An introduction to post-quantum cryptography

Similar documents
Quantum Computers vs. Computers

Quantum computing in practice

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Bits Superposition Quantum Parallelism

Quantum Computing. Robert Sizemore

Shor s algorithm and secret sharing

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Quantum Computing Lecture 7. Quantum Factoring. Anuj Dawar

A Novel Approach for Signing Multiple Messages: Hash- Based Signature

Quantum Computing: The Risk to Existing Encryption Methods

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014

Real-World Post-Quantum Digital Signatures

The New Approach of Quantum Cryptography in Network Security

Securing Your Data In Transit For The Long Term

Introduction to post-quantum cryptography

The Mathematics of the RSA Public-Key Cryptosystem

Key & Data Storage on Mobile Devices

1.Context What is the problem with current cryptographic techniques? Current Quantum Key Distribution (QKD)... 4

Quantum Computers. And How Does Nature Compute? Kenneth W. Regan 1 University at Buffalo (SUNY) 21 May, Quantum Computers

Public Key Cryptography. Performance Comparison and Benchmarking

Introduction to Quantum Computing

Post-Quantum Cryptography

Table of Contents. Bibliografische Informationen digitalisiert durch

Lukasz Pater CMMS Administrator and Developer

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

CRYPTOGRAPHY IN NETWORK SECURITY

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Notes on Network Security Prof. Hemant K. Soni

Computer Security: Principles and Practice

Lecture 9: Application of Cryptography

A Factoring and Discrete Logarithm based Cryptosystem

Quantum Safe Cryptography V1.0.0 ( )

Cryptography and Network Security Chapter 10

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Quantum Key Distribution as a Next-Generation Cryptographic Protocol. Andrew Campbell

Elements of Applied Cryptography Public key encryption

Public-Key Cryptanalysis

Library (versus Language) Based Parallelism in Factoring: Experiments in MPI. Dr. Michael Alexander Dr. Sonja Sewera.

Quantum Algorithms in NMR Experiments. 25 th May 2012 Ling LIN & Michael Loretz

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Cryptography and Network Security

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Cryptography and Network Security Chapter 9

Using etoken for SSL Web Authentication. SSL V3.0 Overview

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

IT Networks & Security CERT Luncheon Series: Cryptography

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

3. Designed for installation by the user without further substantial support by the supplier; and

What Has Quantum Mechanics to Do With Factoring? Things I wish they had told me about Peter Shor s algorithm

CMSS An Improved Merkle Signature Scheme

Quantum Computing. Robert Senser, PhD. CSC 5446 Presentation Spring Version

Cryptography & Digital Signatures

The Future of Digital Signatures. Johannes Buchmann

Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

7! Cryptographic Techniques! A Brief Introduction

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

CPSC 467b: Cryptography and Computer Security

How To Solve An Npa-Complete Problems With Quantum Computing And Chaotic Dynamics

IB Computer Science Extended Essay

Final Project RSA Secure Chat Server CSC 290 Warren Fong

Quantum Computing and Cryptography Their impact on cryptographic practice

Quantum Safe Cryptography and Security

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Asymmetric Encryption

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

The Limits of Adiabatic Quantum Computation

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

COMPSCI 111/111G. Quantum Computing. Term 1, Prepared using LATEX Beamer by Cristian S.Calude 1 / 26

Quantum Computing Architectures

CSCE 465 Computer & Network Security

Index Calculation Attacks on RSA Signature and Encryption

Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary

Implementation of Elliptic Curve Digital Signature Algorithm

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Lecture 25: Pairing-Based Cryptography

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

National Security Agency Perspective on Key Management

CrypTool Claudia Eckert / Thorsten Clausius Bernd Esslinger / Jörg Schneider / Henrik Koy

Lecture 6 - Cryptography

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Overview of Public-Key Cryptography

Factoring by Quantum Computers

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Transcription:

An introduction to post-quantum cryptography Andrew Savchenko NRNU MEPhI, Moscow, Russia LVEE Winter 2016

Outline 1 Terminology 2 Quantum computing 3 Impact on cryptographic algorithms 4 Free software solutions 5 Summary

What is what: Terminology Classical cryptography usual cryptography, designed to withstand cryptanalysis using classical computers Postquantum cryptography cryptography resilient to quantum computing Quantum cryptography has nothing to do with post-quantum cryptography It uses quantum mechanical properties of the matter for crypto applications, eg: secure key distribution using entangled particles protection from data copying Requires a very dedicated hardware and connection lines

What is what: Terminology Classical cryptography usual cryptography, designed to withstand cryptanalysis using classical computers Postquantum cryptography cryptography resilient to quantum computing Quantum cryptography has nothing to do with post-quantum cryptography It uses quantum mechanical properties of the matter for crypto applications, eg: secure key distribution using entangled particles protection from data copying Requires a very dedicated hardware and connection lines

What is what: Terminology Classical cryptography usual cryptography, designed to withstand cryptanalysis using classical computers Postquantum cryptography cryptography resilient to quantum computing Quantum cryptography has nothing to do with post-quantum cryptography It uses quantum mechanical properties of the matter for crypto applications, eg: secure key distribution using entangled particles protection from data copying Requires a very dedicated hardware and connection lines

Quantum computing Base elements: qubits (quantum bits) quantum logic gates quantum algorithm: sequence of quantum gates applied to qubits

Qubits Each classical bit can be either 0 or 1, but qubits: can be 0 and 1 at the same time contain wave function of both states (eg superposition + ) but with different probabilities usually electron spin is used, but any discernible quantum number is OK N qubits 2 N states at the same time vs N classical bits 1 state at once

Quantum gates Quantum logic gate: is a rotation (unitary transformation) applied to the wave functions (usually of 1 or 2 qubits) They provide full set of logical operations All quantum gates are reversible in contrast to classical gates

Quantum computing 2 Caveats: only N bit can be extracted from 2 N states measurement (wave function collapse) is probabilistic: 2 + 2 = 5 OK! but P (2 + 2 = 4) > P (2 + 2 = 5) Summary: internal data reduction upon measurement results must be either: checked or repeated many times

Quantum computing 2 Caveats: only N bit can be extracted from 2 N states measurement (wave function collapse) is probabilistic: 2 + 2 = 5 OK! but P (2 + 2 = 4) > P (2 + 2 = 5) Summary: internal data reduction upon measurement results must be either: checked or repeated many times

Solves integer factorisation problem: Shor s algorithm for known P find N 1, N 2 : N 1 N 2 = P, where N 1, N 2 primes Steps: (C) factoring problem function f period finding problem (Q) period finding: Hadamard transformation (equal probability superposition) apply f as quantum transform apply quantum Fourier transform measure the period (C) obtain prime from the period For details see [1]

Solves integer factorisation problem: Shor s algorithm for known P find N 1, N 2 : N 1 N 2 = P, where N 1, N 2 primes Steps: (C) factoring problem function f period finding problem (Q) period finding: Hadamard transformation (equal probability superposition) apply f as quantum transform apply quantum Fourier transform measure the period (C) obtain prime from the period For details see [1]

Factorisation complexity Complexity estimation for N 2 4096 : Algo ( Complexity Operations GNFS O e 19(ln N)1/3 (ln ln N) 2/3) 10 46 ( ) Shor s O (ln N) 2 (ln ln N) (ln ln ln N) 10 8 GNFS General number field sieve, the fastest classical factorisation algorithm

Grover s algorithm A quantum brute-force (BF) algorithm Black box setup: 1 known output N unknown inputs Complexity estimation for N 2 256 : Algo Complexity Operations BF O (N) 10 ( ) 77 Grover s O N 10 38 For details see [2]

Complexity classes PSPACE problems NP Problems Grover NP Complete Shor P Problems BQP P easy to solve and verify NP hard to solve, but easy to verify BQP easy to solve on quantum computer and verify

Impact on crypto algos Symmetric crypto: Key sizes are halved Common asymmetric crypto: Elliptic curves are very dead RSA and alike are dead Quantum resistant asymmetric crypto: Hash-based [3] Lattice-based [3] Code-based [3] Multivariative quadratic equations [3] Supersingular elliptic curve isogeny [4]

Impact on crypto algos Symmetric crypto: Key sizes are halved Common asymmetric crypto: Elliptic curves are very dead RSA and alike are dead Quantum resistant asymmetric crypto: Hash-based [3] Lattice-based [3] Code-based [3] Multivariative quadratic equations [3] Supersingular elliptic curve isogeny [4]

Impact on crypto algos Symmetric crypto: Key sizes are halved Common asymmetric crypto: Elliptic curves are very dead RSA and alike are dead Quantum resistant asymmetric crypto: Hash-based [3] Lattice-based [3] Code-based [3] Multivariative quadratic equations [3] Supersingular elliptic curve isogeny [4]

D-Wave Systems Computing in adiabatic quantum approximation [5] Declared to be suitable only for discrete optimisation [5, 6] Operates just at 0015K :)

D-Wave Systems Timeline qubits:time qubits 1200 1000 800 600 400 200 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 time Present: 1000 + 1152 qubits from 2048-qubit chip

Timeline Year 2012 CIA $30m investment in D-Wave [7] Year 2014 56153 = 233 241 factored on 4 qubits [8] at 300 K! mr Snowden revealed that NSA spent $ 80m on a quantum computer development [9, 10] Year 2015 NSA announce development of Suite B algorithms resistible to quantum computing [11]

Free software solutions Codecrypt [12] GnuPG-like encryption tool Signatures: hash-tree based (Merkle-tree signature) Asymmetric encryption: code based McEliece cryptosystem [13]) Symmetric encryption: up to 4096-bit keys Keys generation: ccr --gen-key sig --name John Doe # signature key ccr --gen-key enc --name John Doe # encryption key # the same with manual key choise ccr -g FMTSEQ256H20C-CUBE512-CUBE256 -N username ccr -g MCEQCMDPC256FO-SHA512-CHACHA20 -N username

Free software solutions Codecrypt [12] GnuPG-like encryption tool Signatures: hash-tree based (Merkle-tree signature) Asymmetric encryption: code based McEliece cryptosystem [13]) Symmetric encryption: up to 4096-bit keys Keys generation: ccr --gen-key sig --name John Doe # signature key ccr --gen-key enc --name John Doe # encryption key # the same with manual key choise ccr -g FMTSEQ256H20C-CUBE512-CUBE256 -N username ccr -g MCEQCMDPC256FO-SHA512-CHACHA20 -N username

Free software solutions Sign and encrypt: ccr -se -r Frank < lettertxt > letterccr Decrypt and verify: ccr -dv -o replytxt < replyccr Upstream is very dynamic and responsive Quantum Computing Language: QCL [14] quantum assembler and routines emulator of a quantum computer

Free software solutions Sign and encrypt: ccr -se -r Frank < lettertxt > letterccr Decrypt and verify: ccr -dv -o replytxt < replyccr Upstream is very dynamic and responsive Quantum Computing Language: QCL [14] quantum assembler and routines emulator of a quantum computer

Summary Symmetric cryptography is still secure, but double key size Drop RSA and elliptic curves in the long run Use codecrypt and other systems, but with caution Combine multiple crypto systems Outlook: Popular projects (*SSL, GnuPG) should include post-quantum algos one day Raise post-quantum awareness Thank you for your attention!

Summary Symmetric cryptography is still secure, but double key size Drop RSA and elliptic curves in the long run Use codecrypt and other systems, but with caution Combine multiple crypto systems Outlook: Popular projects (*SSL, GnuPG) should include post-quantum algos one day Raise post-quantum awareness Thank you for your attention!

Bibliography I Shor s algorithm URL: https://enwikipediaorg/wiki/shor s_algorithm Grover s algorithm URL: https://enwikipediaorg/wiki/grover s_algorithm Bernstein Daniel J, Buchmann Johannes, Dahmen Erik Post-quantum cryptography Berlin : Springer, 2009 ISBN: 978-3-540-88701-0 URL: https://pqcryptoorg/wwwspringercom/cda/content/ document/cda_downloaddocument/9783540887010-c1pdf Supersingular isogeny Diffie Hellman key exchange URL: https: //enwikipediaorg/wiki/supersingular_isogeny_key_exchange D-Wave Systems URL: http://wwwdwavesyscom/ D-Wave Systems URL: https://enwikipediaorg/wiki/d-wave_systems

Bibliography II CIA and Amazon Founder Greedily Eye D-Wave s Quantum Computer URL: http://wwwdailytechcom/cia+and+amazon+founder+ Greedily+Eye+DWaves+Quantum+Computer/article27866htm Dattani Nikesh S, Bryans Nathaniel Quantum factorization of 56153 with only 4 qubits 2014 URL: http://arxivorg/abs/14116758 Snowden docs: NSA building encryption-cracking quantum computer URL: http://wwwtheregistercouk/2014/01/03/snowden_docs_ show_nsa_building_encryptioncracking_quantum_system/ NSA seeks to build quantum computer that could crack most types of encryption URL: https://wwwwashingtonpostcom/world/national-security/ nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-o 2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_storyhtml NSA Suite B Cryptography URL: https: //wwwnsagov/ia/programs/suiteb_cryptography/indexshtml

Bibliography III Codecrypt (post-quantum crypto suite) URL: http://e-x-aorg/codecrypt/ McEliece cryptosystem URL: https://enwikipediaorg/wiki/mceliece_cryptosystem QCL (quantum computing language and quantum computer emulator) URL: http://tphtuwienacat/~oemer/qclhtml

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information