quantum computers the future attack that breaks today s
play

Quantum computers: the future attack that breaks todays messages - PowerPoint PPT Presentation

May 11, 2023 •161 likes •950 views

Quantum computers: the future attack that breaks todays messages Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago & Technische Universiteit Eindhoven 14 December 2018 Cryptography Motivation #1:

  1. Quantum computers: the future attack that breaks today’s messages Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago & Technische Universiteit Eindhoven 14 December 2018

  2. � � Cryptography ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 2

  3. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; electronic ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 3

  4. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; electronic ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. ◮ VPN to company network. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 3

  5. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; electronic ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. ◮ VPN to company network. Snowden in Reddit AmA Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 3

  8. Cryptographic tools Many factors influence the security and privacy of data: ◮ Secure storage, physical security; access control. ◮ Protection against alteration of data ⇒ public-key signatures, message-authentication codes. ◮ Protection of sensitive content against reading ⇒ encryption. Many more security goals studied in cryptography ◮ Protecting against denial of service. ◮ Stopping traffic analysis. ◮ Securely tallying votes. ◮ Searching in and computing on encrypted data. ◮ . . . Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 6

  9. Cryptanalysis ◮ Cryptanalysis is the study of security of cryptosystems. ◮ Breaking a system can mean that the hardness assumption was not hard or that it just was not as hard as previously assumed. ◮ Public cryptanalysis is ultimately constructive – ensure that secure systems get used, not insecure ones. ◮ Weakened crypto ultimately backfires – attacks in 2018 because of crypto wars in the 90s. ◮ Good arsenal of general approaches to cryptanalysis. There are some automated tools. ◮ This area is constantly under development; researchers revisit systems continuously. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 7

  12. Security assumptions ◮ Hardness assumptions at the basis of all public-key and essentially all symmetric-key systems result from (failed) attempts at breaking systems. Security proofs are built only on top of those assumptions. ◮ A solid symmetric system is required to be as strong as exhaustive key search. ◮ For public-key systems the best attacks are faster than exhaustive key search. Parameters are chosen to ensure that the best attack is infeasible. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 10

  13. Key-size recommendations Future System Use Parameter Legacy Near Term Long Term Symmetric Key Size k 80 128 256 Hash Function Output Size 160 256 512 m MAC Output Size ⋆ 80 128 256 m RSA Problem ℓ ( n ) ≥ 1024 3072 15360 ℓ ( p n ) ≥ Finite Field DLP 1024 3072 15360 ℓ ( p ) , ℓ ( q ) ≥ 160 256 512 ECDLP ℓ ( q ) ≥ 160 256 512 ℓ ( p k · n ) ≥ Pairing 1024 6144 15360 ℓ ( p ) , ℓ ( q ) ≥ 160 256 512 ◮ Source: ECRYPT-CSA “Algorithms, Key Size and Protocols Report” (2018). ◮ These recommendations take into account attacks known today. ◮ Use extrapolations to larger problem sizes. ◮ Attacker power typically limited to 2 128 operations (less for legacy). ◮ More to come on long-term security . . . Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 11

  14. Summary: current state of the art ◮ Currently used crypto (check the lock icon in your browser) starts with RSA, Diffie-Hellman (DH) in finite fields, or elliptic-curve Diffie-Hellman (ECDH). ◮ Older standards are RSA or elliptic curves from NIST (or Brainpool), e.g. NIST P256 or ECDSA. ◮ Internet currently moving over to Curve25519 (Bernstein) and Ed25519 (Bernstein, Duif, Lange, Schwabe, and Yang). ◮ For symmetric crypto TLS (the protocol behind https) uses AES or ChaCha20 and some MAC, e.g. AES-GCM or ChaCha20-Poly1305. High-end devices have support for AES-GCM, smaller ones do better with ChaCha20-Poly1305. ◮ Security is getting better. Some obstacles: bugs; untrustworthy hardware; Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 12

  15. Summary: current state of the art ◮ Currently used crypto (check the lock icon in your browser) starts with RSA, Diffie-Hellman (DH) in finite fields, or elliptic-curve Diffie-Hellman (ECDH). ◮ Older standards are RSA or elliptic curves from NIST (or Brainpool), e.g. NIST P256 or ECDSA. ◮ Internet currently moving over to Curve25519 (Bernstein) and Ed25519 (Bernstein, Duif, Lange, Schwabe, and Yang). ◮ For symmetric crypto TLS (the protocol behind https) uses AES or ChaCha20 and some MAC, e.g. AES-GCM or ChaCha20-Poly1305. High-end devices have support for AES-GCM, smaller ones do better with ChaCha20-Poly1305. ◮ Security is getting better. Some obstacles: bugs; untrustworthy hardware; let alone anti-security measures such as aabill. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 12

  18. Universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 15

  19. Universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 15

  20. Universal quantum computers are coming, and are scary ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! Daniel J. Bernstein & Tanja Lange Quantum computers – the future attack that breaks today’s messages 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Summary: * Why quantum for computers? * Logic gates and algorithms * Manipulating quantum

Elements of quantum information processing and quantum computers (with trapped ion examples) D. J. Wineland, Dept. of Physics, U Oregon, Eugene, OR; & Research Associate, NIST, Boulder, CO Summary: * Why quantum for computers? *

742 views • 42 slides
COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules

COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules

COMPUTING COMPUTERS TAKING A QUANTUM LEAP Quantum computers will harness the power of atoms and molecules to perform calculations billions of times faster than todays silicon-based computers. They will also enable new revolutionary

299 views • 6 slides
Qu Quantum co computers, ho how do do the hey work and nd wha hat can n the hey do do?

Qu Quantum co computers, ho how do do the hey work and nd wha hat can n the hey do do?

Qu Quantum co computers, ho how do do the hey work and nd wha hat can n the hey do do? Outline Quantum technology Quantum computing What is the advantage? The qubits Operating the quantum computer Quantum computing initiatives

475 views • 31 slides
Quantum Mechanics; a Blessing and a Curse By Elias Marcopoulos Quantum Computers Quantum

Quantum Mechanics; a Blessing and a Curse By Elias Marcopoulos Quantum Computers Quantum

Quantum Mechanics; a Blessing and a Curse By Elias Marcopoulos Quantum Computers Quantum Computers are just like regular computers, they crunch numbers Quantum Computers Quantum Computers are just like regular computers, they crunch

926 views • 74 slides
Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz

Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz

Cryptography for the quantum internet Elements of a quantum TLS Christian Majenz Colloquium Informatics Institute, University of Amsterdam Quantum computers Quantum computers Accelerating effort to build a quantum computer Quantum

1.74k views • 115 slides
29: Selected Ideas from CS 1. The stored program Concept Computers Breaks away from the

29: Selected Ideas from CS 1. The stored program Concept Computers Breaks away from the

29: Selected Ideas from CS 1. The stored program Concept Computers Breaks away from the idea of a particular Everything an actual computer can do is the result of extremely simple arithmetic and logical machine that does a particular

397 views • 5 slides
An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security Prepared by: Nima Bayan, P.Eng. Fall 2003 Contents ! Introduction " Cryptography and Relativity " Quantum Algorithms " Quantum Computers !

227 views • 11 slides
A Side-Channel Assisted Cryptanalytic Attack Against QcBits Mlissa Rossi Mike Hamburg

A Side-Channel Assisted Cryptanalytic Attack Against QcBits Mlissa Rossi Mike Hamburg

A Side-Channel Assisted Cryptanalytic Attack Against QcBits Mlissa Rossi Mike Hamburg Michael Hutter Mark E. Marson Possible path for post-quantum security Error-correcting codes Quantum computers may threaten the mathematical

892 views • 66 slides
Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos Santha CNRS, IRIF, Universit Paris Diderot, France and Centre for Quantum Technologies, NUS, Singapore 1/36 Plan of the talk 1 Crash course on

543 views • 36 slides
Quantum Information Theory Renato Renner ETH Zurich Do quantum computers exist?

Quantum Information Theory Renato Renner ETH Zurich Do quantum computers exist?

Quantum Information Theory Renato Renner ETH Zurich Do quantum computers exist? Geordie Rose and his D-Wave quantum computer Commercial devices Quantum cryptography device by id

1.29k views • 112 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
What do quantum computers do? Daniel J. Bernstein Quantum algorithm means an algorithm

What do quantum computers do? Daniel J. Bernstein Quantum algorithm means an algorithm

1 What do quantum computers do? Daniel J. Bernstein Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum computers supported instruction set.

1.5k views • 132 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum

What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum

1 What do quantum computers do? Daniel J. Bernstein University of Illinois at Chicago Quantum algorithm means an algorithm that a quantum computer can run. i.e. a sequence of instructions, where each instruction is in a quantum

892 views • 76 slides
From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness

From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness

We Need Faster . . . What Physical . . . How Can We Find . . . This Leads to . . . From Quantum Computing Types of Physical . . . to Computers Quantum Processes . . . Randomness in General of Generation Omega Completely Lawless . . .

383 views • 20 slides
The 2017 attack the largest to have ever hit the health service hit computers at hospitals

The 2017 attack the largest to have ever hit the health service hit computers at hospitals

The 2017 attack the largest to have ever hit the health service hit computers at hospitals and GP surgeries across 48 NHS trusts. At least 6,900 NHS appointments were cancelled, and up to 19,000 affected in total, after staff were

890 views • 73 slides
1. If I like it, its MINE 2. If its in my hand, its MINE 3. If I can take it from

1. If I like it, its MINE 2. If its in my hand, its MINE 3. If I can take it from

He owns it all | Genesis 1.26-31 1. If I like it, its MINE 2. If its in my hand, its MINE 3. If I can take it from you, its MINE 4. If I had it a while ago, its MINE 5. If its MINE, it must never appear to be yours in any

175 views • 17 slides
Taming the Beast Assess Kerberos-Protected Networks Emmanuel Bouillon Introduction

Taming the Beast Assess Kerberos-Protected Networks Emmanuel Bouillon Introduction

Taming the Beast Assess Kerberos-Protected Networks Emmanuel Bouillon Introduction Sophisticated network authentication system holy grail of sys & net admins: secure single sign on Used by large organizations and academic

515 views • 38 slides
Acceleration Targets: A Study of Popular Benchmark Suites Lisa Wu and Martha A. Kim, Department

Acceleration Targets: A Study of Popular Benchmark Suites Lisa Wu and Martha A. Kim, Department

Acceleration Targets: A Study of Popular Benchmark Suites Lisa Wu and Martha A. Kim, Department of Computer Science, Columbia University { lisa,martha } @cs.columbia.edu 1 Introduction Benchmark Granularity Suite fine medium coarse Using

325 views • 16 slides
Entity Linking and Coreference Resolution CSCI 699 Instructor: Xiang Ren USC Computer Science

Entity Linking and Coreference Resolution CSCI 699 Instructor: Xiang Ren USC Computer Science

Entity Linking and Coreference Resolution CSCI 699 Instructor: Xiang Ren USC Computer Science Entity Linking: CSCI 699 Entity Linking: The Problem Query Entity NIL Given a source document, identify entities mentioned in text, and find

2.26k views • 126 slides
Digital Devices and Distracted Minds: Evaluating evidence of the relationship between media use

Digital Devices and Distracted Minds: Evaluating evidence of the relationship between media use

24/08/2020 Digital Devices and Distracted Minds: Evaluating evidence of the relationship between media use and cognitive control Dr. DB le Roux Cognition and Technology Research Group, Stellenbosch University Maties Machine Learning, 21

211 views • 19 slides
edgehill.ac.uk/ls Learning Edge The Students Ideal VLE Adrian Cain edgehill.ac.uk/ls The

edgehill.ac.uk/ls Learning Edge The Students Ideal VLE Adrian Cain edgehill.ac.uk/ls The

edgehill.ac.uk/ls Learning Edge The Students Ideal VLE Adrian Cain edgehill.ac.uk/ls The VLE (Virtual Learning Environment) today Infrastructure The VLE, it usage and other technologies Student views - Headlines from EHU

648 views • 50 slides
New Items for October 2014 Highlighted in Yellow REF means verse Itself Isnt quoted; only

New Items for October 2014 Highlighted in Yellow REF means verse Itself Isnt quoted; only

New Items for October 2014 Highlighted in Yellow REF means verse Itself Isnt quoted; only the Reference TL means Time Line, & usually includes a slide series Color Code System: God Baptism Heaven Literal Covenant Women

685 views • 56 slides
Building a Great Team No Gimmicks! DrupalCamp Atlanta | November 10th, 2018 Todays Agenda I.

Building a Great Team No Gimmicks! DrupalCamp Atlanta | November 10th, 2018 Todays Agenda I.

Building a Great Team No Gimmicks! DrupalCamp Atlanta | November 10th, 2018 Todays Agenda I. Team Misconceptions II. What Makes a Healthy Team III. How to Be a Great Teammate IV. Competitive Advantage V. Q&A | 2 Mark brings 20

661 views • 29 slides

More recommend