postquantum cryptography what why and how

Postquantum Cryptography: what, why, and how? SIMBA Enric Florit - PowerPoint PPT Presentation

Nov 07, 2023 •536 likes •1.31k views

. . . . . . . . . . . . . . . . . Postquantum Cryptography: what, why, and how? SIMBA Enric Florit Zacaras . . . . . . . . . . . . . . . . . . . . . . . November 27, 2019 . . . . . . . . . . .

  1. . . . . . . . . . . . . . . . . . Postquantum Cryptography: what, why, and how? SIMBA Enric Florit Zacarías . . . . . . . . . . . . . . . . . . . . . . . November 27, 2019

  2. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 35

  3. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Public-key cryptography Imagine Alice and Bob want to communicate through a channel, but they’ve never met before. How can they agree on a secret key to encrypt their communications, using e.g. AES? . . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 35

  4. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Public-key cryptography Imagine Alice and Bob want to communicate through a channel, but they’ve never met before. How can they agree on a secret key to encrypt their communications, using e.g. AES? . . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 35

  5. . Diffje and Hellman (1976) . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Alice chooses a private key 1 . a p , and publishes A a p . Bob chooses a private key 1 b p , and publishes B b p . They may use the shared secret A b B a ab p . . . . . . . . . . . . . . . . . . 4 / 35 . . . . . . . . . . . . . . Use the group ( Z / p Z ) × = ⟨ α ⟩ .

  6. . What? Postquantum Cryptography . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP How? Isogenies and SIDH . References Diffje and Hellman (1976) Bob chooses a private key 1 b p , and publishes B b p . They may use the shared secret A b B a ab p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 / 35 Use the group ( Z / p Z ) × = ⟨ α ⟩ . Alice chooses a private key 1 < a < p , and publishes A = α a mod p .

  7. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Diffje and Hellman (1976) They may use the shared secret A b B a ab p . . . . . . . . . . . . . . . . . . . . . . 4 / 35 . . . . . Use the group ( Z / p Z ) × = ⟨ α ⟩ . Alice chooses a private key 1 < a < p , and publishes A = α a mod p . Bob chooses a private key 1 < b < p , and publishes B = α b mod p .

  8. . . . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Diffje and Hellman (1976) . . . . . . . . . . . . . . . . . . . . . . . . 4 / 35 Use the group ( Z / p Z ) × = ⟨ α ⟩ . Alice chooses a private key 1 < a < p , and publishes A = α a mod p . Bob chooses a private key 1 < b < p , and publishes B = α b mod p . They may use the shared secret A b ≡ B a ≡ α ab mod p .

  9. . Why? Solving the DLP . . . . . . . . . . Introduction: Diffje-Hellman What? Postquantum Cryptography . How? Isogenies and SIDH References Computational problems Problem (Discrete Logarithm - DLP) Problem (Diffje-Hellman - DHP) Given a cyclic group G and elements a , b G, fjnd ab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 35 Given a cyclic group G = ⟨ α ⟩ and an element β ∈ G, fjnd x ∈ Z such that β = α x .

  10. . . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Computational problems Problem (Discrete Logarithm - DLP) Problem (Diffje-Hellman - DHP) . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 35 Given a cyclic group G = ⟨ α ⟩ and an element β ∈ G, fjnd x ∈ Z such that β = α x . Given a cyclic group G = ⟨ α ⟩ and elements α a , α b ∈ G, fjnd α ab .

  11. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH . . . . . . . . . . . . . . . . . . . . . . . . . . 6 / 35

  12. . . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Why? Solving the DLP Let’s see some algorithms to solve for discrete logarithms! Problem (Discrete Logarithm - DLP) . . . . . . . . . . . . . . . . . . . . . . . . . 7 / 35 Given a cyclic group G = ⟨ α ⟩ and an element β ∈ G, fjnd x ∈ Z such that β = α x .

  13. b and x . 1. Compute and store . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Baby step – giant step b , for 0 . b m . 2. Compute am , for 0 a m , and check for a match am b . 3. If so, am am b . . . . . . . . . . . . . . . . . . . 8 / 35 . . . . . . . . . . . . . . √ Let m > N be an integer. Then for every x ≤ N , x = am + b , with 0 ≤ a , b < m .

  14. b and x . How? Isogenies and SIDH . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography References . Baby step – giant step 2. Compute am , for 0 a m , and check for a match am b . 3. If so, am am b . . . . . . . . . . . . . . . . . 8 / 35 . . . . . . . . . . . . . . √ Let m > N be an integer. Then for every x ≤ N , x = am + b , with 0 ≤ a , b < m . 1. Compute and store α b , for 0 ≤ b < m .

  15. b and x . . . . . . . . . . . Introduction: Diffje-Hellman . . Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Baby step – giant step 3. If so, am am b . . . . . . . . . . . . . . . . . . . . . . . 8 / 35 . . . . . √ Let m > N be an integer. Then for every x ≤ N , x = am + b , with 0 ≤ a , b < m . 1. Compute and store α b , for 0 ≤ b < m . 2. Compute βα − am , for 0 ≤ a < m , and check for a match βα − am = α b .

  16. . . . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Baby step – giant step . . . . . . . . . . . . . . . . . . . . . . . . 8 / 35 √ Let m > N be an integer. Then for every x ≤ N , x = am + b , with 0 ≤ a , b < m . 1. Compute and store α b , for 0 ≤ b < m . 2. Compute βα − am , for 0 ≤ a < m , and check for a match βα − am = α b . 3. If so, β = α am + b and x = am + b .

  17. N p e has order p e , and If p e . What? Postquantum Cryptography . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP References How? Isogenies and SIDH . Pohlig-Hellman Then use the Chinese Remainder Theorem to combine the information. N , then N p e N p e x . We can compute x p e ! *Only useful if N is smooth (all prime factors are small). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 / 35 Idea: factor N = ∏ r i , and obtain x mod p e i i = 1 p e i i for each i .

  18. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Pohlig-Hellman Then use the Chinese Remainder Theorem to combine the information. *Only useful if N is smooth (all prime factors are small). . . . . . . . . . . . . . . . . . . . . . 9 / 35 . . . . . Idea: factor N = ∏ r i , and obtain x mod p e i i = 1 p e i i for each i . If p e | N , then α N / p e has order p e , and β N / p e = ( α N / p e ) x . We can compute x mod p e !

  19. . . . . . . . . . . . . . . Introduction: Diffje-Hellman Why? Solving the DLP What? Postquantum Cryptography How? Isogenies and SIDH References Pohlig-Hellman Then use the Chinese Remainder Theorem to combine the information. *Only useful if N is smooth (all prime factors are small). . . . . . . . . . . . . . . . . . . . . . 9 / 35 . . . . . Idea: factor N = ∏ r i , and obtain x mod p e i i = 1 p e i i for each i . If p e | N , then α N / p e has order p e , and β N / p e = ( α N / p e ) x . We can compute x mod p e !

  20. compute the integer y i for which g i 1 g e i i . . 1. Choose a factor base y i . we will . For each g i Index calculus k References How? Isogenies and SIDH What? Postquantum Cryptography Why? Solving the DLP Introduction: Diffje-Hellman . . 2. Find a relation of the form i t . 3. The discrete logarithm will be x t i 1 e i g i k t i 1 e i y i k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 / 35 It applies to fjnite fjelds: Z / p Z and F p r .

Recommend

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

454 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 El Gamal Encryption Public-Key Cryptography Lecture 9 El Gamal Encryption Public-Key Encryption from Trapdoor OWP Public-Key Cryptography Lecture

2.11k views • 163 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

422 views • 7 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP CCA Security El Gamal Encryption

1.78k views • 162 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp; http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004 Cryptography in FIPS 201 Cryptography in FIPS 201 Digital signatures on logical credentials o CHUID, X.509 certificates, biometrics Cryptographic

272 views • 12 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

893 views • 78 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography (&quot;secret writing&quot;): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Pairs Design Pattern map(docID a, doc d) for all term w in doc d do for all term u NEAR w do w

Pairs Design Pattern map(docID a, doc d) for all term w in doc d do for all term u NEAR w do w

10/14/2011 Pairs Design Pattern map(docID a, doc d) for all term w in doc d do for all term u NEAR w do w v u Emit(pair (w, u), count 1) w reduce (pair p, counts [c1, c2,]) v sum = 0 for all count c in counts do u sum += c Emit(pair

443 views • 14 slides
Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent

Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent

Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent Handles: Recap Persistent Handles: Samba dbwrap approach ctdb approach Persistent Handles: implementation (with dbwrap) VFS approach Outlook The

586 views • 43 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Some Number Theory Modulo Operation: Question: What is 12 mod 9? Answer: 12 mod 9 3 or 12

Some Number Theory Modulo Operation: Question: What is 12 mod 9? Answer: 12 mod 9 3 or 12

CPE 776:DATA SECURITY &amp; CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh summer 2005 Some Number

546 views • 10 slides
Session 3 Column-Oriented Model: Cassandra, HBase Sbastien Combfis Fall 2019 This work is

Session 3 Column-Oriented Model: Cassandra, HBase Sbastien Combfis Fall 2019 This work is

I404B NoSQL Session 3 Column-Oriented Model: Cassandra, HBase Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives

952 views • 61 slides
Hash- Tables Introduction Dictionary Dictionary stores key-value pairs Find( k ) Insert( k

Hash- Tables Introduction Dictionary Dictionary stores key-value pairs Find( k ) Insert( k

Hash- Tables Introduction Dictionary Dictionary stores key-value pairs Find( k ) Insert( k , v ) Delete( k ) O ( n ) O ( 1 ) O ( n ) List O ( log n ) O ( n ) O ( n ) Sorted Array O ( log n ) O ( log n ) O ( log n ) Balanced BST

475 views • 26 slides
Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys

Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys

Preliminaries A bounded asynchronous Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys asynchronous scheme Concluding remarks Jason Crampton Questions Information Security Group Royal

673 views • 43 slides
Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University of Technology 17 June 2019 Secret key encryption MAC Main primitives of secret key / symmetric cryptography High-level primitives Low-level

1.51k views • 114 slides

More recommend