long term security for cars
play

Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 - PowerPoint PPT Presentation

Aug 28, 2023 •450 likes •989 views

Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 16 November 2016 2 / 31 3 / 31 4 / 31 D-Wave quantum computer isnt universal . . . Cant store

  1. Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 16 November 2016

  2. 2 / 31

  3. 3 / 31

  4. 4 / 31

  5. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. 5 / 31

  6. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. ◮ Hasn’t managed to find any computation justifying its price. ◮ Hasn’t managed to find any computation justifying 1% of its price. 5 / 31

  7. But universal quantum computers are coming & are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_ quantum_computing . 6 / 31

  8. But universal quantum computers are coming & are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_ quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. 6 / 31

  9. But universal quantum computers are coming & are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_ quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm computes in polynomial time: ◮ Integer factorization. RSA is dead. ◮ Discrete-logarithms in finite fields. DSA is dead. ◮ Discrete-logarithms on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! 6 / 31

  10. But universal quantum computers are coming & are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_ quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm computes in polynomial time: ◮ Integer factorization. RSA is dead. ◮ Discrete-logarithms in finite fields. DSA is dead. ◮ Discrete-logarithms on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! ◮ Also, Grover’s algorithm speeds up brute-force searches. ◮ Example: Only 2 64 quantum operations to break AES-128; 2 128 quantum operations to break AES-256. 6 / 31

  11. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. 7 / 31

  12. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. 7 / 31

  13. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. 7 / 31

  14. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. ◮ PQCrypto 2011. ◮ PQCrypto 2013. ◮ PQCrypto 2014. 7 / 31

  15. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. ◮ PQCrypto 2011. ◮ PQCrypto 2013. ◮ PQCrypto 2014. ◮ New EU project, 2015–2018: PQCRYPTO, Post-Quantum Cryptography for Long-term Security. 7 / 31

  16. 8 / 31

  17. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. 9 / 31

  18. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. 9 / 31

  19. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. NSA comes late to the party and botches its grand entrance. 9 / 31

  20. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. NSA comes late to the party and botches its grand entrance. Worse, now we get people saying “Don’t use post-quantum crypto, the NSA wants you to use it!”. 9 / 31

  21. Post-quantum becoming mainstream ◮ PQCrypto 2016: 22–26 Feb in Fukuoka, Japan, with more than 200 participants ◮ NIST is calling for post-quantum proposals; expect a small competition. ◮ PQCrypto 2017, Netherlands: ◮ Jun 19 – 23 PQC school; Jun 22 & 23 Executive school ◮ Jun 26 – 28 PQCrypto 10 / 31

  22. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. 11 / 31

  23. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications. 11 / 31

  24. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications. ◮ Example: ECC introduced 1985 ; big advantages over RSA. Robust ECC is starting to take over the Internet in 2015 . ◮ Post-quantum research can’t wait for quantum computers! 11 / 31

  25. 12 / 31

  26. Even higher urgency for long-term confidentiality ◮ Today’s encrypted communication is being stored by attackers and will be decrypted years later with quantum computers. Danger for human-rights workers, medical records, journalists, security research, legal proceedings, state secrets, . . . ◮ Signature schemes can be replaced once a quantum computer is built – but there will not be a public announcement 13 / 31

  27. Even higher urgency for long-term confidentiality ◮ Today’s encrypted communication is being stored by attackers and will be decrypted years later with quantum computers. Danger for human-rights workers, medical records, journalists, security research, legal proceedings, state secrets, . . . ◮ Signature schemes can be replaced once a quantum computer is built – but there will not be a public announcement . . . and an important function of signatures is to protect operating system upgrades. ◮ Protect your upgrades now with post-quantum signatures. 13 / 31

  28. Next slide: Initial recommendations of long-term secure post-quantum systems Daniel Augot, Lejla Batina, Daniel J. Bernstein, Joppe Bos, Johannes Buchmann, Wouter Castryck, Orr Dunkelman, Tim G¨ uneysu, Shay Gueron, Andreas H¨ ulsing, Tanja Lange, Mohamed Saied Emam Mohamed, Christian Rechberger, Peter Schwabe, Nicolas Sendrier, Frederik Vercauteren, Bo-Yin Yang 14 / 31

  29. Initial recommendations ◮ Symmetric encryption Thoroughly analyzed, 256-bit keys: ◮ AES-256 ◮ Salsa20 with a 256-bit key Evaluating: Serpent-256, . . . ◮ Symmetric authentication Information-theoretic MACs: ◮ GCM using a 96-bit nonce and a 128-bit authenticator ◮ Poly1305 ◮ Public-key encryption McEliece with binary Goppa codes: ◮ length n = 6960, dimension k = 5413, t = 119 errors Evaluating: QC-MDPC, Stehl´ e-Steinfeld NTRU, . . . ◮ Public-key signatures Hash-based (minimal assumptions): ◮ XMSS with any of the parameters specified in CFRG draft ◮ SPHINCS-256 Evaluating: HFEv-, . . . 15 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U

Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U

Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U h University of Tartu EWSCS 2011 March 2, 2011 Dominique Unruh Dominique Unruh Recall Recall Long term security: Protocol is secure if L

786 views • 25 slides
Congressional Budget Office November 18, 2016 Comparing CBOs Long-Term Projections With Those

Congressional Budget Office November 18, 2016 Comparing CBOs Long-Term Projections With Those

Congressional Budget Office November 18, 2016 Comparing CBOs Long-Term Projections With Those of the Social Security Trustees Presentation to the Social Security Advisory Board Julie Topoleski Health, Retirement, and Long-Term Analysis

506 views • 32 slides
Congressional Budget Office November 16, 2018 CBOs Long-Term Social Security Projections 2019

Congressional Budget Office November 16, 2018 CBOs Long-Term Social Security Projections 2019

Congressional Budget Office November 16, 2018 CBOs Long-Term Social Security Projections 2019 Technical Panel on Assumptions and Methods Washington, D.C. Julie Topoleski Health, Retirement, and Long-Term Analysis Division CBO CBOs

392 views • 13 slides
Long Term Exploitation Baseband security? 4Get about it. Background: 2G GSM

Long Term Exploitation Baseband security? 4Get about it. Background: 2G GSM

Long Term Exploitation Baseband security? 4Get about it. Background: 2G GSM specification started in 1982 Standardized by GSMA First commercial launch 1992 TDMA based, circuit- switched 2.5G: GPRS (packet- switched)

1.29k views • 64 slides
South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities

South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities

South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities issue long-term bonds to finance long-term infrastructure assets with extended lives. The large dollar cost of these projects can be difficult to

776 views • 16 slides
The Lin ink Between Retir irement Security and Long-Term Care (Hi (High ghlig ights fr from

The Lin ink Between Retir irement Security and Long-Term Care (Hi (High ghlig ights fr from

The Lin ink Between Retir irement Security and Long-Term Care (Hi (High ghlig ights fr from Soc ocie iety of of Actu ctuaries es Mon onograph) Ge Gerontologic ical l Soci Society of of America Pre resented by Caro Carol l Bo

994 views • 70 slides
Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term

Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term

August 20 23, 2018 Grand Junction, Colorado 2018 Long-Term Stewardship Conference Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term Stewardship Program Lead Sandia National Laboratories Track 2.2:

344 views • 17 slides
Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability

Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability

Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability measurement Aging of part of optical system Future plans Jaroslav Zalesak, Jan Smolik Institute of Physics ASCR, Prague Sep 13, 2007 CALICE

298 views • 11 slides
The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC

The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC

The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC Transformation in Ontario March 2012 Why Not Now? LTC Innovation Report July 2010 released Long Term May 2008 Shirlee Sharkeys

352 views • 16 slides
The Long-Term Budget Outlook and Social Security Reform: Implications for Financial Markets The

The Long-Term Budget Outlook and Social Security Reform: Implications for Financial Markets The

The Long-Term Budget Outlook and Social Security Reform: Implications for Financial Markets The Q Group, October 18, 2005 Carlsbad California Kent Smetters The Wharton School & NBER I ntroduction Traditional budget measures

542 views • 26 slides
GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term

GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term

GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term Fina nanc nce GFDR SEMINAR SERIES FEBRUARY 24, 2015 Introduction Lack of long-termfinance: importantand challenging concernin many countries

1.04k views • 57 slides
Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT

Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT

Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT Marc P. Bonaca, MD, MPH Vascular Section, Cardiovascular Division Investigator TIMI Study Group Brigham and Womens Hospital Assistant Professor,

774 views • 60 slides
Long-term Osteoporosis Therapy What To Do After 5 Years? Developing a Long-term Management Plan

Long-term Osteoporosis Therapy What To Do After 5 Years? Developing a Long-term Management Plan

Long-term Osteoporosis Therapy What To Do After 5 Years? Developing a Long-term Management Plan North American Menopause Society Philadelphia, PA October 11, 2017 Michael R. McClung, MD, FACP Institute for Health and Ageing, Australian

559 views • 35 slides
Long-term Market Analysis 2018-40 About this years Long-term Market Analysis (LMA) Why LMA?

Long-term Market Analysis 2018-40 About this years Long-term Market Analysis (LMA) Why LMA?

Long-term Market Analysis 2018-40 About this years Long-term Market Analysis (LMA) Why LMA? Understand and quantify long term development Understand challenges and opportunities early better decisions Support for Network

1.23k views • 41 slides
Managed Long Term Care Managed Long Term Care Informational Materials f B Brenda Rivera d Ri

Managed Long Term Care Managed Long Term Care Informational Materials f B Brenda Rivera d Ri

Managed Long Term Care Managed Long Term Care Informational Materials f B Brenda Rivera d Ri Senior Communications Manager N New York Medicaid Choice Program Y k M di id Ch i P MAXIMUS February 9, 2012 1 Managed Long Term Care

323 views • 8 slides
Delivering the NHS Long Term Plan in and across south east London Welcome and in

Delivering the NHS Long Term Plan in and across south east London Welcome and in

Delivering the NHS Long Term Plan in and across south east London Welcome and in introduction to Long Term Plan The NHS Long Term Plan Published in January 2019 Aims to make the NHS fit for the future, providing high quality care

291 views • 18 slides
Horizontal Test Stand 2 (HTS-2) Joe Ozelis PIP-II Collaboration Meeting 9-10 November, 2015

Horizontal Test Stand 2 (HTS-2) Joe Ozelis PIP-II Collaboration Meeting 9-10 November, 2015

Horizontal Test Stand 2 (HTS-2) Joe Ozelis PIP-II Collaboration Meeting 9-10 November, 2015 Outline Introduction, Requirements HTS-2 Facility Timeframe J. Ozelis HTS-2 2 11/9/2015 Introduction Purpose PIP-II

216 views • 21 slides
Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer E. Jaulmes E. Prouff J.

Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer E. Jaulmes E. Prouff J.

Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer E. Jaulmes E. Prouff J. Wild Talk by J.-R. Reinhard ANSSI (French Network and Information Security Agency) Selected Areas in Cryptography 2013 Burnaby, Canada August 16,

308 views • 29 slides
PT2PC: Learning to Generate 3D Point Cloud Shapes from Part Tree Conditions Kaichun Mo, He Wang,

PT2PC: Learning to Generate 3D Point Cloud Shapes from Part Tree Conditions Kaichun Mo, He Wang,

PT2PC: Learning to Generate 3D Point Cloud Shapes from Part Tree Conditions Kaichun Mo, He Wang, Xinchen Yan, Leonidas Guibas (Data and Code has been released) 1 PT2PC: Learning to Generate 3D Point Cloud Shapes from Part Tree Conditions

554 views • 33 slides
H-type foliations Fabrice Baudoin Based on a joint work with E. Grong, G. Molino & L. Rizzi

H-type foliations Fabrice Baudoin Based on a joint work with E. Grong, G. Molino & L. Rizzi

H-type foliations Fabrice Baudoin Based on a joint work with E. Grong, G. Molino & L. Rizzi Sub-Riemannian manifolds Let M be a smooth, connected manifold with dimension n + m . Sub-Riemannian manifolds Let M be a smooth, connected manifold

842 views • 49 slides
On the Horizontal Dimension of Software Architecture in Formal Specifications of Reactive

On the Horizontal Dimension of Software Architecture in Formal Specifications of Reactive

On the Horizontal Dimension of Software Architecture in Formal Specifications of Reactive Systems Mika Katara, Reino Kurki-Suonio and Tommi Mikkonen Institute of Software Systems Tampere University of Technology Finland Outline 1.

1.03k views • 21 slides
Optimization Coaching Vincent St-Amour Sam Tobin-Hochstadt Matthias Felleisen PLT OOPSLA 2012

Optimization Coaching Vincent St-Amour Sam Tobin-Hochstadt Matthias Felleisen PLT OOPSLA 2012

Optimization Coaching Vincent St-Amour Sam Tobin-Hochstadt Matthias Felleisen PLT OOPSLA 2012 - October 23th, 2012 #lang typed/racket/base #lang typed/racket/base #lang typed/racket/base (require racket/match racket/math racket/flonum

667 views • 38 slides
Multi-net Routing ECE6133 Physical Design Automation of VLSI Systems Prof. Sung Kyu Lim School

Multi-net Routing ECE6133 Physical Design Automation of VLSI Systems Prof. Sung Kyu Lim School

Multi-net Routing ECE6133 Physical Design Automation of VLSI Systems Prof. Sung Kyu Lim School of Electrical and Computer Engineering Georgia Institute of Technology Routing Models Grid-based model: A grid is super-imposed on the

469 views • 45 slides
EECS 504: Foundations of Computer Vision Andrew Owens Course staff Haozhu Wang Anthony Liang

EECS 504: Foundations of Computer Vision Andrew Owens Course staff Haozhu Wang Anthony Liang

EECS 504: Foundations of Computer Vision Andrew Owens Course staff Haozhu Wang Anthony Liang Bingqi Sun Graduate student (GSI) Instructional aide (IA) Instructional aide (IA) Interacting with us Ask questions on Piazza. - Sign up:

1.09k views • 59 slides

More recommend