post quantum cryptography
play

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange - PowerPoint PPT Presentation

Oct 05, 2022 •272 likes •760 views

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago; Ruhr University Bochum & Technische Universiteit Eindhoven 12 September 2020 Cryptography Sender Receiver Alice Bob Tsai

  1. Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago; Ruhr University Bochum & Technische Universiteit Eindhoven 12 September 2020

  2. � Cryptography Sender Receiver “Alice” “Bob” Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  3. � Cryptography Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  4. � Cryptography Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. ◮ Confidentiality: Eve cannot infer information about the content ◮ Integrity: Eve cannot modify the message without this being noticed ◮ Authenticity: Bob is convinced that the message originated from Alice Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  5. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  12. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  13. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” with quantum computer “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  14. � Symmetric-key authenticated encryption Sender Untrustworthy network Receiver “Alice” “Eve” with quantum computer “Bob” ◮ Very easy solutions if Alice and Bob already share long secret key k : ◮ “One-time pad” for confidentiality. ◮ “Wegman–Carter MAC” for integrity and authenticity. ◮ AES-256: Standardized method to expand short secret key (256-bit k ) into string indistinguishable from long secret key. ◮ AES introduced in 1998 by Daemen and Rijmen. Security analyzed in papers by dozens of cryptanalysts. ◮ No credible threat from quantum algorithms. Grover costs 2 128 . ◮ Some results assume attacker has quantum access to computation, then some systems are weaker . . . but I’d know if my laptop had turned into a quantum computer. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  15. Post-quantum cryptography Cryptography under the assumption that the attacker has a quantum computer. ◮ 1994: Shor’s quantum algorithm. 1996: Grover’s quantum algorithm. Many subsequent papers on quantum algorithms: see quantumalgorithmzoo.org . ◮ 2003: Daniel J. Bernstein introduces term Post-quantum cryptography. ◮ 2006: First International Workshop on Post-Quantum Cryptography. PQCrypto 2006, 2008, 2010, 2011, 2013, 2014, 2016, 2017, 2018, 2019, (soon) 2020. ◮ 2015: NIST hosts its first workshop on post-quantum cryptography. ◮ 2016: NIST announces a standardization project for post-quantum systems. ◮ 2017: Deadline for submissions to the NIST competition. ◮ 2019: Second round of NIST competition begins. ◮ 2020: Third round of NIST competition begins. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 10

  16. 21 December 2017: NIST posts 69 submissions from 260 people. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  17. By end of 2017: 8 out of 69 submissions attacked. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  18. By end of 2018: 22 out of 69 submissions attacked. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  19. 30 January 2019: 26 candidates retained for second round. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Merges for second round: HILA5 & Round2; LAKE, LOCKER, & Ouroboros-R; LEDAkem & LEDApkc; NTRUEncrypt & NTRU-HRSS-KEM. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

894 views • 68 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Overview of SPS-Provided Technology Student-Parent Orientations 2020-2021 Springfield Public

Overview of SPS-Provided Technology Student-Parent Orientations 2020-2021 Springfield Public

Overview of SPS-Provided Technology Student-Parent Orientations 2020-2021 Springfield Public Schools 2020-2021 Springfield Public Schools 2020-2021 Springfield Public Schools 2016-2017 Topics Covered About your students username and

617 views • 16 slides
O F A V IRTUAL C AREER F AIR Sponsored by Tyler Gerstandt Director of Audit Services 1

O F A V IRTUAL C AREER F AIR Sponsored by Tyler Gerstandt Director of Audit Services 1

8/27/2020 M AKING T HE M OST O F A V IRTUAL C AREER F AIR Sponsored by Tyler Gerstandt Director of Audit Services 1 8/27/2020 C AREER F AIR O VERVIEW A ND H ANDSHAKE A CCESS Going Virtual! A virtual format will enhance the experience,

554 views • 19 slides
s r s srtr

s r s srtr

s r s srtr t sttr r rrss ss rr

665 views • 38 slides
MATH 12002 - CALCULUS I 3.3: Increasing & Decreasing Functions Professor Donald L. White

MATH 12002 - CALCULUS I 3.3: Increasing & Decreasing Functions Professor Donald L. White

MATH 12002 - CALCULUS I 3.3: Increasing & Decreasing Functions Professor Donald L. White Department of Mathematical Sciences Kent State University D.L. White (Kent State University) 1 / 11 First Derivative Tests Increasing/Decreasing

333 views • 11 slides
Communi ty Meeti ng: R oute 93 / 38 / 28 T r affi c Cr ashes Ci ty of S omer vi l

Communi ty Meeti ng: R oute 93 / 38 / 28 T r affi c Cr ashes Ci ty of S omer vi l

Communi ty Meeti ng: R oute 93 / 38 / 28 T r affi c Cr ashes Ci ty of S omer vi l l e Massachusetts Mayor Joseph A. Cur tatone G e o rg e Pro a kis E xe c utive Dire c to r, OSPCD Bra d Ra w s o n Dire c to r, Mo b

364 views • 23 slides
CENG 342 Digital Systems Sign-magnitude Adder Larry Pyeatt SDSM&T Inattention Blindness

CENG 342 Digital Systems Sign-magnitude Adder Larry Pyeatt SDSM&T Inattention Blindness

CENG 342 Digital Systems Sign-magnitude Adder Larry Pyeatt SDSM&T Inattention Blindness How many Red Points do you see in the picture? 5 or 6? Inattention Blindness How many Red Points do you see in the picture? 5 or 6? How many

517 views • 9 slides
Completely log-concave polynomials and matroids Cynthia Vinzant (North Carolina State

Completely log-concave polynomials and matroids Cynthia Vinzant (North Carolina State

Completely log-concave polynomials and matroids Cynthia Vinzant (North Carolina State University) joint work with Nima Anari, KuiKui Liu, Shayan Oveis Gharan (Stanford) (U. Washington) (U. Washington) Cynthia Vinzant Completely

242 views • 20 slides
Synchronized Aggregate Signatures from the RSA Assumption Brent Waters Susan Hohenberger

Synchronized Aggregate Signatures from the RSA Assumption Brent Waters Susan Hohenberger

Synchronized Aggregate Signatures from the RSA Assumption Brent Waters Susan Hohenberger Aggregate Signatures [Boneh-Gentry-Lynn-Shacham03] Idea: Compress several signatures into one PK 3 PK 1 PK 2 PK n M 3 M 1 M 2 M n Sig 1 Sig 2 Sig

646 views • 23 slides

More recommend