pqchacks a gentle introduction to post quantum
play

PQCHacks: a gentle introduction to post-quantum cryptography Daniel - PowerPoint PPT Presentation

Sep 19, 2022 •124 likes •789 views

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 27 December 2015 D-Wave quantum computer isnt universal . . .

  1. PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 27 December 2015

  5. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about.

  6. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. ◮ Hasn’t managed to find any computation justifying its price. ◮ Hasn’t managed to find any computation justifying 1% of its price.

  7. . . . but universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_quantum_computing .

  8. . . . but universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist.

  9. . . . but universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet!

  10. . . . but universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https://en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “Were actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! ◮ Also, Grover’s algorithm speeds up brute-force searches. ◮ Example: Only 2 64 quantum operations to break AES-128; 2 128 quantum operations to break AES-256.

  12. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive.

  13. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive. ◮ “Provably secure”—under highly questionable assumptions. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit.

  14. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive. ◮ “Provably secure”—under highly questionable assumptions. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit. ◮ Very limited functionality: e.g., no public-key signatures.

  15. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography.

  16. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008.

  17. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010.

  18. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. ◮ PQCrypto 2011. ◮ PQCrypto 2013. ◮ PQCrypto 2014.

  19. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. ◮ PQCrypto 2011. ◮ PQCrypto 2013. ◮ PQCrypto 2014. ◮ PQCrypto 2016: 22–26 Feb. ◮ PQCrypto 2017 planned.

  20. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. ◮ PQCrypto 2010. ◮ PQCrypto 2011. ◮ PQCrypto 2013. ◮ PQCrypto 2014. ◮ PQCrypto 2016: 22–26 Feb. ◮ PQCrypto 2017 planned. ◮ New EU project, 2015–2018: PQCRYPTO, Post-Quantum Cryptography for Long-term Security.

  22. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite.

  23. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. NSA comes late to the party and botches its grand entrance.

  24. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems.

  25. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications.

  26. Confidence-inspiring crypto takes time to build ◮ Many stages of research from cryptographic design to deployment: ◮ Explore space of cryptosystems. ◮ Study algorithms for the attackers. ◮ Focus on secure cryptosystems. ◮ Study algorithms for the users. ◮ Study implementations on real hardware. ◮ Study side-channel attacks, fault attacks, etc. ◮ Focus on secure, reliable implementations. ◮ Focus on implementations meeting performance requirements. ◮ Integrate securely into real-world applications. ◮ Example: ECC introduced 1985 ; big advantages over RSA. Robust ECC is starting to take over the Internet in 2015 . ◮ Post-quantum research can’t wait for quantum computers!

  28. Even higher urgency for long-term confidentiality ◮ Today’s encrypted communication is being stored by attackers and will be decrypted years later with quantum computers. Danger for human-rights workers, medical records, journalists, security research, legal proceedings, state secrets, . . .

  29. Next slide: Initial recommendations of long-term secure post-quantum systems Daniel Augot, Lejla Batina, Daniel J. Bernstein, Joppe Bos, Johannes Buchmann, Wouter Castryck, Orr Dunkelman, Tim G¨ uneysu, Shay Gueron, Andreas H¨ ulsing, Tanja Lange, Mohamed Saied Emam Mohamed, Christian Rechberger, Peter Schwabe, Nicolas Sendrier, Frederik Vercauteren, Bo-Yin Yang

  30. Initial recommendations ◮ Symmetric encryption Thoroughly analyzed, 256-bit keys: ◮ AES-256 ◮ Salsa20 with a 256-bit key Evaluating: Serpent-256, . . . ◮ Symmetric authentication Information-theoretic MACs: ◮ GCM using a 96-bit nonce and a 128-bit authenticator ◮ Poly1305 ◮ Public-key encryption McEliece with binary Goppa codes: ◮ length n = 6960, dimension k = 5413, t = 119 errors Evaluating: QC-MDPC, Stehl´ e-Steinfeld NTRU, . . . ◮ Public-key signatures Hash-based (minimal assumptions): ◮ XMSS with any of the parameters specified in CFRG draft ◮ SPHINCS-256 Evaluating: HFEv-, . . .

  31. Hash-based signatures ◮ Old idea: 1979 Lamport one-time signatures. ◮ Only one prerequisite: a good hash function. ◮ 1979 Merkle extends to more signatures. ◮ Many further improvements. ◮ Security thoroughly analyzed.

  32. A signature scheme for empty messages: key generation

  33. A signature scheme for empty messages: key generation from simplesha3 import sha3256 def keypair(): secret = sha3256(os.urandom(32)) public = sha3256(secret) return public,secret

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum computing and post-quantum cryptography a gentle overview Andrew Savchenko FOSDEM 2017

Quantum computing and post-quantum cryptography a gentle overview Andrew Savchenko FOSDEM 2017

Quantum computing and post-quantum cryptography a gentle overview Andrew Savchenko FOSDEM 2017 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Outline Quantum computing 1

683 views • 57 slides
The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
15-251 Great Ideas in Theoretical Computer Science Lecture 28: A Gentle Introduction to Quantum

15-251 Great Ideas in Theoretical Computer Science Lecture 28: A Gentle Introduction to Quantum

15-251 Great Ideas in Theoretical Computer Science Lecture 28: A Gentle Introduction to Quantum Computation May 1st, 2018 Announcements Please fill out the Faculty Course Evaluations (FCEs). https://cmu.smartevals.com Announcements You can

1.05k views • 71 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
A Gentle Introduction A Gentle Introduction to Bilateral Filtering to Bilateral Filtering and

A Gentle Introduction A Gentle Introduction to Bilateral Filtering to Bilateral Filtering and

A Gentle Introduction A Gentle Introduction to Bilateral Filtering to Bilateral Filtering and its Applications and its Applications Sylvain Paris MIT CSAIL Pierre Kornprobst INRIA Odysse Jack Tumblin Northwestern University

421 views • 19 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Quantum Mechanics A Gentle Introduction Sebastian Riese 27.12.2018 Quantum Mechanics 1/40

Quantum Mechanics A Gentle Introduction Sebastian Riese 27.12.2018 Quantum Mechanics 1/40

Introduction Experiments Theory Application References Quantum Mechanics A Gentle Introduction Sebastian Riese 27.12.2018 Quantum Mechanics 1/40 Introduction Experiments Theory Application References Introduction Experiments Theory

845 views • 43 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding

Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding

Introduction to post-quantum cryptography and learning with errors Douglas Stebila Funding acknowledgements: Summer School on real-world crypto and privacy ibenik, Croatia June 11, 2018

1.67k views • 106 slides
The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion University Credit for some slides: Melissa Chase and Picnic team Post-Quantum Cryptography Large-scale quantum computer could efficiently factor large

533 views • 34 slides
A Gentle Introduction to PythonT EX A Question of Primes Introduction to PythonT EX

A Gentle Introduction to PythonT EX A Question of Primes Introduction to PythonT EX

page.1 A Gentle Introduction to PythonT EX Andrew Mertz, William Slough Overview A Gentle Introduction to PythonT EX A Question of Primes Introduction to PythonT EX Mathematics with Sympy Andrew Mertz William Slough Plots with

872 views • 46 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly

Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly

Midterm Recap Misuse of Crypto and Future Work Clipper chip A lesson in poorly designed protocols Clipper Clipper Goal: Support encrypted communication Confidentiality between devices Goal: Permit law enforcement

639 views • 59 slides
C u s t o m c r y p t o p o l i c i e s b y e x a m p l e s T o m

C u s t o m c r y p t o p o l i c i e s b y e x a m p l e s T o m

C u s t o m c r y p t o p o l i c i e s b y e x a m p l e s T o m M r z P r i n c i p a l S W E n g i n e e r , R e d H a t 1 A G E N D A W h a t w e l l b

963 views • 41 slides
Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by

Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by

Lattice Cryptography Lecture 24 Lattices Lattices A infinite set of points in R n obtained by tiling with a basis Lattices A infinite set of points in R n obtained by tiling with a basis Lattices A infinite set of points in R n

1.48k views • 118 slides
BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things

BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things

BoAT: Future Entry of AIoT Leo Lin PlatON Chief Innovation Officer BoAT-Blockchain of AI Things IoT Device Wallet Protect valuable data from the source Blockchain By 2025, thea global data volume will reach 175ZB , among which IoT device data

102 views • 7 slides
Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Cryptography : how to talk in a secret language in public You broke ! my heart Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock box Only Alice Bob slams knows the the door combination

81 views • 7 slides
Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 15 2018 Outline Symmetric lightweight primitives Most used cryptanalysis Impossible

1.31k views • 76 slides
Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c o w m o p r u l t d e r WEB3 Not a silver bullet Vitalik Buterin: Cryptoeconomic Protocols In the Context of Wider

1.01k views • 83 slides
HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems Pieter.willems@silexinsight.com December 2019 This is Silex Insight What we do: IP provider for security and video in embedded systems Headquarters in

408 views • 22 slides

More recommend