Cyber Security in the Quantum Era

Similar documents
Cryptography in a quantum world

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

Quantum Technologies for Cryptography

Introduction to Quantum Computing

Security Implications of Quantum Technologies

Quantum Information Transfer and Processing Miloslav Dušek

Quantum threat...and quantum solutions

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Ping Pong Protocol & Auto-compensation

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Quantum Cryptography

LECTURE NOTES ON Quantum Cryptography

EU investment in Quantum Technologies

The Quantum Threat to Cybersecurity (for CxOs)

Device-Independent Quantum Information Processing

Quantum Technologies: Threats & Solutions to Cybersecurity

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Quantum Cryptography

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

QUANTUM COMPUTING & CRYPTO: HYPE VS. REALITY ABHISHEK PARAKH UNIVERSITY OF NEBRASKA AT OMAHA

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Classical Verification of Quantum Computations

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Cryptographical Security in the Quantum Random Oracle Model

Information Security in the Age of Quantum Technologies

Quantum Cryptography and Security of Information Systems

Lecture 1: Introduction to Public key cryptography

Quantum Cryptography

Lecture 2: Quantum bit commitment and authentication

10 - February, 2010 Jordan Myronuk

Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

Entanglement and Quantum Teleportation

A Matlab Realization of Shor s Quantum Factoring Algorithm

Quantum technology popular science description

Summary of Hyperion Research's First QC Expert Panel Survey Questions/Answers. Bob Sorensen, Earl Joseph, Steve Conway, and Alex Norton

Quantum Communication

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

C. QUANTUM INFORMATION 111

ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK

Attacks on RSA & Using Asymmetric Crypto

Other Topics in Quantum Information

What are we talking about when we talk about post-quantum cryptography?

Quantum Cryptography. Marshall Roth March 9, 2007

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

Realization of B92 QKD protocol using id3100 Clavis 2 system

Quantum Computing. Separating the 'hope' from the 'hype' Suzanne Gildert (D-Wave Systems, Inc) 4th September :00am PST, Teleplace

Secrecy and the Quantum

Unconditional Security of the Bennett 1992 quantum key-distribution protocol over a lossy and noisy channel

Device-Independent Quantum Information Processing (DIQIP)

Ground-Satellite QKD Through Free Space. Steven Taylor

Introduction to Quantum Key Distribution

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Introduction to Quantum Cryptography

Public-Key Cryptosystems CHAPTER 4

C. QUANTUM INFORMATION 99

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Quantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security

Practical quantum-key. key- distribution post-processing

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Quantum Key Distribution. The Starting Point

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

Advanced Cryptography Quantum Algorithms Christophe Petit

CS120, Quantum Cryptography, Fall 2016

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

Notes for Lecture 17

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

arxiv:quant-ph/ v1 27 Dec 2004

arxiv:quant-ph/ v1 6 Dec 2005

Semantic Security and Indistinguishability in the Quantum World

Fang Song. Joint work with Sean Hallgren and Adam Smith. Computer Science and Engineering Penn State University

Cryptography IV: Asymmetric Ciphers

Research, Development and Simulation of Quantum Cryptographic Protocols

Security of Quantum Key Distribution with Imperfect Devices

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Quantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan

1 Indistinguishability for multiple encryptions

Research Proposal for Secure Double slit experiment. Sandeep Cheema Security Analyst, Vichara Technologies. Abstract

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

Seminar Report On QUANTUM CRYPTOGRAPHY. Submitted by SANTHIMOL A. K. In the partial fulfillment of requirements in degree of

An Introduction to Quantum Information and Applications

Secrets of Quantum Information Science

Multiparty Computation (MPC) Arpita Patra

arxiv: v7 [quant-ph] 20 Mar 2017

Quantum Key Distribution and the Future of Encryption

Public Key Cryptography

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

Universal Blind Quantum Computing

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

Quantum Cryptography

Using Quantum Effects for Computer Security

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security

quantum mechanics is a hugely successful theory... QSIT08.V01 Page 1

1.0 Introduction to Quantum Systems for Information Technology 1.1 Motivation

Transcription:

T Computer Security Guest Lecture University of Edinburgh 27th November 2017 E H U N I V E R S I T Y O H F R G E D I N B U

Outline Quantum Computers: Is it a threat to Cyber Security? Why should we act now?

Outline Quantum Computers: Is it a threat to Cyber Security? Why should we act now? What is Quantum Security Addressing Quantum Adversaries Quantum-enhancement of Security

Outline Quantum Computers: Is it a threat to Cyber Security? Why should we act now? What is Quantum Security Addressing Quantum Adversaries Quantum-enhancement of Security Misconceptions Recent Technical Advances Our Research in this Landscape

Quantum Computers Quantum Physics is a very successful theory Quantum Physics has many counter-intuitive properties Size of transistors in microchip are approaching quantum scale

Quantum Computers Quantum Physics is a very successful theory Quantum Physics has many counter-intuitive properties Size of transistors in microchip are approaching quantum scale Main Question Can we built a computer using as basic information elements quantum systems, and will this give us extra power?

Quantum Computers Quantum Physics is a very successful theory Quantum Physics has many counter-intuitive properties Size of transistors in microchip are approaching quantum scale Main Question Can we built a computer using as basic information elements quantum systems, and will this give us extra power? Q: What computational power would a QC have? A: Greater than classical probabilistic BPP BQP Q: Is it possible to built such computing device? A: Yes! No fundamental reason stopping us (engineering)

Quantum Computers

Quantum Computers Bit Takes values either 0 or 1 Measurement reveals value Can be copied Strings are described w.r.t. single bits (local) Behave probabilistically Qubit Can behave as being simultaneously 0 and 1: 0i + 1i Measurement disturbs Cannot be copied Strings cannot be described w.r.t. single qubits (non-local) Complex probabilities

Quantum Computers: Is it a serious threat? Quantum Computers can solve e ciently factoring and discrete log (Factoring, RSAP, Discrete Log, DHP) Intractable problems (classical hardness guarantees security) ) Tractable problems (for Quantum Computers)

Quantum Computers: Is it a serious threat? Quantum Computers can solve e ciently factoring and discrete log (Factoring, RSAP, Discrete Log, DHP) Intractable problems (classical hardness guarantees security) ) Tractable problems (for Quantum Computers) Take-home message If a scalable quantum computer is built, most of current cryptography breaks (from emails, bank transactions to national security secrets)!

Quantum Computers: Is it a serious threat? Quantum Computers can solve e ciently factoring and discrete log (Factoring, RSAP, Discrete Log, DHP) Intractable problems (classical hardness guarantees security) ) Tractable problems (for Quantum Computers) Take-home message If a scalable quantum computer is built, most of current cryptography breaks (from emails, bank transactions to national security secrets)! Known since 1990 s Requires unprecedented control of quantum systems

Why act now? Huge recent initiative in Quantum Technologies Companies: IBM, Google, Microsoft, Intel, Atos, D-Wave, Rigetti, Alibaba, etc Governments: UK( 270 million EPSRC), EU (e1 billion Flagship), etc Developments in Quantum Technologies are accelerating and the prospect of practical QT is becoming real

Why act now? Huge recent initiative in Quantum Technologies Companies: IBM, Google, Microsoft, Intel, Atos, D-Wave, Rigetti, Alibaba, etc Governments: UK( 270 million EPSRC), EU (e1 billion Flagship), etc Developments in Quantum Technologies are accelerating and the prospect of practical QT is becoming real Security can be broken retrospectively

Why act now? Huge recent initiative in Quantum Technologies Companies: IBM, Google, Microsoft, Intel, Atos, D-Wave, Rigetti, Alibaba, etc Governments: UK( 270 million EPSRC), EU (e1 billion Flagship), etc Developments in Quantum Technologies are accelerating and the prospect of practical QT is becoming real Security can be broken retrospectively Years (possibly decades), are needed to develop/replace all protocols with quantum-safe protocols

Why act now? Huge recent initiative in Quantum Technologies Companies: IBM, Google, Microsoft, Intel, Atos, D-Wave, Rigetti, Alibaba, etc Governments: UK( 270 million EPSRC), EU (e1 billion Flagship), etc Developments in Quantum Technologies are accelerating and the prospect of practical QT is becoming real Security can be broken retrospectively Years (possibly decades), are needed to develop/replace all protocols with quantum-safe protocols Take-home message There is a serious medium-time threat that scalable quantum computers will become available. Counter-actions should start now.

Investments in Quantum Computing

What is Quantum Security? Quantum Security: All aspects a ecting secure communications and computations due to the development of quantum technologies

What is Quantum Security? Quantum Security: All aspects a ecting secure communications and computations due to the development of quantum technologies Negative: Deal with vulnerabilities due to adversaries holding quantum computers or other quantum devices Positive: Enhance security, as honest parties can use quantum devices to achieve tasks impossible with classical means

What is Quantum Security? Quantum Security: All aspects a ecting secure communications and computations due to the development of quantum technologies Negative: Deal with vulnerabilities due to adversaries holding quantum computers or other quantum devices Positive: Enhance security, as honest parties can use quantum devices to achieve tasks impossible with classical means Most known representatives 1 Lattice-based crypto. Change classical protocols to defend against QC 2 Quantum-key-distribution (QKD). Quantumness used positively to enable KD with information theoretic security Field is much wider and the focus should be to go beyond these

Quantum Key Distribution Can distribute key unconditionally secure Use for one-time-pad ) unconditionally secure encryption Charles Bennett and Gilles Brassard 1984 (first protocol) 1 Alice sends sequence of qubits to Bob 2 Unknown quantum states: (i) cannot be distinguished with certainty, (ii) cannot be copied 3 Any action by Eve can be detected w.h.p. (observation disturbs the system) 4 Alice - Bob, can estimate information Eve has on their string 5 If below a threshold, use classical techniques ) a secret key

Quantum Key Distribution

Quantum Key Distribution A quantum hacker, exactly as you would imagine him: (Prof. Vadim Makarov from University of Waterloo)

Addressing Quantum Adversaries 1 Information Theoretic Security: Cannot break with any computational power

Addressing Quantum Adversaries 1 Information Theoretic Security: Cannot break with any computational power 2 Post-quantum Security: Security against computationally-bounded quantum adversaries QC-hard problem Valid reduction to hardness of problem Quantum-compatible security definitions

Addressing Quantum Adversaries 1 Information Theoretic Security: Cannot break with any computational power 2 Post-quantum Security: Security against computationally-bounded quantum adversaries QC-hard problem Valid reduction to hardness of problem Quantum-compatible security definitions 3 Side-channel Attacks: Quantum Hacking (attack physical implementations) Fundamental quantum non-locality defends against these

Quantum-Enhanced Security 1 Simple quantum devices for info-theoretic security: Possible with current technology (QKD, QRNG, etc)

Quantum-Enhanced Security 1 Simple quantum devices for info-theoretic security: Possible with current technology (QKD, QRNG, etc) 2 Enhance e ciency/security of involved classical protocols: Important classical applications that can be improved with current or close technology (e-voting, SMPC, blockchain, etc)

Quantum-Enhanced Security 1 Simple quantum devices for info-theoretic security: Possible with current technology (QKD, QRNG, etc) 2 Enhance e ciency/security of involved classical protocols: Important classical applications that can be improved with current or close technology (e-voting, SMPC, blockchain, etc) 3 Secure use of new quantum computing devices: QC give new computational power. Few central QC ) Need for a secure delegated service Security for protocols involving quantum information (encryption of quant. info., authentication, SMPQC, etc)

Not all hype is based on facts!

Misconceptions Power of Quantum Computation Myth 1 Quantum Computers are much faster in performing operations than Classical Computers Reality Quantum computers are not faster. Speed-up is obtained because quantum theory allows algorithms/operations impossible for classical computers.

Misconceptions Power of Quantum Computation Myth 2 Quantum Computers simultaneously perform all branches of a (probabilistic) computation and can find accepting paths instantly Reality QC span the space of possibilities in a peculiar way (behave as complex probabilities). However, at the end of the computation the result is obtained by a single read-out/measurement and unrealised paths do not contribute.

Misconceptions Power of Quantum Computation Myth 3 Quantum Computers can e ciently solve NP-complete problems (such as Travelling Salesman Problem) Reality NP is believed to not be contained in BQP. QCmay(anddoes) provide polynomial or constant speed-up in many problems outside BQP (e.g. quadratic search speed-up).

Misconceptions What it takes to be Quantum-Safe Myth 4 Using problems that are hard for a quantum computer (outside BQP) su ces to make a crypto protocol secure against any quantum attack Reality This is necessary but not su cient condition. Attackers could use their quantum-technologies in any part (not only as a black-box to solve the hard problem). Need (i) reduction to hardness to remain valid under the presence of quantum adversaries (e.g. rewinding cannot be used) and (ii) need security definitions to account for quantum abilities (e.g. known plaintext or ciphertext attacks should allow for chosen texts being in superposition)

Recent Technical Advances Quantum Computation Developments in all architectures: Superconducting (leads), ion-traps, cold-atoms, photonic. Hybrid matter-photon ) for applications involving both QComms and Quantum Computing Classical Simulation Limit: 50-ish qubits [IBM new technique: record 56 qubits] Quantum Advantage (Supremacy): Problem (any) that practical QC can solve but not classical computers Size of existing quantum computers: Is approaching 50 qubits universal QC [Google within a year] What about breaking RSA? Requires O(1000) fault-tolerant qubits at universal QC [possibly in 10 years]

Recent Technical Advances

Recent Technical Advances

Recent Technical Advances Quantum Communication (QKD) Developments in all directions: fibre optics, free-space, satellite, continuous variables, discrete variables, time encoding. Repeaters (long-distance QKD) Loophole-free Bell tests Satellite QKD (China) Metropolitan networks Quantum hacking and counter-measures

Recent Technical Advances

Our Recent Research in this Landscape 1 Security of Classical Protocols: Develop toolkit of crypto techniques to be used in the presence of quantum adversaries: Quantum Cut-and-Choose [KMW2017] Explore superposition attacks in classical and hybrid protocols

Our Recent Research in this Landscape 1 Security of Classical Protocols: Develop toolkit of crypto techniques to be used in the presence of quantum adversaries: Quantum Cut-and-Choose [KMW2017] Explore superposition attacks in classical and hybrid protocols 2 Quantum-enhancement: Recent research programme on using quantum verification/certification in hybrid classical-quantum protocols for enhancing classical multiparty functionalities (e-voting, SMPC, blockchain, etc)

Our Recent Research in this Landscape 1 Security of Classical Protocols: Develop toolkit of crypto techniques to be used in the presence of quantum adversaries: Quantum Cut-and-Choose [KMW2017] Explore superposition attacks in classical and hybrid protocols 2 Quantum-enhancement: Recent research programme on using quantum verification/certification in hybrid classical-quantum protocols for enhancing classical multiparty functionalities (e-voting, SMPC, blockchain, etc) 3 Quantum Computation Enabled: Cryptography for quantum information (encryption, authentication, SMPQC, etc). Most important application: Quantum Cloud

The Quantum Cloud Task Clients wanting to (securely) delegate their quantum computation to the cloud! IBM cloud: 16 qubits (more than top-universities labs)

The Quantum Cloud Task Clients wanting to (securely) delegate their quantum computation to the cloud! IBM cloud: 16 qubits (more than top-universities labs) Our recent most important results: Fully classical-client (computationally-secure) blind quantum computation [CCWK2017]

The Quantum Cloud Task Clients wanting to (securely) delegate their quantum computation to the cloud! IBM cloud: 16 qubits (more than top-universities labs) Our recent most important results: Fully classical-client (computationally-secure) blind quantum computation [CCWK2017] Non-interacting practical blind QC (QFHE) with minimal quantum client [WHGCK2017]

The Quantum Cloud Task Clients wanting to (securely) delegate their quantum computation to the cloud! IBM cloud: 16 qubits (more than top-universities labs) Our recent most important results: Fully classical-client (computationally-secure) blind quantum computation [CCWK2017] Non-interacting practical blind QC (QFHE) with minimal quantum client [WHGCK2017] E cient verifiable and blind QC (overhead down to linear from quadratic) [KW2017a]

Summary Quantum computers will break existing cryptography Progress towards building quantum computers has been made It is necessary to address this threat (2 solutions) Change classical protocols to make them hard for quantum computers Use quantumness to achieve unconditional security Can use quantum technologies for enhancing performance and security Classical quantumly-enhanced protocols Use securely quantum computers (Quantum Cloud) Thanks for your attention!!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback