Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 - - PowerPoint PPT Presentation

quantum computing in cryptography
SMART_READER_LITE
LIVE PREVIEW

Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 - - PowerPoint PPT Presentation

Apr 10, 2023 136 likes •481 views

Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020 Topics: 1. Qubits: why quantum? 2. Shors algorithm and the DLP 3. Quantum Key Distribution and BB84 4. More directions in quantum cryptography 5. Resources: more directions

slide-1
SLIDE 1

Quantum Computing in Cryptography

MATH318/CPSC418 April 15, 2020

slide-2
SLIDE 2

Topics:

  • 1. Qubits: why quantum?
  • 2. Shor’s algorithm and the DLP
  • 3. Quantum Key Distribution and BB84
  • 4. More directions in quantum cryptography
  • 5. Resources: more directions for you!
slide-3
SLIDE 3

Part 1: Basics

slide-4
SLIDE 4

What is a bit?

  • Essentially, a system that stores a binary value (0 or 1)
  • Implemented by capacitors that store charge
slide-5
SLIDE 5

What is a qubit?

  • Represented by a complex unit vector
  • (modulo global phase)
  • - Measurement can only distinguish with certainty between
  • pposite points on the Bloch sphere
slide-6
SLIDE 6

Basis measurements

slide-7
SLIDE 7

Really, what is a qubit?

So far, there are several possible ways to build one:

  • NMR (nuclear magnetic resonance) devices
  • NV (nitrogen vacancy) centers
  • Superconductors
  • Photons
  • Trapped ions
slide-8
SLIDE 8

Properties of qubits

  • Superposition
  • Interference
  • Entanglement
slide-9
SLIDE 9

More weird stuff

  • Measurement postulate
  • No cloning theorem
slide-10
SLIDE 10

More weird stuff

  • Measurement postulate
  • No cloning theorem
  • Can make some tasks difficult, but great for crypto!
slide-11
SLIDE 11

Part 2: Shor’s algorithm

slide-12
SLIDE 12

Question: how to agree on a key?

  • Agree in person, in advance
  • Send via a trusted courier
  • Use a public channel, relying on the protocol for secrecy
  • e.g. Diffie-Hellman, RSA, El Gamal
slide-13
SLIDE 13

Question: how to agree on a key?

  • Agree in person, in advance
  • Send via a trusted courier
  • Use a public channel, relying on the protocol for secrecy
  • e.g. Diffie-Hellman, RSA, El Gamal
  • All of these rely on computationally difficult problems
slide-14
SLIDE 14

Shor’s algorithm

  • Both DLP and factoring can be solved by a quantum computer in

polynomial time, using Shor’s algorithm

  • Both problems are examples of the HSP (hidden subgroup problem)
  • HSP is still open in general, but solved for finite abelian groups
  • No good classical algorithm exists
slide-15
SLIDE 15

Classical reduction

  • Given 𝑂 = 𝑞𝑟 with 𝑞, 𝑟 prime, find 𝑞 or 𝑟
  • Assume 𝑞, 𝑟 ≠ 2, 𝑞 ≠ 𝑟
  • Quantum computers can compute periods in polynomial time:
  • Given 𝑏 and 𝑂, find the smallest exponent 𝑠 > 0 such that 𝑏𝑠 = 𝑏0 = 1 (mod 𝑂)
  • Based on superposition and interference
  • Special case of DLP!
slide-16
SLIDE 16

Algorithm:

  • 1. Pick 𝑏 < 𝑂 and check that gcd 𝑏, 𝑂 = 1
  • 2. Find 𝑠, the period of 𝑏 mod 𝑂
  • 3. If 𝑠 is odd, go back to step 1
  • 4. If 𝑠 is even:

1. If 𝑏𝑠/2 = −1 (mod 𝑂), go back to step 1 2. Else, one of gcd(𝑏𝑠/2 + 1, 𝑂) or gcd(𝑏𝑠/2 − 1, 𝑂) is a factor of 𝑂

slide-17
SLIDE 17

Consequences

  • Diffie-Hellman, RSA, El Gamal, etc. are no longer considered safe
  • Record for largest number factored is 1,005,973 as of 2019
  • Post-quantum cryptography relies on computational difficulty of

problems that are (assumed to be) difficult for both classical and quantum computers

  • e.g. lattices, multivariable equations, etc.
slide-18
SLIDE 18

Part 3: QKD

slide-19
SLIDE 19

Question: how to agree on a key?

  • Agree in person, in advance
  • Send via a trusted courier
  • Use a public channel, relying on the protocol for secrecy
  • e.g. Diffie-Hellman, RSA, El Gamal
  • All of these rely on computationally difficult problems!

One solution: quantum key distribution (QKD)

slide-20
SLIDE 20

A protocol: BB84

slide-21
SLIDE 21

What about Eve?

slide-22
SLIDE 22

Is it secure?

  • In theory, BB84 allows Alice to send a key to Bob over public channels
  • If someone is listening, they will be caught with high probability
  • This security makes no assumptions about Eve’s computational power
slide-23
SLIDE 23

…really?

  • BB84 is very susceptible to physical attacks
  • If Eve can figure out Alice’s basis string, then security is completely lost

https://nis-summer-school.enisa.europa.eu/2018/cources/PQC/7-preneel_qkd_enisa_v2.pdf

slide-24
SLIDE 24

Current challenges

  • Qubit decoherence – qubits can “measure themselves” in transit
  • Appears to be a listener, even if there isn’t
  • Key rate is very low
  • Less than half of the bits transmitted can be used for the key in the ideal

scenario

  • The more decoherence, the lower the key rate
  • Eve can easily prevent Alice and Bob from ever establishing a key
slide-25
SLIDE 25

Modern QKD: Ideas

  • Now in use by major banks, governments, etc.
  • Still developing new protocols to improve the key rate, simplify

measurements, etc.

  • Satellite QKD is looking the most promising
  • Difficult for Eve to interfere with a signal in freespace
  • More immune to tampering with actual device
  • Device-independent QKD
  • What if Alice and Bob don’t trust their QKD devices?
  • Tied to non-local games
slide-26
SLIDE 26

Part 4: Quantum cryptography

slide-27
SLIDE 27

Quantum coin-flipping

  • Suppose Alice and Bob want to flip a coin and communicate the result
  • ver a public channel
  • Both want to win the toss, and neither trusts the other (or the

channel)

  • This can be done using a quantum coin-flipping protocol
  • Similar idea to BB84
slide-28
SLIDE 28

Three-step quantum cryptography

  • QKD can only be used to establish secure keys, not for sending data
  • Encryption/decryption is still Classical
  • Kak’s three-step protocol is a form of quantum encryption
  • Related to quantum commitment schemes
  • Alice and Bob each have the ability to “lock” their data, such that only they

can later unlock it

slide-29
SLIDE 29

Position-based verification

  • Message can only be decrypted by a user at a specific geographic

location

  • Works in theory, but not practical in the foreseeable future
  • Requires a large amount of entanglement
slide-30
SLIDE 30

Part 5: Resources

And some other stuff

slide-31
SLIDE 31

D-Wave

  • https://www.dwavesys.com/
  • Adiabatic quantum computation, useful for machine learning and
  • ptimization problems
  • Not a universal form of computation, so hasn’t attracted as much attention as

Google or IBM

  • Company based on selling cloud access to their computers
  • Currently holds record for largest number factored: 1,005,973

https://link.springer.com/article/10.1007/s11433-018-9307-1

slide-32
SLIDE 32

IBM Qiskit

  • https://qiskit.org/
  • Superconducting quantum computers with 5, 20 or 50 qubits, for

research and teaching purposes

  • Anyone can run programs on their smaller computers via internet
  • Sometimes there is a queue, though, and there is regular maintenance
  • There are a lot of beginner tutorials on their website, so it is worth

looking at if you’re interested

slide-33
SLIDE 33

And finally…

You should take CPSC519 (offered fall 2020)!

  • But be prepared for a lot of linear algebra