The Quantum Threat to Cybersecurity (for CxOs)

Similar documents
Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

The quantum threat to cryptography

PQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel

Evolution of Cryptography April 25 th 2017

The science behind these computers originates in

Quantum Cryptography

Quantum Technologies: Threats & Solutions to Cybersecurity

Cryptography in a quantum world

Cyber Security in the Quantum Era

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

Cryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International

ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

Post-Quantum Cryptography & Privacy. Andreas Hülsing

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

Post-Quantum Cryptography & Privacy. Andreas Hülsing

Risk management and the quantum threat

Lattice-Based Cryptography

Information Security in the Age of Quantum Technologies

WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION

Quantum Information Transfer and Processing Miloslav Dušek

What are we talking about when we talk about post-quantum cryptography?

Information Security

The quantum threat to cryptography

Everything is Quantum The EU Quantum Flagship

Random Number Generation Is Getting Harder It s Time to Pay Attention

Quantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security

Introduction to Quantum Computing

1500 AMD Opteron processor (2.2 GHz with 2 GB RAM)

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Quantum Networking: Deployments, Components and Opportunities September 2017

Blockchain and Quantum Computing

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

Quantum threat...and quantum solutions

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Device-Independent Quantum Information Processing

Cryptographic Hash Functions

Selecting Elliptic Curves for Cryptography Real World Issues

Public-key Cryptography and elliptic curves

10 - February, 2010 Jordan Myronuk

Elliptic Curves and Cryptography

EU investment in Quantum Technologies

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

The Quantum Age Technological Opportunities

Mechanizing Elliptic Curve Associativity

Public Key Cryptography

UNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY

A brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago

Post Quantum Cryptography. Kenny Paterson Information Security

Fast, Quantum-Resistant Public-Key Solutions for Constrained Devices Using Group Theoretic Cryptography

Mathematics of Public Key Cryptography

Table Of Contents. ! 1. Introduction to Quantum Computing. ! 2. Physical Implementation of Quantum Computers

Ping Pong Protocol & Auto-compensation

A semi-device-independent framework based on natural physical assumptions

HIMMO. Oscar Garcia-Morchon, Ronald Rietman, Ludo Tolhuizen. July PHILIPS RESEARCH

Quantum Cryptography

Quantum Wireless Sensor Networks

QUANTUM COMPUTING & CRYPTO: HYPE VS. REALITY ABHISHEK PARAKH UNIVERSITY OF NEBRASKA AT OMAHA

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Quantum Computing. Separating the 'hope' from the 'hype' Suzanne Gildert (D-Wave Systems, Inc) 4th September :00am PST, Teleplace

Picnic Post-Quantum Signatures from Zero Knowledge Proofs

Foundations of Network and Computer Security

Introduction to Cryptography. Susan Hohenberger

Resource Efficient Design of Quantum Circuits for Quantum Algorithms

Side Channel Analysis and Protection for McEliece Implementations

CPSC 467: Cryptography and Computer Security

Your Computer is Leaking. Ian J. Malloy.

Asymmetric Encryption

Quantum Technologies for Cryptography

Quantum Computing and the Possible Effects on Modern Security Practices

Preparing the Quantum Technologies Flagship

Summary. The prospect of a factoring. Consumer key generation. Future long range key. Commercial systems. Metro Networks. exchange. machine. Spin-off.

Quantum computing and the entanglement frontier. John Preskill NAS Annual Meeting 29 April 2018

A Reconfigurable Quantum Computer

Week 12: Hash Functions and MAC

Summary of Hyperion Research's First QC Expert Panel Survey Questions/Answers. Bob Sorensen, Earl Joseph, Steve Conway, and Alex Norton

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Quantum Computers. Peter Shor MIT

White paper Quantum computing in financial services

Post-quantum RSA. We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity

Ground-Satellite QKD Through Free Space. Steven Taylor

CS120, Quantum Cryptography, Fall 2016

Foundations of Network and Computer Security

Introduction to Quantum Information Processing

L E A D I N G T H E C O M P U T I N G R E V O L U T I O N

Device-Independent Quantum Information Processing (DIQIP)

From NewHope to Kyber. Peter Schwabe April 7, 2017

Standardization of Quantum Cryptography in China

Post-Snowden Elliptic Curve Cryptography. Patrick Longa Microsoft Research

A DPA attack on RSA in CRT mode

On the Key-collisions in the Signature Schemes

FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256

Overview. Public Key Algorithms II

True & Deterministic Random Number Generators

Security Implications of Quantum Technologies

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Transcription:

The Quantum Threat to Cybersecurity (for CxOs) Michele Mosca 5 th ETSI-IQC Workshop on Quantum-Safe Cryptography 13 September 2017

What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M. Mosca

A new paradigm for information and computation: quantum computation By Carsten Ullrich E. Lucero, D. Mariantoni, and M. Mariantoni Harald Ritsch Y. Colombe/NIST

What is a quantum computer? What is a classical computer? A device that encodes information in an array of bits, and can manipulate those bits according to simple rules. 0 1

What is a quantum computer? What is a quantum computer? A device that encodes information in an array of bits, and can manipulate those bits according to simple quantum rules. 0 1

Quantum paradigm brings new possibilities Designing new materials, drugs, etc. Optimizing Sensing and measuring Secure communication What else??? 2017 M. Mosca

But while in the old paradigm Encrypting is easy. Codebreaking is hard.

in the quantum paradigm Encrypting is easy. Codebreaking is easy!

How secure will our current crypto algorithms be? Algorithm Key Length Security level (Conventional Computer) RSA-1024 1024 bits 80 bits 0 bits RSA-2048 2048 bits 112 bits 0 bits ECC-256 256 bits 128 bits 0 bits ECC-384 384 bits 192 bits 0 bits Security level (Quantum Computer) AES-128 128 bits 128 bits 64 bits AES-256 256 bits 256 bits 128 bits

What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security. Clouding computing Payment systems Internet IoT etc. Secure Web Browsing - TLS/SSL Auto-Updates Digital Signatures VPN - IPSec Secure email -S/MIME PKI Blockchain etc RSA, DSA, DH, ECDH, ECDSA, AES, 3-DES, SHA,

What will be affected? Products, services, business functions that rely on security products will either stop functioning or not provide the expected levels of security.

Depends on*: Do we need to worry now? How long do you need your cryptographic keys to be secure? security shelf life (x years) How much time will it take to re tool the existing infrastructure with large scale quantum safe solution? (y years) migration time How long will it take for a large scale quantum computer to be built (or for any other relevant advance)? (z years) collapse time Theorem : If x + y > z, then worry. *M. Mosca: e Proceedings of 1 st ETSI Quantum Safe Cryptography Workshop, 2013. Also http://eprint.iacr.org/2015/1075 y z x

Business bottom line Fact: If x+y>z, then you will not be able to provide the required x years of security. Fact: If y>z then cyber systems will collapse in z years with no quick fix. Fact: Rushing y will be expensive, disruptive, and lead to vulnerable implementations. Prediction: In the next 6 18 months, organizations will be differentiated by whether or not they have a well articulated quantum risk management plan.

How large of a quantum computer is needed? 2017 M. Mosca

Physical qubits and gates versus logical qubits and gates Logical layer Physical layer CNOT fault-tolerant CNOT

Our AES analysis, e.g. 192 bit AES: 5.9x10 6 qubits, 2 121 surface code cycles, 2 137.5 total cost

How close are we to having sufficient quantum resources? 2017 M. Mosca

Non-fault-tolerant quantum devices Not a known threat to cryptography Can they capture some of the power of quantum computation? Can they simulate themselves or similar systems faster/cheaper than conventional computers? Can they solve useful problems better than conventional devices? 2017 M. Mosca Similarly, although there is no proof today that imperfect quantum machines can compute fast enough to solve practical problems, that may change.

Scalable fault-tolerant quantum computer Known to solve many problems previously thought to be intractable 2017 M. Mosca

What is z? Mosca: [Oxford] 1996: 20 qubits in 20 years [NIST April 2015, ISACA September 2015]: 1/7 chance of breaking RSA 2048 by 2026, ½ chance by 2031 Today: 1/6 chance within 10 years Microsoft Research [October 2015]: Recent improvements in control of quantum systems make it seem feasible to finally build a quantum computer within a decade. Use of a quantum computer enables much larger and more accurate simulations than with any known classical algorithm, and will allow many open questions in quantum materials to be resolved once a small quantum computer with around one hundred logical qubits becomes available.

Quantum safe cryptographic tool chest conventional quantum safe cryptography a.k.a. Quantum Resistant Algorithms or Post Quantum Cryptography + quantum cryptography Deployable without quantum technologies Believed/hoped to be secure against quantum computer attacks of the future Requires some quantum technologies (less than a large scale quantum computer) Typically no computational assumptions and thus known to be cryptographically secure against quantum attacks Both sets of cryptographic tools can work very well together in quantum-safe cryptographic ecosystem

Quantum cryptography For this talk, focus on key establishment Quantum key distribution (QKD): Over time, QKD evolves from: Point to Point Trusted Repeater Networks Untrusted Repeater Networks Quantum physics guarantees the cryptographic security of the key

Quantum Internet the Long Term Vision Qubit distribution with moving systems: satellites, aircraft, vehicles, ships, handheld Satellites Aircraft QL A Final Key Service Providers Agencies Distant Network WLAN Computers Buildings in a City Centre ATM Vehicles Handheld (Thanks to Thomas Jennewein)

Protocol stack for QKD Host Layer Key Mgmt. Service Layer (KMS) QKD Network Layer (QNL) Can design QKD into systems today as a key establishment alternative. QKD Link Layer (QLL)

Ongoing work to develop standards and certifications for these tools. Are these algorithms actually secure against quantum attacks? Will these systems interoperate? Are the protocols implemented correctly? How can we be sure the quantum apparatus is behaving correctly? e.g.

But we re risk averse! Hybrid deployment of quantum safe with currently deployed crypto provides strictly better security

Quantum Risk Fundamentals Identify: Your organization s reliance on cryptography The sources and types of technology in use Track: The state of quantum technology development Advances in the development of quantum safe technologies and algorithms Manage: IT procurement to communicate the issue to vendors Technology upgrades and lifecycles to facilitate the incorporation of quantumsafe algorithms. https://globalriskinstitute.org/publications/3423 2/

Security is a choice Problematic choices: Do nothing: my vendors will take care of this for me Do nothing until NIST standardization is done Get it over with

Security is a choice Does your organization have plan? Who is responsible for it? Do your vendors have a plan? Does your industry have plan? Are these plans coordinated?

Historic opportunity 2017 M. Mosca

Thank you! Comments, questions and feedback are very welcome. Michele Mosca University Research Chair, Faculty of Mathematics Co Founder, Institute for Quantum Computing www.iqc.ca/~mmosca Director, CryptoWorks21 www.cryptoworks21.com University of Waterloo mmosca@uwaterloo.ca CEO, evolutionq Inc. michele.mosca@evolutionq.com

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback