cryptography for the quantum internet
play

Cryptography for the quantum internet Elements of a quantum TLS - PowerPoint PPT Presentation

Nov 12, 2022 •582 likes •1.74k views

Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz Colloquium Informatics Institute, University of Amsterdam Quantum computers Quantum computers Accelerating effort to build a quantum computer Quantum

  1. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model

  2. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model How about the Quantum Random Oracle Model (QROM)?

  3. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model How about the Quantum Random Oracle Model (QROM)? Theorem (Don, Fehr, M, Schaffner ’19): Fiat Shamir signatures are secure in the QROM.

  4. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model How about the Quantum Random Oracle Model (QROM)? Theorem (Don, Fehr, M, Schaffner ’19): Fiat Shamir signatures are secure in the QROM. Also proven concurrently by Liu, Zhandry. Less tight reduction.

  5. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model How about the Quantum Random Oracle Model (QROM)? Theorem (Don, Fehr, M, Schaffner ’19): Fiat Shamir signatures are secure in the QROM. Also proven concurrently by Liu, Zhandry. Less tight reduction. More efficient NIST candidate signature schemes!!!

  6. Fiat Shamir transformation Removes interaction from identification schemes using hash Digital signature scheme functions ⟹ Well-known: Security in the Random Oracle Model How about the Quantum Random Oracle Model (QROM)? Theorem (Don, Fehr, M, Schaffner ’19): Fiat Shamir signatures are secure in the QROM. Also proven concurrently by Liu, Zhandry. Less tight reduction. More efficient NIST candidate signature schemes!!!

  7. Are we ready for encrypting the quantum internet? Key Exchange

  8. Post-quantum key exchange This is what Quantum Key Distribution (QKD) can do!*

  9. Post-quantum key exchange This is what Quantum Key Distribution (QKD) can do!* Unconditionally secure!!

  10. Post-quantum key exchange This is what Quantum Key Distribution (QKD) can do!* Unconditionally secure!! Alternative: post-quantum secure Key Encapsulation

  11. Post-quantum key exchange This is what Quantum Key Distribution (QKD) can do!* Unconditionally secure!! Alternative: post-quantum secure Key Encapsulation + Classical more efficient ⟹

  12. Post-quantum key exchange This is what Quantum Key Distribution (QKD) can do!* Unconditionally secure!! Alternative: post-quantum secure Key Encapsulation + Classical more efficient ⟹ ‒ Computational assumptions (similar to signatures, current internet crypto…)

  13. Are we ready for encrypting the quantum internet? Authenticated Encryption

  14. The TLS protocol Quantum “post-quantum” Quantum Secure (Server) Key Functionalities communication authentication establishment Session Key exchange/ Digital Authenticated Protocols Key signatures encryption encapsulation Cryptographic Hash Block Modes of Ingredients functions ciphers operation Quantum- ready?

  15. The TLS protocol Quantum “post-quantum” Quantum Secure (Server) Key Functionalities communication authentication establishment Session Key exchange/ Digital Authenticated Protocols Key signatures encryption encapsulation Cryptographic Hash Block Modes of Ingredients functions ciphers operation Quantum- ready?

  16. Authenticated Encryption

  17. Authenticated Encryption Alice Bob

  18. Authenticated Encryption Alice Bob m

  19. Authenticated Encryption k k Alice Bob m

  20. Authenticated Encryption k k Alice Bob m c = Enc k ( m )

  21. Authenticated Encryption k k c Alice Bob m c = Enc k ( m )

  22. Authenticated Encryption k k c Alice Bob m Dec k ( c ) = m c = Enc k ( m )

  23. Authenticated Encryption k k c Alice Bob m Dec k ( c ) = m c = Enc k ( m ) Confidentiality: doesn’t tell you anything about . c m

  24. Authenticated Encryption k k c Alice Bob m Dec k ( c ) = m c = Enc k ( m ) Confidentiality: doesn’t tell you anything about . c m Integrity: If was produced from without using , then c ′ c k Dec k ( c ′ ) = reject

  25. Authenticated Encryption k k c Alice Bob m Dec k ( c ) = m c = Enc k ( m ) Confidentiality: doesn’t tell you anything about . c m Integrity: If was produced from without using , then c ′ c k Dec k ( c ′ ) = reject Slightly simplified…

  26. Authenticated Encryption k k c Alice Bob m Dec k ( c ) = m c = Enc k ( m ) Confidentiality: doesn’t tell you anything about . c m Integrity: If was produced from without using , then c ′ c k Dec k ( c ′ ) = reject Confidentiality+Integrity=Authenticated encryption

  27. Real vs. Ideal Alternative characterization (Shrimpton ’04):

  28. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal

  29. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal Enc k Dec k

  30. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal $ Enc k Enc k Dec k

  31. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal $ Enc k Enc k reject Dec k

  32. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal $ Enc k Enc k reject Dec k Except that =

  33. Real vs. Ideal Alternative characterization (Shrimpton ’04): Real Ideal $ Enc k Enc k reject Dec k Except that = Enforced by keeping a list Of input-output-pairs of

  34. Quantum authenticated encryption Except that = Enforced by keeping a list Of input-output-pairs of

  35. Quantum authenticated encryption Problem 1: requires copying quantum ciphertexts…

  36. Quantum authenticated encryption Problem 1: requires copying quantum ciphertexts… forbidden by quantum no-cloning theorem!

  37. Quantum authenticated encryption Problem 1: requires copying quantum ciphertexts… forbidden by quantum no-cloning theorem! “Recording Barrier”

  38. Quantum authenticated encryption Problem 1: requires copying quantum ciphertexts… forbidden by quantum no-cloning theorem! “Recording Barrier” Problem 2: Measurement disturbance

  39. Quantum authenticated encryption Problem 1: requires copying quantum ciphertexts… forbidden by quantum no-cloning theorem! “Recording Barrier” Problem 2: Measurement disturbance Solution 1: Purify “$” $ Enc k

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum

Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum

Quantum Cryptography Mris Ozols University of Cambridge Overview What are quantum computers? What is quantum cryptography? - Shor's algorithm for factoring - Quantum key distribution - Device-independent quantum cryptography What

630 views • 34 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

873 views • 70 slides
Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice outwits Eve, by Samuel Lomonaco Jr. and Quantum Computing by Andr Bertiaume. The Classical World - Bits either 0 or 1. - Bits can be copied.

639 views • 11 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum

Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum

Quantum Weirdness Part 6 Quantum Weirdness in Materials Quantum Cryptography Quantum Teleportation Quantum Snake Oil Quantum Weirdness in Materials Why Materials Behave as they do Combining Atoms Into Molecules Molecular Orbital Theory

1.17k views • 72 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Contents: Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum Theory: Fake Tensor Products, Entanglement. 4. A Glance at Genuine Quantum Theory. 5. Quantum Computing, Shors

559 views • 8 slides
Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Why Quantum . . . Quantum . . . Remaining Problems . . . Quantum Physics: . . . Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A General Family of . . . Is Optimal: A Proof What Do We Want to . . .

818 views • 40 slides
An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security Prepared by: Nima Bayan, P.Eng. Fall 2003 Contents ! Introduction " Cryptography and Relativity " Quantum Algorithms " Quantum Computers !

227 views • 11 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
Single quantum dots as artificial atoms, quantum optics and quantum cryptography at the Tyndall

Single quantum dots as artificial atoms, quantum optics and quantum cryptography at the Tyndall

Single quantum dots as artificial atoms, quantum optics and quantum cryptography at the Tyndall National Institute. E. Pelucchi Collaborators: T. H. Chung, G. Juska, V. Dimastrodonato, S. T. Moroni, A. Pescaglini, E. Mura and A. Gocalinska

693 views • 45 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago

Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago

Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 2004 PatersonPiperSchack: Why quantum cryptography? 2007 All eaume et al.: SECOQC white paper on quantum key

561 views • 37 slides
Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 Topics: 1. Qubits: why

Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 Topics: 1. Qubits: why

Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 Topics: 1. Qubits: why quantum? 2. Shors algorithm and the DLP 3. Quantum Key Distribution and BB84 4. More directions in quantum cryptography 5. Resources: more directions

479 views • 33 slides
Accessible Near-Storage Computing with FPGAs Robert Schmid, Max Plauth, Lukas Wenzel, Felix

Accessible Near-Storage Computing with FPGAs Robert Schmid, Max Plauth, Lukas Wenzel, Felix

Accessible Near-Storage Computing with FPGAs Robert Schmid, Max Plauth, Lukas Wenzel, Felix Eberhardt, Andreas Polze Professorship for Operating Systems and Middleware, Hasso-Plattner-Institute Fifteenth European Conference on Computer Systems

136 views • 13 slides
Compact and Simple RLWE Based Key Encapsulation Mechanism Erdem Alkm 1 Yusuf Alper Bilgin 2,3

Compact and Simple RLWE Based Key Encapsulation Mechanism Erdem Alkm 1 Yusuf Alper Bilgin 2,3

Compact and Simple RLWE Based Key Encapsulation Mechanism Erdem Alkm 1 Yusuf Alper Bilgin 2,3 Murat Cenk 3 1 Department of Computer Engineering, Ondokuz Mays University, Turkey 2 Aselsan Inc., Turkey 3 Institude of Applied Mathematics, Middle

413 views • 39 slides
Encapsulation grouping of subprograms and the data Encapsulation they manipulate

Encapsulation grouping of subprograms and the data Encapsulation they manipulate

Encapsulation grouping of subprograms and the data Encapsulation they manipulate Information hiding abstract data types type definition is hidden from the user variables of the type can be declared variables of the type

1.02k views • 15 slides
Concepts in Object-Oriented Programming Languages Object-oriented design Primary

Concepts in Object-Oriented Programming Languages Object-oriented design Primary

CS 242 Outline of lecture Concepts in Object-Oriented Programming Languages Object-oriented design Primary object-oriented language concepts dynamic lookup encapsulation John Mitchell inheritance subtyping Program

479 views • 8 slides
Reasoning about Object Capa- bilities with Logical Relations and Effect Parametricity

Reasoning about Object Capa- bilities with Logical Relations and Effect Parametricity

Reasoning about Object Capa- bilities with Logical Relations and Effect Parametricity (EuroS&P 2016, Saarbrcken) Dominique Devriese 1 , Frank Piessens 1 , Lars Birkedal 2 1 iMinds-DistriNet, KU Leuven, 2 Aarhus University December 2015

387 views • 21 slides
SUAVE: Painless Extension for an Object-Oriented VHDL Peter J. Ashenden University of Adelaide

SUAVE: Painless Extension for an Object-Oriented VHDL Peter J. Ashenden University of Adelaide

SUAVE: Painless Extension for an Object-Oriented VHDL Peter J. Ashenden University of Adelaide Philip A. Wilsey, Dale E. Martin University of Cincinnati This work was partially supported by Wright Laboratory under USAF contract

195 views • 8 slides
Encapsulation and Tunneling encapsulation describes the process of placing an IP datagram inside a

Encapsulation and Tunneling encapsulation describes the process of placing an IP datagram inside a

slide 1 gaius Encapsulation and Tunneling encapsulation describes the process of placing an IP datagram inside a network packet or frame encapsulation refers to how the network interface uses packet switching hardware two machines

499 views • 27 slides
Modularity and Object- oriented Abstractions Encapsulation, Dynamic binding, Subtyping and

Modularity and Object- oriented Abstractions Encapsulation, Dynamic binding, Subtyping and

Modularity and Object- oriented Abstractions Encapsulation, Dynamic binding, Subtyping and Inheritance 1 Modularity When we program, we try to solve a problem by Step1: decompose the problem into smaller sub- problems Step2: try to

279 views • 23 slides

More recommend