post quantum rsa
play

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and - PowerPoint PPT Presentation

Jan 31, 2024 •271 likes •788 views

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Post-quantum RSA Daniel J. Bernstein, Nadia Heninger,

  1. Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  2. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  3. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  4. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  5. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” ◮ Reviewer 4: “a paranoid post-quantum solution may be sought at the great expense of performance” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  6. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” ◮ Reviewer 4: “a paranoid post-quantum solution may be sought at the great expense of performance” ◮ Reviewer 5: “not cheap” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  7. . . . so how do we respond? ◮ Appeal to the past: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  8. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  9. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  10. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  11. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  12. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  13. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  14. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  15. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  16. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  17. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” ◮ The real answer: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  18. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” ◮ The real answer: “Someone is wrong on the Internet.” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  19. RSA scalability vs. Shor scalability Conventional wisdom: ◮ Shor’s algorithm has the same scalability as legitimate usage of RSA. ◮ “there’s not going to be a larger key-size where a classical user of RSA gains [a] significant advantage over a quantum computing attacker” ◮ “If you increase the key size, it’d still be just as easy to break it as it is to encrypt” What is the actual scalability of integer factorization? What is the actual scalability of legitimate usage of RSA? Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  20. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  21. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) def bubblesort(x): for j in range(len(x)): for i in reversed(range(j)): x[i],x[i+1] = min(x[i],x[i+1]),max(x[i],x[i+1]) bubblesort takes poly time. Θ( n 2 ) comparisons. Huge speedup over blindsort ! Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  22. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) def bubblesort(x): for j in range(len(x)): for i in reversed(range(j)): x[i],x[i+1] = min(x[i],x[i+1]),max(x[i],x[i+1]) bubblesort takes poly time. Θ( n 2 ) comparisons. Huge speedup over blindsort ! Is this the end of the story? No, still not optimal. Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  23. What is the fastest factoring algorithm? Shor’s algorithm? ◮ Poly time. Huge speedup over NFS! ◮ b 2 (log b ) 1+ o (1) qubit operations to factor b -bit integer, using standard subroutines for fast integer arithmetic. Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  24. What is the fastest factoring algorithm? Shor’s algorithm? ◮ Poly time. Huge speedup over NFS! ◮ b 2 (log b ) 1+ o (1) qubit operations to factor b -bit integer, using standard subroutines for fast integer arithmetic. ◮ Is this the end of the story? No, still not optimal. Exercise to illustrate suboptimality of Shor’s algorithm: � 10 3009 π � Find a prime divisor of . Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion University Credit for some slides: Melissa Chase and Picnic team Post-Quantum Cryptography Large-scale quantum computer could efficiently factor large

533 views • 34 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange

Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange

https://microsoft.com/en-us/research/people/plonga http://patricklonga.com Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange from supersingular isogenies: Preliminaries SIDH SIKE

1.82k views • 154 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P. Chandrakasan * utsav@mit.edu Massachusetts Institute of Technology Post-Quantum Cryptography Current public key

911 views • 25 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

1 / 2 9 Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o r g > Post-Quantum Crypto Bernd Fix < b r f @ h o i - p o l l o i . o r g > 2 / 2 9 Intro P r

340 views • 29 slides
A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum

A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum

A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum alg. & braid Crypt. Licheng Wang and Lihua Wang National Institute of Information and Communications Technology Story of two United

272 views • 8 slides
Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work

Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work

Online Cryptography Course Dan Boneh Introduction Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My

961 views • 50 slides
Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018

Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018

Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018 OUR OBJECTIVE 1. Know Key Terms and Concepts 2. Understand Cryptoassets, Tokens Alan Wunsche 3. Highlight Regulatory Concerns CEO, TokenFunder 2

1.37k views • 43 slides
Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and

Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and

Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and Ripple) Demelza Hays demelza.hays@uni.li November 14, 2017 1 Outline Quick review of

564 views • 43 slides
ISITC TC 2 2018 B 018 Baltim imore re Conf nfere renc nce Edward ard S Scheid idt, I

ISITC TC 2 2018 B 018 Baltim imore re Conf nfere renc nce Edward ard S Scheid idt, I

ISITC TC 2 2018 B 018 Baltim imore re Conf nfere renc nce Edward ard S Scheid idt, I ISO Conve nveno nor Technical Standard for Digital Currencies Security September, 2018 Today, many use digital platforms for payments and

222 views • 11 slides
MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. SafeMashups Inc.

MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. SafeMashups Inc.

MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. SafeMashups Inc. sbajaj@verisign.com ravi@safemashups.com www.verisign.com www.safemashups.com info@mashssl.org www.mashssl.org Outline Why do we need a new security

639 views • 17 slides
Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate

Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate

Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate authority, Digital identity management, PKI, Blockchain Reading list: Bitcoin: A Peer-to-Peer Electronic Cash System https://bitcoin.org/bitcoin.pdf

464 views • 10 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides

More recommend