrypt your vault where all your sensitive data lives. We use cryptography when you want to share a credential with someone else. We use cryptography to make sure that the audit logs for our admins are encrypted the right way and that only our customers can access their data and the Dashlane and not a hacker trying to gain access into our servers.
And of course, with quantum computers, it’s becoming more and more powerful and that looming quantum threat around breaking cryptography, while it’s very important for us to be looking at this and making sure that we’re already ahead of that dramatic moment I’d say.
Yuval: The estimations for Q-Day, the time where quantum computers could break cryptographic encryption, vary, sometimes say 5 years, sometimes say 10 or 20 years. So why should I worry about it now?
Frédéric: Yeah, I suppose nobody actually knows when it’s going to happen, but when it happens, it will happen and it will be too late to some extent.
My assumption is that it’s actually probably closer than those timelines because we’ve seen also the work around quantum computers really accelerate. You probably have seen the recent announcement from Google about the Willow quantum chips and more and more providers are really investing a lot in there. And that’s what we know about.
We don’t even know what’s happening in governments and the US is probably also, US government is probably also actively working quantum computers, China as well an so on. So that’s the thing we need to be prepared for.
And also in the world of quantum and cryptography, there’s the strategy that we call Store Now Decrypt Later or Harvest Now Decrypt Later where you would have malicious actors actually harvesting a lot of data today, not because they can actually brute force and hack it today, but because once quantum becomes this thing, then they can go back and get access to that data after the fact.
So it’s important for everybody using your cryptography these days to start being ready or to start anticipating that strategy. So that’s what we’re doing at Dashlane.
Yuval: At Dashlane, I’m sure you have many customers. Do any of them come to you and ask you what you think about quantum computers and the opportunity to break the cryptographic codes?
Frédéric: No, not really. You’re right. That’s not really on the top of mind for our customers these days. It feels very far down the road and more like in the field of R&D, but it’s our role to make sure we’re ready ahead of it and to anticipate those things for our customers to keep them safe for the future.
So we’ve been very active in the past two years to do proof of concepts. We’ve tested the algorithms that were part of the NIST competition in the past years. We’ve been actually validating that we could do post-quantum cryptography between our different client applications.
In our case, mostly by sharing, making sure that you can share with, for instance, our Android app and our browser extension in a secure way, even in the quantum world. So it’s been very interesting. It’s also a big challenge for our engineers. So it’s good to be ahead of the game here.
Yuval: You mentioned standards and NIST, the National Institute of Standards [and Technology]. What would you like your customers to know about the various standards that are being developed?
Frédéric: I guess the good news is that NIST finally picked the finalists, the ones that are the algorithms that are going to be standardized. So it’s a big milestone in that whole quantum journey and making sure that we have at least the choice of which quantum algorithms are going to be invested into in the future. And we’re going to use those to make sure we are following the decision here. At the same time, it’s very early days. It’s very nascent. There’s probably going to be a lot of work making sure that those crypto primitives for the post-quantum world are going to be solid and going to be tested by the whole community. And we might find issues and vulnerabilities in them and then we’ll have to iterate. So kind of the next step for us is to wait for those algorithms to be implemented into the libraries.
We don’t want and don’t intend as Dashlane to re-implement those algorithms ourselves. That’s not our business. It’s very hard work actually to implement cryptographic algorithms. So we hope that the community and the libraries will do the implementation and we can use them in our products and our applications.
Yuval: I think NIST is working on three, maybe four different algorithms. Do you expect to choose one or to offer all of them to your customers? How do you think about that?
Frédéric: Yeah, there are four of them and actually two categories of those algorithms. So I guess the ones related to signatures and the other ones related to key derivation. So we have to use both.
So to that point, we need to kind of wait and see a bit what comes out of it, but we’ll have to test them in terms of performance, in terms of ease of implementation and so on and then pick the ones that are most relevant for us.
In the crypto world, there are not that many options, but there are still options and you need to choose the one that makes sense for you. So as an example, in the past, in more of the classic cryptography, we used to use a PBKDF2 as a key derivation algorithm to encrypt our vault and more recently, like a few years back, we decided to move to Argon2, which actually has not, I don’t think it’s been standardized yet, but was more like state of the art and more adequate to
today’s world in terms of being resistant to different types of attack. But that was a choice we made at some point to make sure we follow the trends of computing power and resistance to malicious attacks. So we’d have to pick something. I don’t know which one it will be yet, but for sure, we need to be testing those.
Yuval: Going back to NIST, NIST is a US federal organization. How do the standards work differ in Europe to the best of your knowledge?
Frédéric: Well, it’s interesting because for instance, the French equivalent of NIST, which is called ANSSI, the Agence Nationale de la Sécurité des Systèmes d’Information, has actually wrote about the fact that it’s important for them that people get started into that quantum journey rather than which algorithm they’re going to use. And actually NIST has a very important influence all over the world. So I think ANSSI is going to follow suit.
They’re going to test those standards as well and make sure that they fit the needs of France, specifically because that’s the example I’m using. But you don’t have that type of same level of consistency across Europe. Every country has their own standard body and they try to align at the European level, but still I think everybody’s going to follow suit and collaborate with NIST to make sure that there’s some standards that will come out of it worldwide in a sense.
But yeah, that’s why I’m saying those algorithms that have been thinking about this may not be the ones that end up being the final ones at the end of the journey, but we start there and we can start using those, make sure that they work fine for today and then we iterate and implement as we go out with the community.
Yuval: Let’s assume one or more of these algorithms get implemented into libraries and then you integrate them into your products beyond the proof of concept. And now Dashlane products have post-quantum cryptography encryption built into them. What do your customers need to do? Do they do nothing and just enjoy a better level of encryption or do they need to go through a certain process?
Frédéric: No, the goal is definitely for them to do nothing. And that’s what makes the whole migration to that world very complicated. We’ve done multiple cryptographic migrations in the past for Dashlane. They’re always very sensitive migrations because you need to make sure that you don’t break everything. You need to make sure that you ensure backward compatibility because you may have old application versions out there in the world that are still being used by our customers. So you need to figure out the right migration paths and do it the right way.
That’s why one of the concepts around post-quantum cryptography is crypto-agility That’s something we already do, which means that you are able to support multiple cryptographic layers at the same time and you have hybridization of those different cryptographic layers together. We already have this with PBKDF2 and Argon2. You can use both of them at Dashlane. We’ll add just another layer that will hopefully nicely fit with the other one and you have those multiple layers together at the same time. And whether you are using an old version of Dashlane or a new version of Dashlane, it needs to keep working for you, whatever you do.
That’s the challenge at work. By the way, we’re still at the proof of concept level. We haven’t really yet invested into making it into production because it’s a pretty complex challenge.
Yuval: For Dashlane, does processing power matter? What I mean by that is I may have the latest MacBook Pro and it has a very strong processor, but then someone could have an old phone or, to the extreme, an IoT device that may not be as strong. Is that something that you’re thinking about?
Frédéric: Yeah, definitely. And that’s why when we consider new crypto-primitives, we test them and we need to make sure that they work with the right level of performance, whatever the type of device is. The good news is that in our case, the vault is generally pretty small. The data that we store is not heavy data.
Actually, passwords are just strings of text at the end of the day, so it’s not super heavy to decrypt and encrypt, but still that’s processing power that you need to factor in. So definitely on our mind to make sure that we achieve the right level of performance and scalability from the primitives.
Yuval: You mentioned that none or very few of your customers came to ask about Quantum. But what if a customer came today and said, “Well, I read about this Harvest Now Decrypt Later. What are you going to do about it? How can you help me today?” What will your answer be?
Frédéric: Yeah, actually we’ve been pretty transparent about our journey on the topic. We’ve written different blog posts where we shared our learnings about testing the different algorithms, prototyping it and so on. And we’ve been actually even trying to educate our own customers that we’re more into it, about the fact that also on their side, they need to start looking at it and making sure that they get ready.
So I would tell them two things. The first one is, “See this is too early. Nobody has a claim that they are able to break cryptography.” So hopefully we have enough time ahead of us and we’re on top of it. Like we’ll get you in the right situation at the right time. We keep you posted on our progress and it’s going to be a journey together. If you have a specific use case and specific need, let’s discuss it and we’ll see what we can do for you. But it can also serve our broader customer base.
Yuval: You mentioned that you’re sharing your learnings. What have you learned in this context over the last, say, six to 12 months?
Frédéric: We’ve learned that it’s not easy. Of course, those are complex algorithms and they’re complex to implement. But we’ve also learned that at the end of the day, that’s not even the most complex part. Like I was mentioning before, for us, the most complex part is going to be going to production and doing the migration. It’s sensitive data.
We don’t want to break the vaults of our customers because at that point, they don’t get access to their passwords and their pass keys and everything and they can’t authenticate to their system. So it’s going to be very important for us to do it the right way. And in our case, when we talk about breaking cryptography, it’s really about asymmetric cryptography. So in our situation, the key feature that you use asymmetric cryptography is sharing. So we want to make sure that once we start migrating, your sharing still works. And if you decided to share in your organization or as a consumer with others, they can still access the same credential as you are and everything keeps working as expected.
Yuval: When we spoke about customers, I was thinking primarily about organizations or commercial organizations. But actually, probably governments also play a role in this. What should governments do to prepare for Q-Day?
Frédéric: Well like everybody else, I mean, like all the other organizations, they should start by first educating themselves about the whole thing. It’s important to learn and like I said, it’s not very easy. So you need to take the time to learn what’s out there. You need to do an inventory inside your own system of where you use cryptography. Here are the use cases in my own business and in my own context.
And then you need to have a plan. You need to start thinking, okay, how am I going to get to crypto-agility? How am I going to start implementing post-cryptographic algorithms to have that hybridization I was mentioning? Because I’m protected for the past, but I’m also protected for the future. And if I’m an organization that processes very sensitive data, whether it’s, you mentioned governments, but it could be healthcare, it could be in education, it could be finance, you’re even more at risk that a harvest now, decrypt later attack comes to you. So that’s the type of organization that should really be trying to anticipate even more than the other ones. So in a sense, I guess I’m less concerned about e-commerce as an example than I am about our health data being stolen in the future or like secrets.
Yuval: AI seems to be permeating so many areas of our lives. Does AI play any role in cyber threats?
Frédéric: Yeah, very much so. So the thing that’s interesting in the past, let’s say 18 months, is that we’ve seen a very massive increase in AI-powered phishing attacks. The strength of AI is to be able to generate very customized, very specific targeted content.
And so this has been very used and weaponized by the attackers to make sure that the phishing attacks are not like the generic African prince trying to get money out of you, like the old scams, but really more like your CEOs are putting things in an email that may seem very believable that the CEO actually wrote it, but when he didn’t do it.
So that’s why, by the way, in our case, of course, we need to try and mitigate against phishing attacks as a product, but we also need to move away from those authentication mechanisms that are phishing sensitive. How do we make our products and how do you make authentication phishing resistant by nature and not susceptible to those types of attacks that are going to become more and more sophisticated through AI?
So you may probably have heard about passkeys, about all the work happening around passkeys in the industry these days. We are a board member of the FIDO Alliance, which is a big consortium that tries to reinvent the identity of the future. We’ve been pushing a lot around passkeys. We are at the moment discussing actively with the industry about how do we build a credential exchange protocol so that people can share passkeys from one provider to the ther. So there’s a lot of ongoing activity in that space. I think that’s the most strategic path for us rather than trying to use AI to defend against AI attacks in a sense. Let’s make sure that the construction of our systems are resistant to those types of attacks rather than try and just be reactive and mitigate attacks after the fact.
Yuval: Tell me a little bit about the proof of concept. What was it like? What were you trying to prove? Was it a browser add-on? Was it standalone software? Tell me about that, please.
Frédéric: We used some of the algorithms. That was 18 months ago, two years ago. So we used some of the algorithms that were out there in the NIST competition at the time. We found some implementations so we didn’t have to restart from scratch. We did have to port them to our own programming language. By the way, our implementations are available on our GitHub, which some people are interested in looking at that.
We did two things. We first introduced those algorithms inside our sharing features. Now we have the hybridization between the post-quantum algorithm and the legacy algorithm. We did that in our browser extension. So we have a JavaScript implementation of it inside our product for our browser extension. We did the same type of work in Kotlin for our Android app.
Then the goal was to see, okay, can we actually share between that Android proof of concept and that browser extension proof of concept in a secure way? And that worked. So we were happy about this and that’s where we left off. So at this point it was okay. It seems to work. We know how to do it. Now we need to wait for NIST to finalize the competition and approve the standards. And then we have to think about going to production, which is going to be the next phase in our journey.
Yuval: Dashlane is probably not the only company doing credential management. How is your quantum-specific solution different or better than other people who are doing this?
Frédéric: Well, actually that’s a good question. I would love to know because I don’t know. I think we are the only ones in this space that have been writing about it and being public about it. I haven’t seen anything from our competitors. That doesn’t mean that they’re not doing stuff and are already on their side. But I think it’s very early days for everybody.
And yet again, I’m not sure it’s going to be that differentiated at the end of the day because our goal and our job is not to do fundamental cryptography. That’s the work of academia, that’s the work of way larger organizations that know it than we are. We’re going to use the implementation in libraries and the crypto primitives that are validated by the community and we’re going to apply them to our own product, but not reinvent them.
So I think at the end of the day, we’ll all do the same. In the same way we’ve done in the past for classic cryptography, like you can see in the research paper when the password managers are being compared that at the end of the day we’ll all use the same cryptographic solutions.
Yuval: I know with some encryption methods, it took maybe 20 years to really upgrade all systems to support that or to not support it anymore. So that particular method is no longer in the system. Do you expect it to take 20 years to do PQC as well or do you think it will be much faster?
Frédéric: I expect it to be a bit faster just because the world of today is different and faster than it used to be 20 years ago in terms of collaboration across the community and business pressure across the world.
I expect it to be a bit faster, but at the same time it will be hard and I expect that we will have many iterations. We’ll find massive vulnerabilities like we had in the past, the OpenSSL and those type of security incidents we had in the past. So we have the same journey to some extent and I don’t believe it’s that easy to get it right the first time. So we’ll have to get ready for this and make sure that we have the velocity and the flexibility to adapt to things that happen.
That’s why crypto-agility as a concept and making sure that you’re able to update your cryptographic layers in an easy way, let’s say, is really important as a skill in the product.
Yuval: As we get to the end of our conversation today, I wanted to ask you a hypothetical. If you could have dinner with one of the crypto greats or the quantum greats dead or alive, who would that person be?
Frédéric: Oh, that’s interesting. I guess thanks for talking about quantum. I would love to have a conversation with Shor. He was at the heart of some of the whole conversation. This is a very fascinating world, the world of mathematicians that are looking at those crypto topics. It’s super complex math behind the scenes.
So yeah, I would be just curious to understand how you do the reasoning. I’m not a mathematician myself, but it’s very fascinating to think about. Those people are just working on a whiteboard and they come up with some ways of making sure that either you can break something or you can actually protect from something.
So that’s whether it’s Shor definitely or the other famous mathematician, Grover. So both of them, I would love to talk to them.
Yuval: Wonderful. Frédéric, thank you so much for joining me today.
Frédéric: Thank you. Thank you for having me. It was a cool conversation.