Quantum Cryptography

Similar documents
Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

The Quantum Threat to Cybersecurity (for CxOs)

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

Quantum Cryptography

Post-Quantum Cryptography & Privacy. Andreas Hülsing

Cryptography in a quantum world

Cyber Security in the Quantum Era

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

What are we talking about when we talk about post-quantum cryptography?

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

Quantum threat...and quantum solutions

Quantum Technologies: Threats & Solutions to Cybersecurity

Post-Quantum Cryptography & Privacy. Andreas Hülsing

The quantum threat to cryptography

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

Lattice-Based Cryptography

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?

Public-key Cryptography and elliptic curves

Security Implications of Quantum Technologies

The Elliptic Curve in https

QUANTUM COMPUTING & CRYPTO: HYPE VS. REALITY ABHISHEK PARAKH UNIVERSITY OF NEBRASKA AT OMAHA

Evolution of Cryptography April 25 th 2017

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Information Security

Number Theory in Cryptography

Risk management and the quantum threat

LECTURE NOTES ON Quantum Cryptography

Public-key Cryptography and elliptic curves

Message Authentication Codes (MACs)

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Quantum Cryptography. Marshall Roth March 9, 2007

Cryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Quantum Differential and Linear Cryptanalysis

Secrecy and the Quantum

Fundamentals of Modern Cryptography

Quantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

A brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago

Cryptographical Security in the Quantum Random Oracle Model

Lecture V : Public Key Cryptography

Quantum Cryptography. Chris1an Schaffner. Research Center for Quantum So8ware

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

My brief introduction to cryptography

Chapter 8 Public-key Cryptography and Digital Signatures

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Public Key Cryptography

QUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS

The quantum threat to cryptography

Introduction to Elliptic Curve Cryptography. Anupam Datta

Quantum Technologies for Cryptography

Introduction to Cryptography. Lecture 8

Post-quantum key exchange for the Internet based on lattices

Historical cryptography. cryptography encryption main applications: military and diplomacy

Security II: Cryptography exercises

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Advanced Cryptography Quantum Algorithms Christophe Petit

Lecture 1: Introduction to Public key cryptography

Fang Song. Joint work with Sean Hallgren and Adam Smith. Computer Science and Engineering Penn State University

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

CIS 551 / TCOM 401 Computer and Network Security

Practical quantum-key. key- distribution post-processing

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

Post-quantum RSA. We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity

Quantum Key Distribution and the Future of Encryption

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Other Public-Key Cryptosystems

Asymmetric Encryption

Elliptic Curve Cryptography

From NewHope to Kyber. Peter Schwabe April 7, 2017

Secrets of Quantum Information Science

Everything is Quantum The EU Quantum Flagship

The Three Upcoming Revolutions in Physics and Astronomy that will Affect Everyone. Quantum Information Nov. 12, 2002

9 Knapsack Cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Ping Pong Protocol & Auto-compensation

Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security

Post-Quantum Cryptography

MATH 158 FINAL EXAM 20 DECEMBER 2016

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

Breaking Symmetric Cryptosystems Using Quantum Algorithms

Quantum Information Transfer and Processing Miloslav Dušek

Public-Key Cryptosystems CHAPTER 4

quantum mechanics is a hugely successful theory... QSIT08.V01 Page 1

Other Public-Key Cryptosystems

Introduction to Quantum Key Distribution

1.0 Introduction to Quantum Systems for Information Technology 1.1 Motivation

The science behind these computers originates in

Cryptography: A Fairy Tale for Mathematicians and Starring Mathematicians!

ADVANCED CRYPTOLOGY (COD2) CTY COURSE SYLLABUS. Week 1. Info sheet, pre-test, Sunday survey, honor codes, computer lab forms, check roster.

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Introduction to Modern Cryptography Lecture 11

Transcription:

Quantum Cryptography Christian Schaffner Research Center for Quantum Software Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica

Quantum Computer Quantum Computer What are you going to do with it? 10-20 quantum bits now 50-100 qubits in the next 5 years!

Quantum Software is Fundamentally Different Qubit: superposition of 0 and 1 Massive parallel computation: Each extra qubit doubles number of parameters 300 qubits bigger than number of atoms in universe Exponentially large state space How to get the answer out?? Measuring destroys computation!! Quantum Program Use interference to cancel unwanted computations Counterintuitive, fundamentally different from classical programming Does not work for every computational problem! most problems no speed-up!

Quantum Software Focus mostly on quantum hardware Time is now to put more effort into quantum software. It is essential for a successful quantum future. Launch research center for quantum software:

Enabling the power of quantum computers

Enabling the power of quantum computers This talk: What are the effects on cryptography?

Talk Outline n Classical Cryptography n Impact of Quantum Computers on Cryptography n When do we need to worry? n Solutions n Quantum Future

Ancient Cryptography Blaise de Vigenère Scytale 500 BC 2015 AD 1000 AD 50 BC 500 AD Caesar Cipher (ROT4) 1500 AD

Charles Babbage Ancient Cryptography Claude Shannon Diffie / Hellman 1850 1950 2015 1800 1900 1976 een systeem van versleuteling moet even veilig zijn, zelfs als alles behalve de sleutel over het systeem publiek bekend is Auguste Kerckhoffs Enigma Alan Turing

Modern Cryptography is everywhere! n is concerned with all settings where people do not trust each other n

Cyber Security Cyber Security in the Netherlands is an important focal area that provides security, safety and privacy solutions that are vital for our economy including but not limited to critical infrastructures, smart cities, cloud computing, online services and e-government. Cloud computing Internet of Things (IoT) Payment systems ehealth Auto-updates Digital Signatures Secure Browsing - TLS/SSL VPN IPSec Secure email s/mime, PGP RSA, DSA, DH, ECDH, AES, 3-DES, SHA, Based on slides by Michele Mosca

Quantum Effects n Classical bit: 0 or 1 n Quantum bit: can be in superposition of 0 and 1 n Yields a more powerful computational model: n Shor s algorithm allows to factor numbers n Grover s algorithm allows to search faster

n [Shor 94] Polynomial-time quantum algorithm for factoring integer numbers n 15 = 3 * 5 n 27 = 3 * 3 * 3 n 31 = 1 * 31 n 57 = 3 * 19 n 91 = 7 * 13 n 173 = 1 * 173 Quantum Algorithms: Factoring n RSA-100 = 152260502792253336053561837813263742971806811496138068 8657908494580122963258952897654000350692006139 = 37975227936943673922808872755445627854565536638199 40094690950920881030683735292761468389214899724061

n Quantum Algorithms: Factoring [Shor 94] Polynomial-time quantum algorithm for factoring integer numbers n Classical Computer : Exponential time n Quantum Computer : Poly-time: n 2 n For a 600-digit number (RSA-2048) n Classical: age of universe n Quantum: few minutes

Current Cryptography under Quantum Attacks Security level Conventional attacks Quantum attacks systems Symmetric-key encryption (AES-256) Hash functions (SHA3-256) Public-key crypto (key exchange, digital signatures, encryption) (RSA-2048, ECC-256) 256 bits of security 128 bits 128 bits 85 bits 112 bits ~ 0 bits n Products, services, businesses relying on security either stop functioning or do not provide expected levels of security (like last week s ransomware events)

Depends on: n n n n When do we need to worry? How long do you need to keep your secrets secure? (x years) How much time will it take to re-tool the existing infrastructure? (y years) How long will it take for a large-scale quantum computer to be built? (z years) Theorem (Mosca): If x + y > z, then worry. y x z secrets revealed time 2017 2027? n Corollary: If x > z or y > z, you are in big trouble! Slide by Michele Mosca

Talk Outline üclassical Cryptography üimpact of Quantum Computers on Crypto üwhen do we need to worry? n Solutions n Quantum Future

Solution: Quantum-Safe Cryptography Classical quantum-safe cryptography (post-quantum crypto) Quantum Cryptography Slide by Michele Mosca

Quantum Crypto Landscape Security level Conventional attacks Quantum attacks systems Symmetric-key encryption (AES-256) Hash functions (SHA3-256) Public-key crypto (key exchange, digital signatures, encryption) (RSA-2048) 256 bits 128 bits 128 bits 85 bits 112 bits ~ 0 bits technical difficulty ( ) Hash-based signatures probably probably McEliece probably probably Lattice-based probably probably Quantum Key Distribution (QKD) provable provable Qantum-safe Crypto

Conventional Quantum-Safe Crypto n Wanted: new assumptions to replace factoring and discrete logarithms in order to build conventional public-key cryptography

Quantum Key Distribution (QKD) Alice [Bennett Brassard 84] k =? Bob k = 0101 1011 Eve k = 0101 1011 n Offers an quantum solution to the key-exchange problem which does not rely on computational assumptions

Quantum Key Distribution (QKD) [Bennett Brassard 84] Alice Bob Eve n technically feasible: no quantum computer required, only quantum communication

Quantum Key Distribution (QKD) [Bennett Brassard 84] Alice Bob Eve n technically feasible: no quantum computer required, only quantum communication

Solution: Quantum-Safe Cryptography Conventional quantumsafe cryptography (post-quantum crypto) Can be deployed without quantum technologies Believed to be secure against quantum attacks of the future Quantum Cryptography Requires some quantum technology (but no largescale quantum computer) Typically no computational assumptions Slide by Michele Mosca

Talk Outline üclassical Cryptography üimpact of Quantum Computers on Crypto üwhen do we need to worry? üsolutions n Quantum Future

Quantum Research in NL QuTech: 135 mln, 50 mln $ Intel May 2017: NWO Zwaartekracht: 18.8 mln for 10 years

Quantum Research in EU 17 May 2016: 1 mld flagship program on Q technologies

Quantum Research Worldwide Waterloo, Singapore, Santa Barbara, China,

ader: Wehner nts: Beenakker, Bertels, Bouwmeester, Briët, Buhrman, Fehr, Grünwald, Hanson, Laur van Deursen, de Wolf Quantum Networks w nand motivation 2000km QKD backbone network m network connects different quantum devices using quantum communication [Gis0 between Beijing and Shanghai s that are provably impossible to achieve using classical information processing. M networks need onlysatellite very few qubits to obtain n first QKD launched e quantum advantage over any classical in 2016 from ChinaGeneral information y. A quantum network that connects many Research proposal odes is called a quantum internet. In the Budget uantum internet will operate in Declaration/signature parallel to the Quantum entanglement allows to keys (like QKD) ation generate between anysecure two points on earth. n of today, and ultimately allow quantum the best known application of quantum ation is quantum key distribution [Ben84, hich allows two network nodes to establish an n key whose security is guaranteed even if the as an arbitrarily powerful quantum computer. cryptography is fully future proof: even if a Figure 2.4: Each node in a quantum network is a small quantum

Secure Computing in Quantum Cloud n Distributed quantum computing n Recent result: quantum homomorphic encryption allows for secure delegated quantum computation Y. Dulek, C. Schaffner, and F. Speelman, arxiv:1603.09717 Quantum homomorphic encryption for polynomial-sized circuits, in CRYPTO 2016, QIP 2017

ücyber Security Summary Cloud computing Internet of Things (IoT) Payment systems, ehealth Auto-updates Digital Signatures Secure Browsing - TLS/SSL VPN IPSec Secure email s/mime, PGP RSA, DSA, DH, ECDH, AES, 3-DES, SHA, üimpact of Quantum Computing on crypto systems Security level Symmetric-key crypto Conventional attacks Quantum attacks 128 bits reduced Public-key crypto 112 bits broken! Thm: If x + y > z, then worry

Summary üquantum-safe crypto: Conventional quantumsafe cryptography (post-quantum crypto) Quantum Cryptography üquantum Key Distribution, Quantum Cloud

Thank you for your attention! Questions Get in touch: schaffner@qusoft.org

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback