post quantum cryptography
play

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) - PowerPoint PPT Presentation

Jan 08, 2024 •197 likes •894 views

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

  1. Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity

  2. � � Cryptography ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 2

  5. � � � Secret-key encryption ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 5

  6. � � � Secret-key authenticated encryption ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 5

  7. � � Secret-key authenticated encryption � ? ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 5

  8. � � � � � � � Public-key signatures ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Alice publishes any number of messages. ◮ Security goal: Integrity. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 6

  9. � � � � � � Public-key signatures � ? ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Alice publishes any number of messages. ◮ Security goal: Integrity. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 6

  10. � � � � � � � � � � � Public-key authenticated encryption (“DH” data flow) ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Bob has a secret key and public key . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality. ◮ Security goal #2: Integrity. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 7

  11. Many more security goals studied in cryptography ◮ Protecting against denial of service. ◮ Stopping traffic analysis. ◮ Securely tallying votes. ◮ Searching encrypted data. ◮ Much more. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 8

  12. Attackers exploit physical reality ◮ 1996 Kocher: Typical crypto is broken by side channels . ◮ Response: Hundreds of papers on side-channel defenses. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 9

  13. Attackers exploit physical reality ◮ 1996 Kocher: Typical crypto is broken by side channels . ◮ Response: Hundreds of papers on side-channel defenses. ◮ Focus of this lecture: Large universal quantum computers . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDHE is dead. ◮ This breaks all current public-key cryptography on the Internet! Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 9

  14. Attackers exploit physical reality ◮ 1996 Kocher: Typical crypto is broken by side channels . ◮ Response: Hundreds of papers on side-channel defenses. ◮ Focus of this lecture: Large universal quantum computers . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDHE is dead. ◮ This breaks all current public-key cryptography on the Internet! ◮ Also, Grover’s algorithm speeds up brute-force searches. ◮ Example: Only 2 64 quantum operations to break AES-128; 2 128 quantum operations to break AES-256. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 9

  15. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 10

  16. Physical cryptography: a return to the dark ages ◮ Example: Locked briefcases. ◮ One-time pad is information-theoretically secure, i.e. no computational assumptions. ◮ Horrendously expensive. ◮ Can call it “locked-briefcase cryptography” but it’s much more expensive than normal crypto. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 11

  17. Physical cryptography: a return to the dark ages ◮ Example: Locked briefcases. ◮ One-time pad is information-theoretically secure, i.e. no computational assumptions. ◮ Horrendously expensive. ◮ Can call it “locked-briefcase cryptography” but it’s much more expensive than normal crypto. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 11

  18. Physical cryptography: a return to the dark ages ◮ Example: Locked briefcases. ◮ One-time pad is information-theoretically secure, i.e. no computational assumptions. ◮ Horrendously expensive. ◮ Can call it “locked-briefcase cryptography” but it’s much more expensive than normal crypto. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit. ◮ Very limited functionality: e.g., no public-key signatures. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 11

  19. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 12

  20. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 12

  21. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications. ◮ Example: ECC introduced 1985 ; big advantages over RSA. Robust ECC started to take over the Internet in 2015 . ◮ Can’t wait for quantum computers before finding a solution! Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 12

  22. Even higher urgency for long-term confidentiality ◮ Today’s encrypted communication is being stored by attackers and will be decrypted years later with quantum computers. Danger for human-rights workers, medical records, journalists, security research, legal proceedings, state secrets, . . . Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 13

  23. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. Tanja Lange,(with Daniel J. Bernstein) https://pqcrypto.eu.org Post-quantum cryptography 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n > k noisy channel noisy

783 views • 52 slides
Earths Recent Climate History Climate evolution over the last 65 million years

Earths Recent Climate History Climate evolution over the last 65 million years

Earths Recent Climate History Climate evolution over the last 65 million years (www.alpineanalytics.com/Climate/DeepTime.html). Warm, ice free Temperature evolution over the last 110 million years from the benthic times correspond to times of

275 views • 6 slides
Pic4Review : street-level pictures for fun thematic mapping Adrien Pavie 30 july 2018 Ground

Pic4Review : street-level pictures for fun thematic mapping Adrien Pavie 30 july 2018 Ground

So TM 2018 Pic4Review : street-level pictures for fun thematic mapping Adrien Pavie 30 july 2018 Ground surveying in cities ? Introduction State of the art Pic4Review What's next 2 What about pictures ? Geolocated

696 views • 25 slides
The Department of Earth System Science at the University of California, Irvine Overview We study

The Department of Earth System Science at the University of California, Irvine Overview We study

The Department of Earth System Science at the University of California, Irvine Overview We study how the atmosphere, land and oceans interact as a system and how the Earth will change over a human lifetime. We focus on key areas of climate

365 views • 10 slides
Dynamics of quasiregular mappings in higher dimensions Walter Bergweiler

Dynamics of quasiregular mappings in higher dimensions Walter Bergweiler

Dynamics of quasiregular mappings in higher dimensions Walter Bergweiler Christian-Albrechts-Universitt zu Kiel 24098 Kiel, Germany bergweiler@math.uni-kiel.de Bremen, April 7, 2014 Iteration of exponential functions E ( z ) = e z 2

1.58k views • 111 slides
Creating a Safety Culture (The CGH Journey So Far) 2 Safety Culture The sum of what an

Creating a Safety Culture (The CGH Journey So Far) 2 Safety Culture The sum of what an

<Insert cover image here, follow by right click send to back> Creating a Safety Culture (The CGH Journey So Far) 2 Safety Culture The sum of what an organization is and does in the pursuit of safety The product of individual and

503 views • 33 slides
Energy lo localiz ization, quantum chaos, , and and th the melt lt-down of dig igit ital

Energy lo localiz ization, quantum chaos, , and and th the melt lt-down of dig igit ital

Energy lo localiz ization, quantum chaos, , and and th the melt lt-down of dig igit ital l quantum sim imula lation Philipp Hauke, Heidelberg University Markus Heyl, MPI-PKS Dresden Peter Zoller, IQOQI and University of Innsbruck

931 views • 35 slides
Information Visualization Paolo Buono paolo.buono@uniba.it Paolo Buono Information

Information Visualization Paolo Buono paolo.buono@uniba.it Paolo Buono Information

Interaction Visualization Usability & UX Laboratory Information Visualization Paolo Buono paolo.buono@uniba.it Paolo Buono Information Visualization 24 febbraio 2016 1 Dati Interaction Visualization Usability & UX

621 views • 43 slides
Open Data & Data Management: the INFN experience Marcello Maggi INFN Senior Researcher Istituto

Open Data & Data Management: the INFN experience Marcello Maggi INFN Senior Researcher Istituto

Open Data & Data Management: the INFN experience Marcello Maggi INFN Senior Researcher Istituto Nazionale Fisica Nucleare Bari-Italy A Chaotic view from a scientist point of view The HEP Scientist The Standard Model Of

474 views • 31 slides

More recommend