standardization of post quantum cryptography
play

Standardization of post-quantum cryptography Tanja Lange 08 May - PowerPoint PPT Presentation

Feb 26, 2024 •385 likes •623 views

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

  1. Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards

  2. History of post-quantum cryptography ◮ 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 2

  3. History of post-quantum cryptography ◮ 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008, PQCrypto 2010, PQCrypto 2011, PQCrypto 2013. ◮ 2014 EU publishes H2020 call including post-quantum crypto as topic. ◮ PQCrypto 2014. ◮ April 2015 NIST hosts first workshop on post-quantum cryptography ◮ August 2015 NSA wakes up Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 2

  5. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 4

  6. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. NSA comes late to the party and botches its grand entrance. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 4

  7. NSA announcements August 11, 2015 IAD recognizes that there will be a move, in the not distant future, to a quantum resistant algorithm suite. August 19, 2015 IAD will initiate a transition to quantum resistant algorithms in the not too distant future. NSA comes late to the party and botches its grand entrance. Worse, now we get people saying “Don’t use post-quantum crypto, the NSA wants you to use it!” Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 4

  8. Post-quantum becoming mainstream ◮ PQCrypto 2016: 22–26 Feb in Fukuoka, Japan, with more than 200 participants ◮ NIST is calling for post-quantum proposals; expect a small competition. ◮ PQCrypto 2017 planned, will be in Utrecht, Netherlands. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 5

  9. Urgency of post-quantum recommendations ◮ All currently used public-key systems on the Internet are broken by quantum computers. ◮ Today’s encrypted communication can be (and is being!) stored by attackers and can be decrypted later with quantum computer – think of medical records, legal proceedings, and state secrets. ◮ Post-quantum secure cryptosystems exist (to the best of our knowledge) but are under-researched – we can recommend secure systems now, but they are big and slow Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 6

  10. Urgency of post-quantum recommendations ◮ All currently used public-key systems on the Internet are broken by quantum computers. ◮ Today’s encrypted communication can be (and is being!) stored by attackers and can be decrypted later with quantum computer – think of medical records, legal proceedings, and state secrets. ◮ Post-quantum secure cryptosystems exist (to the best of our knowledge) but are under-researched – we can recommend secure systems now, but they are big and slow hence the logo of the PQCRYPTO project. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 6

  11. Urgency of post-quantum recommendations ◮ All currently used public-key systems on the Internet are broken by quantum computers. ◮ Today’s encrypted communication can be (and is being!) stored by attackers and can be decrypted later with quantum computer – think of medical records, legal proceedings, and state secrets. ◮ Post-quantum secure cryptosystems exist (to the best of our knowledge) but are under-researched – we can recommend secure systems now, but they are big and slow hence the logo of the PQCRYPTO project. ◮ PQCRYPTO is an EU project in H2020, running 2015 – 2018. ◮ PQCRYPTO is designing a portfolio of high-security post-quantum public-key systems, and will improve the speed of these systems, adapting to the different performance challenges of mobile devices, the cloud, and the Internet. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 6

  12. Standardize now? Standardize later? ◮ Standardize now! ◮ Rolling out crypto takes long time. ◮ Standards are important for adoption (?) ◮ Need to be up & running when quantum computers come. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 7

  13. Standardize now? Standardize later? ◮ Standardize now! ◮ Rolling out crypto takes long time. ◮ Standards are important for adoption (?) ◮ Need to be up & running when quantum computers come. ◮ Standardize later! ◮ Current options are not satisfactory. ◮ Once rolled out, it’s hard to change systems. ◮ Please wait for the research results, will be much better! Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 7

  14. Standardize now? Standardize later? ◮ Standardize now! ◮ Rolling out crypto takes long time. ◮ Standards are important for adoption (?) ◮ Need to be up & running when quantum computers come. ◮ Standardize later! ◮ Current options are not satisfactory. ◮ Once rolled out, it’s hard to change systems. ◮ Please wait for the research results, will be much better! ◮ But what about users who rely on long-term secrecy of today’s communication? ◮ Recommend now, standardize later. ◮ Recommend very conservative systems now; users who care will accept performance issues and gladly update to faster/smaller options later. ◮ But: standardization takes lots of time, so start standardization processes now. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 7

  15. Initial recommendations of long-term secure post-quantum systems Daniel Augot, Lejla Batina, Daniel J. Bernstein, Joppe Bos, Johannes Buchmann, Wouter Castryck, Orr Dunkelman, Tim G¨ uneysu, Shay Gueron, Andreas H¨ ulsing, Tanja Lange, Mohamed Saied Emam Mohamed, Christian Rechberger, Peter Schwabe, Nicolas Sendrier, Frederik Vercauteren, Bo-Yin Yang Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 8

  16. Initial recommendations ◮ Symmetric encryption Thoroughly analyzed, 256-bit keys: ◮ AES-256 ◮ Salsa20 with a 256-bit key Evaluating: Serpent-256, . . . ◮ Symmetric authentication Information-theoretic MACs: ◮ GCM using a 96-bit nonce and a 128-bit authenticator ◮ Poly1305 ◮ Public-key encryption McEliece with binary Goppa codes: ◮ length n = 6960 , dimension k = 5413 , t = 119 errors Evaluating: QC-MDPC, Stehl´ e-Steinfeld NTRU, . . . ◮ Public-key signatures Hash-based (minimal assumptions): ◮ XMSS with any of the parameters specified in CFRG draft ◮ SPHINCS-256 Evaluating: HFEv-, . . . Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 9

  17. Hash-based signatures Pros: ◮ Post quantum ◮ Only need secure hash function, e.g. SHA3-512, . . . ◮ Need signatures anyways. ◮ Small public key ◮ Security well understood ◮ Fast ◮ Proposed for standards: https://tools.ietf.org/html/ draft-irtf-cfrg-xmss-hash-based-signatures-01 Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 10

  18. Hash-based signatures Pros: ◮ Post quantum ◮ Only need secure hash function, e.g. SHA3-512, . . . ◮ Need signatures anyways. ◮ Small public key ◮ Security well understood ◮ Fast ◮ Proposed for standards: https://tools.ietf.org/html/ draft-irtf-cfrg-xmss-hash-based-signatures-01 Cons: ◮ Biggish signature ◮ Stateful Adam Langley “for most environments it’s a huge foot-cannon.” Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 10

  19. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 11

  20. Stateless hash-based signatures ◮ Idea from 1987 Goldreich: ◮ Signer builds huge tree of certificate authorities. ◮ Signature includes certificate chain. ◮ Each CA is a hash of master secret and tree position. This is deterministic, so don’t need to store results. ◮ Random bottom-level CA signs message. Many bottom-level CAs, so one-time signature is safe. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 12

  21. Stateless hash-based signatures ◮ Idea from 1987 Goldreich: ◮ Signer builds huge tree of certificate authorities. ◮ Signature includes certificate chain. ◮ Each CA is a hash of master secret and tree position. This is deterministic, so don’t need to store results. ◮ Random bottom-level CA signs message. Many bottom-level CAs, so one-time signature is safe. ◮ 0.6 MB: Goldreich’s signature with good 1-time signature scheme. ◮ 1.2 MB: average Debian package size. ◮ 1.8 MB: average web page in Alexa Top 1000000. Tanja Lange https://pqcrypto.eu.org Standardization of post-quantum cryptography 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography

BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography

BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography Standardization Conference August, 24 th 2019, Santa Barbara, California, USA Authors: Affiliations: Nicolas Aragon University of Limoges, France

291 views • 14 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

Presentation of the rank metric Description of the scheme Security and parameters OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography Standardization Conference Carlos AguilarMelchor 2 Nicolas Aragon 1 Slim

157 views • 15 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

894 views • 68 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Secure Intersection with MapReduce R. Ciucanu 1 M. Giraud 2 P. Lafourcade 2 L. Ye 3 1 LIFO, INSA

Secure Intersection with MapReduce R. Ciucanu 1 M. Giraud 2 P. Lafourcade 2 L. Ye 3 1 LIFO, INSA

Secure Intersection with MapReduce R. Ciucanu 1 M. Giraud 2 P. Lafourcade 2 L. Ye 3 1 LIFO, INSA Centre Val de Loire Universit e dOrl eans 2 3 School of Computer Science and Technology Harbin Institute of Technology, China 26 July 2019

397 views • 29 slides
TIME IS POWER - QUANTUMINSERT 1 Learning Goals The Following Learning Goals are Covered in the

TIME IS POWER - QUANTUMINSERT 1 Learning Goals The Following Learning Goals are Covered in the

create your own exercise Mario Silaci, Lucas Wolf TIME IS POWER - QUANTUMINSERT 1 Learning Goals The Following Learning Goals are Covered in the Lecture PreLab Lab What are requirements to perform the QUANTUM X X X INSERT (QI)? How does

615 views • 34 slides
Non-linearity in Davenport-Schinzel Sequences Seth Pettie University of Michigan Isomorphism

Non-linearity in Davenport-Schinzel Sequences Seth Pettie University of Michigan Isomorphism

Non-linearity in Davenport-Schinzel Sequences Seth Pettie University of Michigan Isomorphism and Subsequences Political Isomorphism BUSH is isomorphic to GO BUSH GORE C is isomorphic to A THOMAS is isomorphic to SOUTER THOMAS ,NSA,DOD is

673 views • 65 slides
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2016 Finite State Machines Tyler

ECE 550D Fundamentals of Computer Systems and Engineering Fall 2016 Finite State Machines Tyler

ECE 550D Fundamentals of Computer Systems and Engineering Fall 2016 Finite State Machines Tyler Bletsch Duke University Slides are derived from work by Andrew Hilton (Duke) Last time Who can remind us what we did last time? Storage

645 views • 42 slides
The SJGAD Used Most in NSA Reporting --- Overview Derived From: NSAIC$SM IS2 Datoo : 20070103

The SJGAD Used Most in NSA Reporting --- Overview Derived From: NSAIC$SM IS2 Datoo : 20070103

~ c ~ Coogle pal tal kl/7. IOPSECRET/ISJII ORCON // NOJ -- ~ Hotma ll" You lim il liiiiil YAHoo' tl .... ' I 21' - PRISM/US-984XN Overview OR The SJGAD Used Most in NSA Reporting --- Overview Derived From: NSAIC$SM IS2 Datoo :

191 views • 4 slides
Above My Pay Grade: Incident Response at the National Level Jason Healey Atlantic Council

Above My Pay Grade: Incident Response at the National Level Jason Healey Atlantic Council

Above My Pay Grade: Incident Response at the National Level Jason Healey Atlantic Council Traditional Incident Response But at the national level, incident response is a different game Implications for Misunderstandings between geeks and

541 views • 27 slides
Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? ()

Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? ()

Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? () nsaplayset.org 3D NSA Playset Price Sheet CONGAFLOCK - <$1 A Retroreflector, which is a passive device that reflects differently when a

786 views • 49 slides
Applications of algebraic geometry codes beyond classical coding Gretchen L. Matthews September

Applications of algebraic geometry codes beyond classical coding Gretchen L. Matthews September

Applications of algebraic geometry codes beyond classical coding Gretchen L. Matthews September 10, 2014 C L E M S O N M A T H E M A T I C A L S C I E N C E S Gretchen L. Matthews

1.03k views • 46 slides

More recommend