post quantum crypto challenges
play

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i - PowerPoint PPT Presentation

Oct 06, 2023 •150 likes •587 views

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017 Audun Jsang - 2018 PQ Crypto Challenges 2 Aftenposten.no, 10 May 2018 Audun Jsang - 2018 PQ Crypto Challenges 3 Principle for Quantum

  1. Post-Quantum Crypto Challenges Prof. Audun Jøsang Universitetet i Oslo

  2. DN.no, 1 December 2017 Audun Jøsang - 2018 PQ Crypto Challenges 2

  3. Aftenposten.no, 10 May 2018 Audun Jøsang - 2018 PQ Crypto Challenges 3

  4. Principle for Quantum Computing • Quantum Computing (QC) uses quantum superpositions instead of binary bits to perform computations. • Quantum algorithms, i.e. algorithms for quantum computers, can solve certain problems much faster than classical algorithms. Audun Jøsang - 2018 PQ Crypto Challenges 4

  5. Quantum Computers Audun Jøsang - 2018 PQ Crypto Challenges 5

  6. QC Threat to Traditional Cryptography • Shor’s Quantum Algorithm (1994) can factor integers and compute discrete logarithms efficiently. It has also been extended to the crack ECC. Together, these attacks would be devastating to traditional public key crypto algorithms. • Grover’s Quantum Search Algorithm (1996) can be used to brute-force search for a k -bit secret key with an effort of only k = k / 2 2 2 which effectively doubles the required key sizes for ciphers. • QC has been dismissed by most cryptographers until recent years. General purpose quantum computers do not currently exist, but are expected to be built in foreseeable future. Audun Jøsang - 2018 PQ Crypto Challenges 6

  7. Cryptographic Security Services Symmetric Confidentiality encryption Authentcity / Integrity Hash- functions Non-repudiation PKI / key distribution Asymmetric T encryption & Confidentiality digital signature (Traditional) Quantum Threat Audun Jøsang - 2018 PQ Crypto Challenges 7

  8. Cryptographic Security Services Symmetric Confidentiality encryption Authentcity / Integrity Hash- functions Non-repudiation PKI / key distribution Asymmetric PQ encryption & Confidentiality digital signature (Post-Quantum) PKIs can survive Audun Jøsang - 2018 PQ Crypto Challenges 8

  9. Non-repudiation only possible with PKI The MAC was made with the secret key, Shared so I know that Alice secret key Alice Bob sent the message. But you have the Symmetric same secret key, authentication so maybe you sent the message. MAC The message was Private key Pulic key Alice signed by Alice, Bob so I know that she sent the message. Non-repudiatable authentication You are right, only Alice could have Digital signature signed the message. Audun Jøsang - 2018 PQ Crypto Challenges 9

  10. SKI (Symmetric Key Infrastructure) as alternative to PKI Root-CA Master-node PKI SKI 2 3 Sub-CA Sub-node 1 4 Direct Client nodes 1 5 A B C A B C Indirect CA certificate Pre-distributed shared secret keys Forklaring: Send encrypted secret session key Shared secret session key Audun Jøsang - 2018 PQ Crypto Challenges 10

  11. Analogy between QC and Nuclear Fusion Research • The New York Times, August 1975 – “Major breakthrough in nuclear fusion research‘’ – “Test reactor could be working as early as the mid - 1980’s.” – “Commercial applications to become a reality a decade later.‘’ • The Guardian, March 2018 – “Nuclear fusion on brink of being realised, say MIT scientists.” – “Carbon - free fusion power could be ‘on the grid in 15 years.” Audun Jøsang - 2018 PQ Crypto Challenges 11

  12. Analogy between SHA-1 and QC The threat of large-scale quantum computing is weakly analogous to the • threat of a break-through in finding SHA-1 collisions. Breakthrough in finding hash collisions was seen as imminent, but at the • same time it was highly uncertain. Hard to quantify the risk that a breakthrough would happen, and hard to • put time-frame on it. Substantial results would have significant impact on the industry. • Resourceful researchers worked hard on it and received a lot of research • funding. A breakthrough would bring fame and prestige to the researchers • Audun Jøsang - 2018 PQ Crypto Challenges 12

  13. Progress in Quantum Computing Pre 1994: isolated contributions by Wiesner, Holevo, Bennett, etc. • 1994: Shor’s algorithm – breaks discrete log and factoring problems • 1996: Grover’s algorithm – quadratic speed-up for search problems, • 1998: 2-qubit and 3-qubit NMR (Nuclear Magnetic Resonnance) • 2000: 5-qubit and 7-qubit NMR. 2001: The number 15 is factored! • 2005: qbyte announced (8 qubits?) • 2006: 12 qubits. • 2011: 14 qubits. • 2012: The number 21 is factored! • 2017: IBM unveils 20-qubit machine; Google, MSR doing cool stuff • 2018: IBM and Alibaba announces 50-qubit machine (unstable) • Billion dollar investment in quantum computing research globally • • Race towards “quantum supremacy” Audun Jøsang - 2018 PQ Crypto Challenges 13

  14. Towards Quantum Supremacy Qubits machine Super-computer Today prospect capability 50 Inferior capability 40 30 20 IBM (ustabil) IBM/Alibaba 10 Alibaba Alibaba Intel IBM 2 qubit(1998) 0 År 2010 2015 2020 2025 Audun Jøsang - 2018 PQ Crypto Challenges 14

  15. Towards Collapse of Asymmetric Crypto ? Qubits machine ? Crypto ? collapse 5000 No collapse Uncertain assumptions 4000 3000 2000 ? 1000 0 År 2025 2020 2030 2035 2040 2045 2050 2055 Audun Jøsang - 2018 PQ Crypto Challenges 15

  16. A possible crypto collapse • We don’t know if there will be a high scale QC breakthrough or not. If one comes, it would be fairly catastrophic – a Crypt-Apocalypse. • • Shor’s algorithm imperils all public key crypto deployed on the Internet today. ECC is likely to be broken sooner than RSA! • Attackers can capture interesting DH exchanges now, break them later. • We would expect some warning of impending disaster. • But replacing crypto and PKI at scale takes time. • • And traffic captured now could be broken later, so it’s a problem today if you have data that needs to be kept secure for decades. Audun Jøsang - 2018 PQ Crypto Challenges 16

  17. What should be our strategy? Audun Jøsang - 2018 PQ Crypto Challenges 17

  18. Time Perspective on Quantum Threat X: Time it takes to implement secure post-quantum crypto Y: Required time that traditional crypto must remain secure Z: Time it takes to develop a 5000-qubits quantum computer X Y Scenario 1 We’re in control Z Time X Y Scenario 2 We lost control Z Time Security breach We lost control if: X + Y > Z Audun Jøsang - 2018 PQ Crypto Challenges 18

  19. Full steam forward for PQC PQC (Post Quantum Cryptography) denotes public-key cryptosystems • that resist attacks by known quantum algorithms. Main candidates are • – Lattice-based cryptography based on lattice problems. – Code-based cryptography based on coding theory. – Multivariate polynomial cryptography based on solving systems of multivariate polynomials. – Hash-based signatures based on cryptographic hash functions – Others: There exist a variety of proposals based on various NP-hard problems These are possibly vulnerable to further advances in quantum algorithms. • Even conventional security is not yet well understood in all cases. • Notable exception: hash-based signatures schemes are particularly • mature and well understood: – XMSS (eXtended Merkle Signature Scheme) (2011) – SPHINCS (2015) Audun Jøsang - 2018 PQ Crypto Challenges 19

  20. StrongSwan OpenSSL with Lattice Algorithm Lattice algorithm Audun Jøsang - 2018 PQ Crypto Challenges 20

  21. Lattice Algorithm in StrongSwan OpenSSL Audun Jøsang - 2018 PQ Crypto Challenges 21

  22. BoringSSL: The Google fork of OpenSSL • BoringSSL provides a TLS stack for Google projects such as Android, Chrome Browser, Gmail, Google Search. It has been largely written from scratch. • Latest development version implements key agreement with the New Hope lattice algorithm. Audun Jøsang - 2018 PQ Crypto Challenges 22

  23. Call for Post-Quantum Crypto Algorithms • 2016: NIST (US National Institute of Standards and Technology) called for post-quantum (quantum-resistant) cryptographic algorithms to become new public-key crypto standards – Digital signatures – Encryption/key-establishment • NIST sees its role as managing a process of achieving community consensus in a transparent and timely manner • No planned single “winner”, in contrast to AES and SHA3 – Ideally, several algorithms will emerge as ‘good choices’ • Multiple algorithms will be promoted for standardization – Only algorithms received through the public call will be considered Audun Jøsang - 2018 PQ Crypto Challenges 23

  24. Towards Standardized PQC 2016 2017 2018 2019 2020 2021 2022 2023 Audun Jøsang - 2018 PQ Crypto Challenges 24

  25. Difference with AES and SHA-3 Calls • Standardising PQC algorithms is more complicated than standardising AES and SHA-3., ➢ No silver bullet - each candidate has some disadvantage ➢ Currently not enough research on PQC algorithms to ensure adequate confidence in any existing schemes • The aim is to standardise multiple PQC algorithms, not just one • Unpredictable development in the research field ➢ Focus may become more narrow at some point ➢ Requirements/timeline could potentially change based on news developments in the field Audun Jøsang - 2018 PQ Crypto Challenges 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

1 / 2 9 Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o r g > Post-Quantum Crypto Bernd Fix < b r f @ h o i - p o l l o i . o r g > 2 / 2 9 Intro P r

340 views • 29 slides
Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for 2020 Tim Gneysu Hardware Security Group Horst Grtz Institute for IT-Security, Bochum 1/24/2013 Outline Introduction Alternative Public-Key

735 views • 55 slides
Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The

Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The

Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The Netherlands Spring 2015 Crypto today Ephemeral ECDH on 256 -bit curve to compute shared key Use EdDSA signatures for public-key

1.43k views • 109 slides
Revisiting Post-Quantum Fiat-Shamir Qipeng Liu & Mark Zhandry

Revisiting Post-Quantum Fiat-Shamir Qipeng Liu & Mark Zhandry

Revisiting Post-Quantum Fiat-Shamir Qipeng Liu & Mark Zhandry (Princeton & NTT Research) Lattice Crypto Post-Quantum Crypto Typical Lattice Crypto Thm: are

623 views • 61 slides
The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at Chicago, Eindhoven University of Technology Post-quantum cryptography: Cryptography designed under the assumption that the attacker (not the user!) has

1.29k views • 94 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P. Chandrakasan * utsav@mit.edu Massachusetts Institute of Technology Post-Quantum Cryptography Current public key

911 views • 25 slides
Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST)

Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST)

Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST) When will a quantum computer be built that breaks current crypto? 15 years, $1 billion USD, nuclear power plant (to break RSA-2048)

432 views • 16 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation

A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation

A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM Qian Guo, Thomas Johansson, Alexander Nilsson August 10, 2020 Preliminaries Implementing Crypto Is Hard

994 views • 80 slides
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES, SERPENT, ICEBERG, HIGHT,

844 views • 68 slides
Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding

Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding

Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding acknowledgements: Summer School on real-world crypto and privacy ibenik, Croatia June 11, 2018

1.67k views • 106 slides
Quantum Cryptography Quantum Cryptography Quantum Quantum Crypto ?? Crypto ?? or or How

Quantum Cryptography Quantum Cryptography Quantum Quantum Crypto ?? Crypto ?? or or How

Quantum Cryptography Quantum Cryptography Quantum Quantum Crypto ?? Crypto ?? or or How Alice Outwits Eve How Alice Outwits Eve Cani Cani Samuel J. Lomonaco, Jr. Samuel J. Lomonaco, Jr. Dept. of Comp. Sci Dept. of Comp. Sci. &

445 views • 16 slides
Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1

Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1

Saturnin A suite of lightweight symmetric algorithms for post-quantum security Anne Canteaut 1 Sbastien Duval 2 Gatan Leurent 1 Mara Naya-Plasencia 1 Lo Perrin 1 Thomas Pornin 3 Andr Schrottenloher 1 1 Inria, France 2 UCL Crypto Group,

750 views • 26 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS IRISA Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS Lab-STICC Introduction 1 HTMM

591 views • 40 slides
(NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction

(NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction

National Public Key Infrastructure (NPKI) Interregional Standardization Forum for PKI & e-Trust 4-5 th April 2019 Introduction The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures

303 views • 7 slides
Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

quinn emanuel trial lawyers | australia Level 15, 111 Elizabeth Street, Sydney NSW 2000, Australia | TEL +61 2 9146 3500 Level 41, 108 St Georges Terrace, Perth WA 6000 Australia | TEL +61 8 6382 3000 Law: Business or Profession Conference of

341 views • 22 slides
Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman

Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman

Consumer protection Introduction to consumer law & consumer enforcement Jason Freeman (November 2017) Did you know You are all consumers Aims This session will provide you as advisers in law centres- with an introduction

954 views • 63 slides
Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

416 views • 26 slides
Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Practical Security and Key Management Management University of Amsterdam Introduction SNE - Research Project 2 Research Question Security levels Secure elements By: Key Magiel van der Meer management PGP

778 views • 20 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides

More recommend