ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK SESSION 1 World Tour
HIGHLIGHTS Session focused on activity world wide on quantum safe communications research and policy. Matthew Scholl (NIST) described the NIST Process not competition on new quantum safe primitives and time scales. Take home message: aggressive timescales starting now. Emphasis on PQC Cheng Zhi Peng (CAS) described the dual approach of space based and fibre based QKD research in China.
ISSUES RAISED William Huang (IDQ QTEC) described industry engagement in building the fibre based QKD backbone in China. Take home message: helps to have buy in from Government 5 year plans and identification within China s top 100 Key Projects! Norbert Luetkenhaus (IQC) described the academic industry quantum safe ecosystem in Canada. Take home message: PQC and QKD work proceeding together with proper emphasis on testing, evaluation and standards.
HIGHLIGHTS Masahide Sasaki (NICT) Japan looking at quantumbased solution for medical information systems. Tim Spiller, University of York UK Quantum Communications Hub bringing together Academia, Government and Industry including users. Nicolas Gisin, University of Geneva You can use your smartphone as an elementary Quantum processor!
CONCLUSION WORLD TOUR QKD is heavily funded worldwide, and much is happening. Links between QKD and PQC communities vary significantly from country to country. NIST process will focus attention on PQC
ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK Session 3: Threats to Cryptography
HIGHLIGHTS Good progress is being made with developing scalable quantum computers (QCs). Tens of qbits are now available in the lab and public access for experiment is now available via initiatives such as IBMQ A range of technologies are being investigated and it is speculated that machines with thousands of logical qbits may be only 15 25 years away There is also good progress with controlling and understanding the power of quantum computers. For example IBM are developing the notion of QC volume (= num qbits x error rate x connectivity factor x num gates) to give an indication of the power of various technologies and architectures proposed for future QCs.
ISSUES RAISED However there is an increasing recognition that the additional resources required for error correction and fault tolerance for large machines will be a significant overhead. Estimates from IQC/Waterloo for inverting SHA hashes or performing Grover searches on parallel QCs with good surface codes already demonstrate the problem. Meanwhile our understanding of classical attacks on PQC is also continuing to improve. For example the complexity of lattice basis reduction algorithms is well understood and parameter size recommendations already incorporate a large safety margins. We are in a much better situation than in the 1980s with early factoring algorithms. Quantum supremacy may be approaching but in the near term this will mean that QCs cannot be simulated by classical computers, not that QCs will be able to solve currently intractable problems of interest.
ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK SESSION 4 System Level Issues
HIGHLIGHTS Each of the current proposed post quantum cryptography schemes has pros and cons to satisfy the requirements for one pass key establishment in updating public keys With a combination of post quantum TLS protocol and QKD, special engineering method is presented to establish secure multi site communication system Valuable FPGA implementation data for the comparison of New Hope and Frodo are presented
ISSUES RAISED One way key establishment has limits on public key update which requires carefully assess the security implications when determining how often to update keys The key pool generated through QKD for multi site communications may appear to be a vulnerable point and needs to be protected
WAY FORWARD Need to further explore PQC systems for one pass key establishment schemes It will be valuable to explore possible extensions of multi site network using QKD and understand the advantage of using QKD compared over using post quantum TLS only FPGA implementation data is very valuable for PQC and expect FPGA data on other PQC candidate families
ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK 15 SEPTEMBER 2017 SESSION 5: POST QUANTUM CRYPTO
HIGHLIGHTS Session focused on different approaches on post quantum cryptography, especially Hash based signature, Multivariante schemes, RLWE based key exchange/authentication, and new type of quantum safe ECC. Scott Fluhrer, Stefan Lukas, talked about a survey of Hashbased signature and their practical usages Jean Charles went through the update progress about a multivariate algr. Jintai gave a new findings about RLWE key exchanges, as well as the robustness of the scheme, and a colleague of Reza showed their new results on quantum safe ECC
ISSUES RAISED Scott/Stefan described how to deal with the choice of parameters while security/efficiency trade off are concerned. Stefan also explained if the hybrid model works Jintai emphasized the principle of new robust keyexchange allowing key reuse Colleague of Reza pointed out the possible ways to investigate the quantum safe proof for their schemes
ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK SESSION 6 Quantum Key Distribution
HIGHLIGHTS C. Chunnilall (NPL) pointed out the importance of traceable measurements to certify QKD security. The first measurement standard of quantum technology was established in ETSI ISG QKD. A. Fedorov (RQC) presented efficient key distillation method and a proposal of quantum secured block chain. B. Huttner (IDQ) : QKD adds a layer of security (not exclusive). For space networks, quantum enhanced physical layer cryptography would be promising.
ISSUES RAISED Physical measurements with accuracy and precision need to be developed and applied to certification of QKD security. QKD needs to be efficient and cost effective. QKD has a distance limitation. Satellites will enable broader scale QKD. Protocols and implementation can, however, be simplified by taking into account that space optical link is lineof sight, unlike optical fibres, i.e., Eve s ability of physical access to the channel can be limited.
WAY FORWARD Continue to work on QKD implementation security with traceable measurements and to standardize those measurements. Further investigate Q secured authentication, block chain etc. For space networks, not only conventional QKD but also quantum enhanced physical layer cryptography need to be explored for various options (high end security solution, high speed solution with reasonable security assumption).
THE 6TH ETSI/IQC QUANTUM SAFE WORKSHOP WELCOME TO BEIJING NOV. 6 8, 2018
THE 6TH ETSI/IQC QUANTUM SAFE WORKSHOP Beijing is the culture center of China
THE 6TH ETSI/IQC QUANTUM SAFE WORKSHOP Updated progress since the 5 th QSC workshop Keynote speeches PQC+QKD standardization Special issues in quantum resistant algorithms Threats from incoming quantum computer