unforgeable quantum encryption
play

Unforgeable Quantum Encryption Gorjan Alagic 1 Tommaso Gagliardoni 2 - PowerPoint PPT Presentation

Nov 06, 2023 •314 likes •1.28k views

Unforgeable Quantum Encryption Gorjan Alagic 1 Tommaso Gagliardoni 2 Christian Majenz 3 1 QuICS, University of Maryland, and NIST, USA 2 IBM Research Zurich, Switzerland 3 University of Amsterdam, and QuSoft, CWI, The Netherlands May 3rd, 2018 Tel

  1. Unforgeable Quantum Encryption Gorjan Alagic 1 Tommaso Gagliardoni 2 Christian Majenz 3 1 QuICS, University of Maryland, and NIST, USA 2 IBM Research Zurich, Switzerland 3 University of Amsterdam, and QuSoft, CWI, The Netherlands May 3rd, 2018 Tel Aviv, Israel 1

  2. It’s 1968... 2

  3. It’s 1968... 2

  4. It’s 1968... IBM System/360 Model 85: up to 4 MiB memory!!! 2

  5. It’s 1968... IBM System/360 Model 85: up to 4 MiB memory!!! 50 years change things a lot!!! 2

  6. Meanwhile, in 2018... IBM Q: 50 superconducting qubits QC 3

  7. The Very Likely Future Timeline of QC... 4

  8. The Very Likely Future Timeline of QC... 4

  9. The Very Likely Future Timeline of QC... 4

  10. The Very Likely Future Timeline of QC... 4

  11. The Very Likely Future Timeline of QC... 4

  12. The Very Likely Future Timeline of QC... But remember: 50 years change things a lot!!! 4

  13. The Very Likely Future Timeline of QC... But remember: 50 years change things a lot!!! Scenario: honest and malicious parties alike have access to quantum computers and quantum communication networks. Need to exchange and secure data over a ‘quantum Internet’. 4

  14. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) 5

  15. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) Example: Quantum One-Time Pad (QOTP) 5

  16. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) Example: Quantum One-Time Pad (QOTP) 5

  17. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) Example: Quantum One-Time Pad (QOTP) 5

  18. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) Example: Quantum One-Time Pad (QOTP) 5

  19. Quantum Encryption Secret-key quantum encryption scheme: plaintext and ciphertext are arbitrary quantum states (but key is still classical) Example: Quantum One-Time Pad (QOTP) 5

  20. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  21. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  22. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  23. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  24. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  25. Security for Quantum Encryption [BJ15] introduce quantum indistinguishability under chosen-plaintext attack (QIND-CPA) 6

  26. Security for Quantum Encryption [ABF+16] introduce quantum indistinguishability under non-adaptive chosen-ciphertext attack (QIND-CCA1) 7

  27. Security for Quantum Encryption [ABF+16] introduce quantum indistinguishability under non-adaptive chosen-ciphertext attack (QIND-CCA1) 7

  28. Security for Quantum Encryption [ABF+16] introduce quantum indistinguishability under non-adaptive chosen-ciphertext attack (QIND-CCA1) Theorem [ABF+16] QIND-CCA1 schemes from quantum-resistant OWFs. 7

  29. Security for Quantum Encryption [ABF+16] introduce quantum indistinguishability under non-adaptive chosen-ciphertext attack (QIND-CCA1) Theorem [ABF+16] QIND-CCA1 schemes from quantum-resistant OWFs. 7

  30. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! 8

  31. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) 8

  32. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? 8

  33. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? 8

  34. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? • how to check that without destroying the states? 8

  35. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? • how to check that without destroying the states? Defining QIND-CCA2 open problem for a while [BZ12, BJ15, GHS16] 8

  36. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? • how to check that without destroying the states? Defining QIND-CCA2 open problem for a while [BZ12, BJ15, GHS16] Similar problem for defining INT-CTXT (unforgeability/integrity) 8

  37. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? • how to check that without destroying the states? Defining QIND-CCA2 open problem for a while [BZ12, BJ15, GHS16] Similar problem for defining INT-CTXT (unforgeability/integrity) Existing notions of quantum authentication [DNS, GYZ] have limitations 8

  38. The Problem With Quantum IND-CCA2 Defining quantum IND-CCA2 is tricky! Classically: must impose that no decryption queries are accepted on the challenge ciphertext (decryption oracle replies ⊥ ) Quantumly: how to enforce that? • what does it mean that two states are “equal”? • how to check that without destroying the states? Defining QIND-CCA2 open problem for a while [BZ12, BJ15, GHS16] Similar problem for defining INT-CTXT (unforgeability/integrity) Existing notions of quantum authentication [DNS, GYZ] have limitations What about quantum authenticated encryption? 8

  39. Overview of Results In this work: 9

  40. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) 9

  41. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) 9

  42. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) • Definition of QIND-CCA2 9

  43. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) • Definition of QIND-CCA2 • Definition of Quantum Authenticated Encryption (QAE) 9

  44. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) • Definition of QIND-CCA2 • Definition of Quantum Authenticated Encryption (QAE) • Relationships amongst all these notions and the known ones 9

  45. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) • Definition of QIND-CCA2 • Definition of Quantum Authenticated Encryption (QAE) • Relationships amongst all these notions and the known ones • Relationships to the classical counterparts when restricted to classical messages 9

  46. Overview of Results In this work: • First definition of information-theoretical one-time quantum ciphertext authentication (QCA) • Definition of Quantum Ciphertext Unforgeability (generalizes INT-CTXT to the quantum setting) • Definition of QIND-CCA2 • Definition of Quantum Authenticated Encryption (QAE) • Relationships amongst all these notions and the known ones • Relationships to the classical counterparts when restricted to classical messages • Separations 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso

Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso

Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso Gagliardoni Authenticated Encryption! ( Using AES with 128 bit block size in Galois Counter Mode and SHA2 ) Taxonomy of security Authenticated encryption

440 views • 26 slides
Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso

Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso

Unforgeable quantum encryption Christian Majenz Joint work with Gorjan Alagic and Tommaso Gagliardoni Authenticated Encryption! ( Using AES with 128 bit block size in Galois Counter Mode and SHA2 ) Authenticated Encryption! ( Using AES with 128

893 views • 67 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely & Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption & Authentication Schemes with

829 views • 62 slides
How about quantum computing? Bert de Jong wadejong@lbl.gov - 1 - What makes quantum computing

How about quantum computing? Bert de Jong wadejong@lbl.gov - 1 - What makes quantum computing

How about quantum computing? Bert de Jong wadejong@lbl.gov - 1 - What makes quantum computing so exciting? Speedups over classical computing Unbreakable encryption protocols Quantum simulation Efficient optimization

961 views • 47 slides
Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 , Raymond K. H. Tai 2 , Harry W. H. Wong 2 , Sherman S. M. Chow 2 1 Friedrich-Alexander University Erlangen-Nuremberg 2 Chinese University of Hong Kong

618 views • 59 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
PERSISTENT AND UNFORGEABLE WATERMARKS FOR DEEP NEURAL NETWORKS Huiying Li, Emily Willson, Heather

PERSISTENT AND UNFORGEABLE WATERMARKS FOR DEEP NEURAL NETWORKS Huiying Li, Emily Willson, Heather

DNNS ARE INCREASINGLY POPULAR PERSISTENT AND UNFORGEABLE WATERMARKS FOR DEEP NEURAL NETWORKS Huiying Li, Emily Willson, Heather Zheng, Ben Y. Zhao Hey Siri Oct 30, 2019 1 2 DEEP NEURAL NETWORK (DNN) DNNS ARE HARD TO TRAIN A machine

115 views • 9 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
From Quantum Cellular Automata to Quantum Field Theory Alessandro Bisio Frontiers of Fundamental

From Quantum Cellular Automata to Quantum Field Theory Alessandro Bisio Frontiers of Fundamental

From Quantum Cellular Automata to Quantum Field Theory Alessandro Bisio Frontiers of Fundamental Physics Marseille, July 15-18th 2014 in collaboration with Giacomo Mauro DAriano o University of Pavia Paolo Perinotti QUIT group

912 views • 42 slides
A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements Behrooz Parhami (2nd author) Dept. Electrical & Computer Eng. Univ. of California, Santa Barbara Dariush Abedi Ghassem Jaberipur Shahid

361 views • 25 slides
The Free Lead System Mavericks versus . Villains Destroy Our Livelihood Seduce our

The Free Lead System Mavericks versus . Villains Destroy Our Livelihood Seduce our

Brett and Ethan Present: The Free Lead System Mavericks versus . Villains Destroy Our Livelihood Seduce our clients away Keep our retention low Impede our success for mass commission Our story #1 Joint Venture

411 views • 16 slides
e-Skills Fostering Competitiveness, Growth and Jobs Wrocaw, Poland, 15 October 2014 The

e-Skills Fostering Competitiveness, Growth and Jobs Wrocaw, Poland, 15 October 2014 The

e-Skills Fostering Competitiveness, Growth and Jobs Wrocaw, Poland, 15 October 2014 The e-Skills Pyramid e-Leadership skills ): these correspond to the capabilities needed to exploit opportunities provided by ICT, notably the Internet; to

508 views • 23 slides
Publication bias in QCA Publication bias in QCA Publication bias in QCA Meaning, diagnosis and

Publication bias in QCA Publication bias in QCA Publication bias in QCA Meaning, diagnosis and

24.1.2019 Publication bias in QCA Publication bias in QCA Publication bias in QCA Publication bias in QCA Meaning, diagnosis and remedies Meaning, diagnosis and remedies Meaning, diagnosis and remedies Ingo Rohlng Ingo Rohlng Ingo

539 views • 38 slides
Quantum simulations using split-step quantum walks C. M. Chandrashekar Optics and Quantum

Quantum simulations using split-step quantum walks C. M. Chandrashekar Optics and Quantum

Quantum simulations using split-step quantum walks C. M. Chandrashekar Optics and Quantum Information Group The Institute of Mathematical Sciences, Chennai, India 15th February 2016, ISCQI 2016, IOP, Bhubaneswar Quantum simulations using

393 views • 28 slides
Proposed A-level Revision 2012 Engineers for Education Briefing Event : Royal Academy of

Proposed A-level Revision 2012 Engineers for Education Briefing Event : Royal Academy of

Proposed A-level Revision 2012 Engineers for Education Briefing Event : Royal Academy of Engineering : 11 th June 2009. Background and Timing The last major change to A-level qualifications involved courses taught from 2000 (Curriculum 2000). It

200 views • 3 slides
Vascular Scaffolds in Patients with Coronary Artery Disease: ABSORB III Trial 2-Year Results

Vascular Scaffolds in Patients with Coronary Artery Disease: ABSORB III Trial 2-Year Results

Everolimus-eluting Bioresorbable Vascular Scaffolds in Patients with Coronary Artery Disease: ABSORB III Trial 2-Year Results Stephen G. Ellis, MD, Dean J. Kereiakes, MD, and Gregg W. Stone, MD for the ABSORB III Investigators ABSORB III/IV

503 views • 18 slides

More recommend