Blog

Categories:
27. 9. 2024
Cryptography
Quantum computer resistant algorithms

PQC or Post Quantum Cryptography

A summary of the current state of play in the field of quantum computer-resistant cryptography, along with simplified explanations of attacks on current algorithms, overviews of problems, and the importance of individual technologies.

Quantum computer-resistant algorithms

It is quite challenging to understand the terms used to denote the current development in the field of cryptography. But it is necessary especially because of the imminent emergence of quantum computer technology. The development of these machines has given new impetus to the development of cryptography. At the same time, they are popularly referred to as cryptographic Armageddon, the death of classical cryptography and other catchy terms. Quantum computers can cause inconvenience to existing technologies which involve e.g. agreeing on encryption keys or digital signatures, but they can pose a threat to other current encryption techniques. The reason is simple, it is now possible to collect data and decrypt them when those machines become available (HNDL = Harvest Now, Decrypt Later). There are secrets, even of an economic nature, that need to be protected for a longer period of time. Longer period in that case means years or tenth of years.

Current cryptography has a powerful tool in its arsenal, asymmetric cryptography. Asymmetric, because the keys are used asymmetrically. Private key for encryption, public key for decryption (or vice versa, depending on the purpose). Those algorithms are known under names RSA, ElGamal, Schnor signature, DSA, or cryptography over elliptic curves (ECDH/ECDSA). The user always has a pair of private and public key, where the public key is derived from the private key. These methods are used for agreeing on shared secrets (protecting our communications within SSL/TLS, SSH, IPSec and other technologies) or for digital signatures. The first algorithms for asymmetric cryptography, which provides these areas, appeared in the 1970s. The first practical deployment was a decade later. Now, after 40 years of development, we have managed to eliminate the biggest problems, to start using these technologies. Although these are in most cases trivial procedures, based on elementary and high school teaching, some of the problems are extremely interesting and are still not unequivocally solved. With current asymmetric algorithms, the impact of quantum computers is devastating. This was caused by an idea by Peter W. Shor, who suggested using first the search for a modular base number for factorization. For this purpose, it is possible to use a quantum version of the Fourier transform (the mathematical version of "period measurement"). And the only defense option is to find new, quantum computer-resistant procedures.

AlgorithmAttack time
RSA 1024/DH 10243,5 day
RSA 2048/DH 20487 day
RSA 3072/DH 307210,6 day
ECDH 2563,1 day
ECDH 3844,7 day
ECDH 5126,3 day

Current symmetric cryptography (the key is used symmetrically = the same key is used for both encryption and decryption) is built over block ciphers such as AES, ARIA, CAMELLIA, or stream ciphers such as ChaCha20. To list them this article would not suffice. The algorithms listed represent a method of securing large volumes of data because they are relatively fast. Quantum computers bring inconvenience, these encryption algorithms may be threatened by a Groover attack if small keys are used (i.e. smaller than about 168b), but is this not a false alarm? The answer is simple, it is not. Although the Groover algorithm is nothing more than an effective way of searching unsorted databases. In the case of a quantum computer, there are two possible ways for an attack. Either create a huge database of all combinations of open text, keys and encrypted text, or combine the search and encryption algorithms into one more complex one.

If the Groover and encryption algorithms are combined, e.g. with the implementation of AES for quantum computers, we should get a powerful tool. Theoretically, such a solution should return the information immediately. Calculations vary, for a key of size 128b, it should be an interval from 8 minutes to 30 years (depending on the design of the whole device, whether it would be a specialized circuit or a general quantum computer with a program). But for a key of size 192b, it would be time consuming at least 40,000 years. Therefore, it is necessary to use a larger key material in order to move the attack from the practical to the theoretical level. Of course, this is a theoretical attack for now, because we do not have the equipment for it yet and only parts of the algorithm have been tested. The important thing is to choose the length of the key so that it protects secrets with reserve for the required time, e.g. several decades.

For the sake of interest. If we only want to create a database of keys and encrypted texts for a key the size of 128b, we are outside the technological and raw material possibilities. If a memory cell would require 100 silicon atoms (and some doping elements), without any other supporting circuits, the storage would have a radius of 5000 AU … and would immediately collapse into a black hole due to its weight and gravitational action. So this is not the way, such a solution can only be taken as a cryptographic attack and a mathematical game play.

Post-quantum cryptography competitions

Currently, in late 2024, the following competitions are taking place to select quantum-resistant algorithms. These are often referred to as PQCs – Post Quantum Cryptography.

NIST Post Quantum Cryptography (USA)

The results of this competition are generally accepted in Canada, Europe, the Middle East, parts of Asia, Japan, Australia and other places. More information about this competition can be found at NIST Post Quantum Cryptography

KpqC competition - Korea Post Quantum Cryptography competition (South Korea)

This is a local matter, with experts such as Tanja Lange acting as independent gestors. Thanks to the export of scientific and cultural trends (soft power), this activity will probably have some, at present difficult to predict impact, but will certainly be used by Samsung, LG, KIA/Hyundai... More information about this competition can be found at KpqC competition

CACR PQC standardization - Chinese Association for Cryptography Research Post Quantum Cryptography (China)

China is trying to demonstrate its independence in this area as well. Recently I came across information that Russia should be interested in cooperating on this development, but the information is scarce and for me it is difficult to read. More information about the competition can be found at CACR PQC standardization

Standards with an impact on Europe

Europe is determined by ETSI standardiation( European Telecommunications Standards Institute), it also has an interesting and generally accepted result of NIST PQC, which has already created three standards, the fourth is in the design stage. According to the current situation, there will be enough algorithms for a digital signature, but probably not enough to provide an alternative to agreeing on a shared secret. But this is necessary to maintain the possibility of agreeing on keys and to ensure the confidentiality of encrypted communication.
FIPS 203 ML-KEM (originally Krystal Cyber, Key Exchange Mechanism, SVP+LWE)
FIPS 204 ML-DSA (originally Krystal Dilithium, Digital Signature Algorithm, SVP+LWE)
FIPS 205 SHL-DSA (Stateless Hash Based DSA, Digital Signature Algorithm, uses stateless hash trees)
(Falcon - Fast-fourier transform over NTRU-lattice based DSA, Digital Signature Algorithm, uses stateless hash trees)

In addition, the listed algorithms have a recommended security level, called NIST Security level:
Security level 1, security equivalent 128b (AES-128, exhaustive key search)
Security level 2, security equivalent 128b (SHA-256, collision search)
Security level 3, security equivalent 192b (AES-192, exhaustive key search)
Security level 4, security equivalent 192b (SHA-384, collision search)
Security level 5, security equivalent 256b (AES-256, exhaustive key search)

More interestingly, what recommendations each organization makes about the given standards. In my opinion it is still unclear how to approach the given standards. Due to the difficulty of analyzing the complexity of an attack conversion to a security equivalent is still a problem. Here is an overview of the digital signature algorithms:

 
Organization Digital Signature Digital Signature Other DSA
CNSA 2.0 (USA) ML-DSA level 5 LMS/XMSS
NIST (USA) FIPS 204 (ML-DSA) FIPS 205 (SHL-DSA) FN-DSA
NCSC (UK) ML-DSA level 3 LH-DSA/LMS/XMSS
BSI (Germany) ML-DSA Levels 3/5 SLH-DSA Level 3/5 LMS/XMSS
NLNCSA (Netherlands) ML-DSA LMS/XMSS
ANSSI (France) ML-DSA level 3 SLH-DSA Level 3/5 FN-DSA/LMS/XMSS
(South Korea) KpqC competition KpqC competition
(China) CACR PQC standardization CACR PQC standardization
IETF LMS/XMSS

Digital signature is important for authentication, electronic communication, or from the point of view of the law as a manifestation of the will. But digital signature alone is not able to ensure the protection of transmitted information, or even to agree on key material (shared secrets). There are other algorithms for that, more precisely only one for now algorithm:

     
Organization Key Exchange Other Key Exchange
CNSA 2.0 (USA) ML-KEM Level 5
NIST (USA) FIPS 203 (ML-KEM)
NCSC (UK) ML-KEM Level 3
BSI (Germany) ML-KEM Level 3/5 FrodoKEM/McEliece
NLNCSA (Netherlands) ML-KEM Level 3 FrodoKEM
ANSSI (France) ML-KEM Level 3/5 FrodoKEM/McEliece
(South Korea) KpqC competition
(China) CACR PQC standardization
IETF

It is the Key Exchange Method (KEM) algorithms that can also force changes in current protection methods. SSL/TLS protocol is most often used, followed by SSH protocol. Both layers have a somewhat similar architecture and protocol structure. It is with SSL/TLS that there is a risk that certificates with key material signed by post-quantum algorithms may exceed the size of the record. This can be transmitted by multiple packets, but must be smaller than 18432B (214 + 2048). If the certificate or certificate chain is longer, the connection will be interrupted. And some proposed KEM algorithms may have key material extremely extensive.

Beyond the above algorithms, so-called hybrid algorithms have emerged, more or less temporarily. These are built over a combination of classical and post-quantum algorithms and are intended to act as protection should any of the above mechanisms experience a significant security threat. They are currently used in SSL/TLS and SSH, these hybrid algorithms include:

NázevAlgoritmy
ecdh-nistp256-kyber-512r3-sha256NIST P-256 + Kyber-512 + SHA256
ecdh-nistp384-kyber-768r3-sha384NIST P-384 + Kyber-768 + SHA384
ecdh-nistp521-kyber-1024r3-sha512NIST P-521 + Kyber-1024 + SHA51
x25519-kyber-512r3-sha256Curve25519 + Kyber-512 + SHA256
x25519-kyber-768r3-sha256Curve25519 + Kyber-768 + SHA256

Problems allowing the creation of asymmetric algorithms

In terms of methods used in the creation of classical asymmetric is available the following a set of problems. These are currently at their peak and will need to be replaced by another set in the foreseeable future, able to withstand quantum computers:

FACTORING Integer Factorization Problem
RSAP RSA problem (RSA inversion)
QRP Quadratic Residuosity problem
SQROOT Search for the square root that forms the number modulo base (Square roots modulo n)
DLP Discrete Logarithm Problem
GDLP General Discrete Logarithm Problem
DHP Diffie-Hellman Problem
GDHP General Diffie-Hellman Problem
SUBSET-SUM Subset Sum problem

In the case of algorithms resistant to quantum computers, it was necessary to find a completely different set of problems. Previous the set of problems was not sufficiently resistant to new technologies, so it was necessary to look for something better. Such procedure is a normal part of development and of course cryptography does not remain stationary. Some of these procedures are about the same age as current asymmetric cryptography, some are part of the evolution of recent decades. For the new algorithms they used the following groups of interesting problems:

Lattice-based cryptography Shortest Vector (SVP) Search
Shortest Independent Vector (SIVP) Search
Find the closest vector (CVP)
Learning with errors (LWE) problem
Short integer solutions (SIS)
...their combinations.		 SVP+LWE problem - FIPS 203 ML-KEM
SVP+LWE problem - FIPS 204 ML-DSA
SVP+LWE problem – e.g. Frodo, Glyph, NewHope, TESLA
CVP – e.g. NTRU, BLISS
Linear codes
Code-based cryptography		 Problem decoding general linear code
SDP Syndrome Decoding Problem
RSDP Rank Syndrome Decoding Problem		 Examples are McEliece, BIKE, HQC and others
Solution of system of nonlinear equations
Multivariate cryptography		 Examples are OAV (Oil and Vinegard), GeMSS, Rainbow ...
Hash trees
Hash-based cryptography
HBS:Hash Based Signature		 Status trees
Status trees LMS (Leighton-Micali Scheme)
XMSS (eXtended Merkle Signature Scheme) status trees
FN status trees (Fast-fourier transform over NTRU-lattice)		 FIPS 205 SHL-DSA (Stateless Hash Based DSA)


draft FIPS 206 FN-DSA (Falcon)
Supersingular curves with invariants
Supersingular isogeny-based cryptography		 General Model
Comutative Model		 SIDH
CSIDH (Commutative Supersingular Isogeny Diffie-Hellman)
Other interesting problems Search problem
Braid groups (operations in braid groups)
Complex algebra over octonions
Complex algebra over sedenions
Chebyshev polynomials (Chebyshev polynomials)

Conclusion

Current algorithms will be seriously compromised by 2030-2040 and it is necessary to prepare for the impacts that quantum computers bring. On the other hand, it is necessary to be careful, premature implementation can create a problem in itself. The reason for this precaution is simple. It took us 40 years to create functional asymmetric cryptography built over quite simple problems, actually over the curriculum of primary and secondary schools. New approaches require substantially deeper mathematical knowledge, evidence of correctness and only developments in mathematics will answer the question whether they are the procedures chosen are correct. The individual steps should therefore, in my opinion, be approximately as follows:
1. Increase key size for symmetric algorithms to 192b (25% higher load than 128b), better to 256b (25% higher load than 192b). This makes it easy to avoid problems with the possibility of attack by Groover's algorithm.
2. Switch to hybrid algorithms by 2024 at the latest, unless switching directly to quantum-resistant algorithms. However, hybrid algorithms will not be suitable for use beyond 2030-2035 and at the latest must be replaced by tested quantum-resistant algorithms. This trip is for paranoids who either have concerns possible weaknesses of new algorithms, or kleptography (design allowing unauthorized access to information) for new standards.
3. Start within two years of standardization, or at most within five years of standardization to complete the transition on quantum-resistant algorithms. Both for the agreement on the keys and for the digital signature. In the case of digital signature, this will mean significantly more changes in different systems.

Attachments: List of libraries supporting quantum cryptography

Botan is an opensource library in C++. It supports Unix/POSIX and Windows systems. More information on GitHub
liboqs is an opensource library in C. It supports Linux, Mac and Windows through the "Open Quantum Safe Provider for OpenSSL" library. More information on GitHub
is an opensource library of interfaces in C. It supports Linux, Mac and Windows and provides OpenSSL library features from a support library providing PQC algorithms. GitHub
SymCrypt is a Microsoft library under an MIT license. It supports both the new CNG API, and the older CAPI we Windows. In Linux, you can call SymCrypt APIs directly or through interfaces, for example, the OpenSSL interface. GitHub

Attachments: List of algorithms in the NIST PQC

List of algorithms in the NIST competition, including their download, disable, merge, or standardization. This list is still incomplete and the goal is to fill in the missing data to allow a preview of the entire development.

Algorithm Goal Problem Type Submission Round 1 Round 2 Round 3 Round 4
BIGQUAKE KEM Codes Goppa Discard - - -
BIKE KEM Codes Short Hamming BIKE BIKE
CFPKM KEM Codes RSDP Discard - - -
Classic McEliece KEM Codes Goppa Classic McEliece Classic McEliece Classic McEliece
CompactLWE KEM Lattice LWE Discard - - -
CRYSTALS-DILITHIUM DSA Lattice Fiat-Shamir FIPS-204
CRYSTALS-KYBER KEM Lattice MLWE FIPS-203
DAGS KEM Codes Quasi dyadic Discard - - -
Ding Key Exchange KEM Lattice RLWE Discard - - -
DME ? Multivariate UOV Discard - - -
DRS DSA Multivariate UOV Discard - - -
DualModeMS DSA Multivariate UOV Discard - - -
Edon-K KEM Codes Withdrawn Discard - - -
EMBLEMandR.EMBLEM KEM Lattice LWE/RLWE Discard - - -
Falcon DSA Lattice Hash then sign FIPS-206
FrodoKEM KEM Lattice LWE FrodoKEM Discard
GeMSS DSA Multivariate HFE GeMSS Discard
Giophantus DSA Symmetric Hash Discard - - -
Gravity-SPHINCS DSA Symmetric Hash Discard - - -
Guess Again DSA Lattice Discard - - -
GUI DSA Multivariate HFE Discard - - -
HILA5 KEM Lattice RLWE Round 5 - - -
HiMQ-3 DSA Multivariate UOV Discard - - -
HK17 DSA Multivariate UOV Withdrawn Discard - - -
HQC KEM Codes Short Hamming HQC HQC
KCL (aka OKCN/AKCN/CNKE) KEM Lattice LWE/RLWE/LWR Discard - - -
KINDI KEM Lattice MLWE Discard - - -
LAC KEM Lattice RLWE Discard - -
LAKE KEM Codes low rank Rollo Discard -
LEDAkem KEM Codes Short Hamming LEDACrypt Discard - -
LEDApkc KEM Codes Short Hamming LEDACrypt Discard - -
Lepton DSA Codes Discard - - -
LIMA KEM Lattice RLWE Discard - - -
Lizard KEM Lattice LWE/RLWE Discard - - -
LOCKER KEM Codes low rank Rollo Discard -
LOTUS KEM Lattice LWE Discard - - -
LUOV DSA Multivariate UOV Discard - -
McNie KEM Lattice Discard - - -
Mersenne-756839 KEM Lattice ILWE Discard - - -
MQDSS DSA Multivariate Fiat-Shamir Discard - -
NewHope KEM Lattice RLWE Discard - -
NTRUEncrypt KEM Lattice NTRU NTRU NTRU NTRU Discard
NTRU-HRSS-KEM KEM Lattice NTRU NTRU NTRU NTRU Discard
NTRU Prime KEM Lattice NTRU NTRU Prime Discard
NTS-KEM KEM Codes Goppa Classic McEliece Classic McEliece
Odd Manhattan KEM Lattice Lattice Discard - - -
Ouroboros-R KEM Codes low rank Rollo - -
Picnic DSA Symmetric ZKP Picnic Discard
Post-quantum RSA-Encryption KEM Factorization Discard - - -
Post-quantum RSA-Signature DSA Factorization Discard - - -
pqNTRUSign DSA Lattice Hash then sign Discard - - -
pqsigRM DSA Discard - - -
QC-MDPCKEM KEM Codes Short Hamming Discard - - -
qTESLA DSA Lattice Fiat-Shamir Discard - -
RaCoSS KEM Lattice Discard - - -
Rainbow DSA Multivariate UOV Rainbow Discard
Ramstake KEM Lattice LWE Discard - - -
RankSign DSA Codes RSDP Withdrawn Discard - - -
RLCE-KEM KEM Codes RSDP Discard - - -
Round2 KEM Lattice LWE/RLWE Round 5 Discard - -
RQC KEM Codes low rank Discard - -
RVB KEM Codes Withdrawn Discard - - -
SABER KEM Lattice MLWE SABER Discard
SIKE KEM Isogeny Isogeny SIKE SIKE
SPHINCS+ DSA Symmetric Hash Discard
SRTPI DSA Symmetric Hash Withdrawn Discard - - -
ThreeBears KEM Lattice IMLWE Discard - -
Titanium KEM Lattice MP-LWE Discard - - -
WalnutDSA DSA Braid group Discard - - -

Attachments: List of algorithms in the KpqC Competition

List of algorithms in the South Korean competition, including their details, similar to the NIST PQC competition. This overview is still not complete and the aim is to fill in the individual missing data to allow a preview on the whole development.

Algorithm Goal Problem Type Submission Round 1 Round 2
AlMer DSA
Enhanced pqsigRM DSA Hash Vyřazen -
FIBS DSA Hash Vyřazen -
GCKSign DSA Isogenies Vyřazen -
HAETAE DSA Lattices SVP/LWE
IPCC KEM Hash Vyřazen -
Layered ROLLO-I KEM Codes RSDP Vyřazen -
MQ-Sign DSA Multivariate
NCC-Sign DSA
NTRU+ KEM Lattices SVP
PALOMA KEM Lattices LWE/RLWE
Peregrine DSA Multivariate Vyřazen -
REDOG KEM Lattices LWE/RLVE
SMAUG KEM Multivariate SMAUG+TiGER
SOLMAE DSA Codes SDP/ECCP Vyřazen -
TiGER KEM Multivariate SMAUG+TiGER

Attachments: List of algorithms in CACR contest PQC standardization

I am not able to add the table of algorithms in the Chinese contest yet. The contest was in two categories, the results are listed here:
1. AIGIS-SIG, LAC.PLE, AIGIS-ENC, LAC.KEX, SIAKE, SCloud, AKCN(AKCN-MLWE), OKCN(SKCN-MLWE), Fatseal, AKCN-E8, TALE, PKP-DSS, Piglet-1
2. uBlock, Ballet, FESH, ANT, TANGRAM, RAINDROP, NBC, FBC, SMBA, SPRING
The list of algorithms is complete, but details are missing for the time being. Therefore, it is not possible to get an overview of the whole development and to determine why some technologies were used and what type of technologies are involved. That will be added later.


Reference:

  1. RFC 8391: XMSS: eXtended Merkle Signature Scheme.
    Source: https://www.rfc-editor.org/
  2. RFC 8554: Leighton-Micali Hash-Based Signatures.
    Source: https://www.rfc-editor.org/
  3. RFC 9180: Hybrid Public Key Encryption.
    Source: https://www.rfc-editor.org/
  4. After 60 years, another busy beaver problem solved.
    Source: https://medium.com/
  5. FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism Standard.
    Source: https://www.nist.gov/
  6. FIPS 204 Module-Lattice-Based Digital Signature Standard.
    Source: https://www.nist.gov/
  7. FIPS 205 Stateless Hash-Based Digital Signature Standard.
    Source: https://www.nist.gov/
  8. Open Quantum Safe.
    Source: https://openquantumsafe.org/
  9. Post-Quantum Cryptography Alliance.
    Source: https://pqca.org/
  10. Post-Quantum Cryptography Coallition.
    Source: https://pqcc.org/
  11. QUBIP Transition of NSS and Firefox to support the quantum secure internet browsing.
    Source: https://qubip.eu/

Autor článku:

Jan Dušátko
Jan Dušátko

Jan Dušátko has been working with computers and computer security for almost a quarter of a century. In the field of cryptography, he has cooperated with leading experts such as Vlastimil Klíma or Tomáš Rosa. Currently he works as a security consultant, his main focus is on topics related to cryptography, security, e-mail communication and Linux systems.

Podobné články

Sharing files with SMB protocol and cryptography
16. 9. 2024
Sharing files with SMB protocol and cryptography
Sharing files with NFS protocol and cryptography
17. 9. 2024
Sharing files with NFS protocol and cryptography
Storing password with Crypt interface
8. 10. 2024
Storing password with Crypt interface
logo

Your learning platform for cryptography
and security.

Jan Dušátko
info@cryptosession.cz
+420 602 427 840

Pod Harfou 938/58
190 00, Praha 9

IČ: 43479766
DIČ: CZ 7208253041

Bank no.:
78-7768770207/0100

© 2024 Cryptosession.cz Design: Lukáš Kejha, Development: Karel Tropp

1. Introductory Provisions

1.1. These General Terms and Conditions are, unless otherwise agreed in writing in the contract, an integral part of all contracts relating to training organised or provided by the trainer, Jan Dušátko, IČ 434 797 66, DIČ 7208253041, with location Pod Harfou 938/58, Praha 9 (next as a „lector“).
1.2. The contracting parties in the general terms and conditions are meant to be the trainer and the ordering party, where the ordering party may also be the mediator of the contractual relationship.
1.3. Issues that are not regulated by these terms and conditions are dealt with according to the Czech Civil Code, i.e. Act No.89/2012 Coll.
1.4. All potential disputes will be resolved according to the law of the Czech Republic.

2. Creation of a contract by signing up for a course

2.1. Application means unilateral action of the client addressed to the trainer through a data box with identification euxesuf, e-mailu with address register@cryptosession.cz or register@cryptosession.info, internet pages cryptosession.cz, cryptosession.info or contact phone +420 602 427 840.
2.2. By submitting the application, the Client agrees with these General Terms and Conditions and declares that he has become acquainted with them.
2.3. The application is deemed to have been received at the time of confirmation (within 2 working days by default) by the trainer or intermediary. This confirmation is sent to the data box or to the contact e-mail.
2.4. The standard time for registration is no later than 14 working days before the educational event, unless otherwise stated. In the case of a natural non-business person, the order must be at least 28 working days before the educational event.
2.5. More than one participant can be registered for one application.
2.6. If there are more than 10 participants from one Client, it is possible to arrange for training at the place of residence of the intermediary or the Client.
2.7. Applications are received and processed in the order in which they have been received by the Provider. The Provider immediately informs the Client of all facts. These are the filling of capacity, too low number of participants, or any other serious reason, such as a lecturer's illness or force majeure. In this case, the Client will be offered a new term or participation in another educational event. In the event that the ordering party does not agree to move or participate in another educational event offered, the provider will refund the participation fee. The lack of participants is notified to the ordering party at least 14 days before the start of the planned term.
2.8. The contract between the provider and the ordering party arises by sending a confirmation from the provider to the ordering party.
2.9. The contract may be changed or cancelled only if the legal prerequisites are met and only in writing.

3. Termination of the contract by cancellation of the application

3.1. The application may be cancelled by the ordering party via e-mail or via a data mailbox.
3.2. The customer has the right to cancel his or her application for the course 14 days before the course takes place without any fees. If the period is shorter, the subsequent change takes place. In the interval of 7-13 days, an administrative fee of 10% is charged, cancellation of participation in a shorter interval than 7 days then a fee of 25%. In case of cancellation of the application or order by the customer, the possibility of the customer's participation in an alternative period without any additional fee is offered. The right to cancel the application expires with the implementation of the ordered training.
3.3. In case of cancellation of the application by the trainer, the ordering party is entitled to a full refund for the unrealized action.
3.4. The ordering party has the right to request an alternative date or an alternative training. In such case, the ordering party will be informed about all open courses. The alternative date cannot be enforced or enforced, it depends on the current availability of the course. If the alternative training is for a lower price, the ordering party will pay the difference. If the alternative training is for a lower price, the trainer will return the difference in the training prices to the ordering party.

4. Price and payment terms

4.1. By sending the application, the ordering party accepts the contract price (hereinafter referred to as the participation fee) indicated for the course.
4.2. In case of multiple participants registered with one application, a discount is possible.
4.3. The participation fee must be paid into the bank account of the company held with the company Komerční banka č. 78-7768770207/0100, IBAN:CZ5301000000787768770207, BIC:KOMBCZPPXXX. When making the payment, a variable symbol must be provided, which is indicated on the invoice sent to the client by the trainer.
4.4. The participation fee includes the provider's costs, including the training materials. The provider is a VAT payer.
4.5. The client is obliged to pay the participation fee within 14 working days of receipt of the invoice, unless otherwise stated by a separate contract.
4.6. If the person enrolled does not attend the training and no other agreement has been made, his or her absence is considered a cancellation application at an interval of less than 7 days, i.e. the trainer is entitled to a reward of 25% of the course price. The overpayment is returned within 14 days to the sender's payment account from which the funds were sent. Payment to another account number is not possible.
4.7. An invoice will be issued by the trainer no later than 5 working days from the beginning of the training, which will be sent by e-mail or data box as agreed.

5. Training conditions

5.1. The trainer is obliged to inform the client 14 days in advance of the location and time of the training, including the start and end dates of the daily programme.
5.2. If the client is not a student of the course, he is obliged to ensure the distribution of this information to the end participants. The trainer is not responsible for failure to comply with these terms and conditions.
5.2. By default, the training takes place from 9 a.m. to 5 p.m. at a predetermined location.
5.3. The trainer can be available from 8 a.m. to 9 a.m. and then from 17 a.m. to 6 p.m. for questions from the participants, according to the current terms and conditions.
5.4. At the end of the training, the certificate of absorption is handed over to the end users.
5.5. At the end of the training, the end users evaluate the trainer's approach and are asked to comment on the evaluation of his presentation, the manner of presentation and the significance of the information provided.

6. Complaints

6.1. If the participant is grossly dissatisfied with the course, the trainer is informed of this information.
6.2. The reasons for dissatisfaction are recorded in the minutes in two copies on the same day. One is handed over to the client and one is held by the trainer.
6.3. A statement on the complaint will be submitted by e-mail within two weeks. A solution will then be agreed within one week.
6.4. The customer's dissatisfaction may be a reason for discontinuing further cooperation, or financial compensation up to the price of the training, after deduction of costs.

7. Copyright of the provided materials

7.1. The training materials provided by the trainer in the course of the training meet the characteristics of a copyrighted work in accordance with Czech Act No 121/2000 Coll.
7.2. None of the training materials or any part thereof may be further processed, reproduced, distributed or used for further presentations or training in any way without the prior written consent of the trainer.

8. Liability

8.1. The trainer does not assume responsibility for any shortcomings in the services of any third party that he uses in the training.
8.2. The trainer does not assume responsibility for injuries, damages and losses incurred by the participants in the training events or caused by the participants. Such costs, caused by the above circumstances, shall be borne exclusively by the participant in the training event.

9. Validity of the Terms

9.1 These General Terms and Conditions shall be valid and effective from 1 October 2024.

Consent to the collection and processing of personal data

According to Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "the Regulation"), the processor xxx (hereinafter referred to as "the Controller") processes personal data. Individual personal data that are part of the processing during specific activities at this web presentation and in the course of trade are also broken down.
Although the collection of data is ubiquitous, the operation of this website is based on the right to privacy of each user. For this reason, the collection of information about users takes place to the extent absolutely necessary and only if the user decides to contact the operator. We consider any further collection and processing of data unethical.

Information about the records of access to the web presentation

This website does not collect any cookies. The site does not use any analytical scripts of third parties (social networks, cloud providers). For these reasons, an option is also offered for displaying the map in the form of a link, where the primary source is OpenStreet and alternatives then the frequently used Maps of Seznam, a.s., or Google Maps of Google LLC Inc. The use of any of these sources is entirely at the discretion of the users of this site. The administrator is not responsible for the collection of data carried out by these companies, does not provide them with data about users and does not cooperate on the collection of data.
Logging of access takes place only at the system level, the reason being the identification of any technical or security problems. Other reasons are overview access statistics. No specific data is collected or monitored in this area and all access records are deleted after three months.

Information about contacting the operator of the site

The form for contacting the operator of the site (administrator) contains the following personal data: name, surname, e-mail. These data are intended only for this communication, corresponding to the address of the user and are kept for the time necessary to fulfil the purpose, up to a maximum of one year, unless the user determines otherwise.

Information about the order form

In case of an interest in the order form, the form contains more data, i.e. name, surname, e-mail and contact details for the organisation. These data are intended only for this communication, corresponding to the address of the user and are kept for one year, unless the user determines otherwise. In the event that a business relationship is concluded on the basis of this order, only the information required by Czech law on the basis of business relations (company name and address, bank account number, type of course and its price) will continue to be kept by the administrator.

Information about the course completion document

Within the course, a course completion document is issued by the processor. This document contains the following data: student's name and surname, the name and date of the course completion and the employer's name. The information is subsequently used for the creation of a linear hash tree (non-modifiable record). This database contains only information about the provided names and company names, which may or may not correspond to reality and is maintained by the processor for possible re-issuance or verification of the document's issuance.

Rights of the personal data subject

The customer or visitor of this website has the possibility to request information about the processing of personal data, the right to request access to personal data, or the right to request the correction or deletion of any data held about him. In the case of deletion, this requirement cannot be fulfilled only if it is not data strictly necessary in the course of business. The customer or visitor of this website also has the right to obtain explanations regarding the processing of his personal data if he finds out or believes that the processing is carried out in violation of the protection of his private and personal life or in violation of applicable legislation, and the right to request removal of the resulting situation and to ensure the correction.
Furthermore, the customer/visitor of this website may request restriction of processing or object to the processing of personal data and has the right to withdraw his/her consent to the processing of personal data at any time in writing, without prejudice to the lawfulness of their processing prior to such withdrawal. For this purpose, the contact e-mail address support@cryptosession.cz is used.
The customer/visitor has the right to file a complaint against the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection.