Cryptography in a Quantum World

Transcription

1 Cryptography in a Quantum World Grégoire Ribordy May 2016

2 Cybersecurity Cybertechnologies are becoming increasingly pervasive. Cybersecurity is a growing and fundamental part of safety and security of individuals, organizations and society 2

3 Cryptography is a foundational pillar of cybersecurity - Cryptography allows us to achieve information security while using untrusted communication systems. - Example: Do you use e-banking? Why do you trust the system? 3

4 Goals of Cryptography Confid entialit y Integrity Information Security NonRepudi ation Authentication

5 Cryptographic Primitives Asymmetric Confidentiality Symmetric Alice Eve Bob Alice Scrambled Scrambled Secret Key Eve Bob Secret Key + other similar primitives for other goals (digitial signatures, etc.) Public Key Private Key

6 Cryptographic Protocol Eve Scrambled Bob Alice Symmetric Cryptography Secret Key Secret Key Public Key Private Key x =? A x B = Asymmetric Cryptography

7 Computational Security Computer Science Hard! 7 Easy!

8 Classical and Quantum Physics Classical physics Quantum physics Before 1900 After 1900 Describes the macroscopic world Deterministic Intuitive Describes of the microscopic world Probabilistic Central role of the observer Not very intuitive Quantum physics 8 Novel information processing possibilities Quantum Information Theory (QIT)

9 Post-Quantum Era? A World with Quantum Computers Computer Science Physics Computation is a physical process Bits Qubits Major consequences in Information Security 9

10 Cryptography in a World with Quantum Computers Computer Science Physics Hard! Easy! 1 0 Easy!

11 Quantum Algorithms & Impact on Today s Cryptography Shor s Algorithm Peter Shor, 1994 Quantum algorithm for integer factorization Grover s Algorithm Lov Grover, 1996 Quantum algorithm to perform search in an unsorted database O(n½) vs O(n) O((log N)3) vs. O(e1.9 (log N)1/3 (log log N)2/3) Can break RSA, Elliptic Curve & Diffie Hellman 11 Key halfed for symmetric cryptography AES bits security AES bits security

12 Cryptographic Primitives Confidentiality Symmetric Alice Asymmetric Eve Bob Alice Scrambled Secret Key Eve Bob Scrambled Secret Key Symmetric crypto primitives: ok (if key long enough) Public Key Asymmetric crypto primitives: at risk Private Key

13 Increasing Interest in Quantum IT 1999 EU invests M in quantum technologies via FET program over next 7 years Dec 2013 Jun x USA ARDA invests in Quantum Information Science and Technology Roadmap Canadian government invests 78M in quantum technologies over next 7 years UK Government invests 270M in quan-tum techno-logies in next 5 years NL Government invests 135M in QuTech Delft over next 10 years Chinese government plans major investment in quantum computing EU investment July 2014 Sep established and starts R&D on quantum communication Microsoft starts Station Q at UC Santa Barbara Lockheed Martin buys D-Wave Two1 IBM invests $3B in research initiative that includes quantum computing Google absorbs John Martinis research group Intel invests $50M in QuTech (UC Santa Barbara)

14 Quantum Computers in the News 14

15 When Do We Need to Worry? x How long do you need encryption to be secure? y x z y Time How much time will it take to re-tool the existing infrastructure with a quantum-safe solution? x + z How long will it take for a large scale quantum computer to be built (or for any other relevant advance 1 5 y zy z > Not possible to provide the required x years of security > System will collapse in z years with no easy fix

16 Why Is this Important? A Classical Risk Analysis Risk Probability of threat Impact of threat currently low but increasing Extremely high if no action taken Conduct Quantum-Risk Assessment Engineer Crypto Agility Enter in the Post-Quantum Era 16

17 Quantum-Safe Transition We announce preliminary plans for transitioning to quantum resistant algorithms. Aug. 2015

18 The Solution: Quantum-Safe Cryptographic Infrastructure Post-quantum algorithms (aka quantum-resistant algorithms) Classical codes deployable without quantum technologies. Quantum Key Distribution Eg. Lattice, matrix -based algorithms Believed to be secure against Shor s algorithm but no guarantee that there will not be other quantum attacks. Recommended for quantum-safe digital signatures & end point encryption. Hardware solution. Typically no computational assumptions and thus known to be secure against future quantum attacks. Recommended for encryption of high-value information with requirement for long-term confidentiality. E.g. Data center interconnect, government data Hugo Zbinden 18