you thought your communication was secure quantum
play

You thought your communication was secure? Quantum computers are - PowerPoint PPT Presentation

Aug 04, 2023 •425 likes •1.01k views

You thought your communication was secure? Quantum computers are coming! Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 16 April 2016 1 / 33 Cryptography Motivation

  1. You thought your communication was secure? Quantum computers are coming! Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 16 April 2016 1 / 33

  2. � � Cryptography ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Untrustworthy network Sender Receiver “Eavesdropper” “Jefferson” “Madison” ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. 2 / 33

  5. � � � Secret-key encryption ◮ Prerequisite: Jefferson and Madison share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Jefferson and Madison exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. 5 / 33

  6. � � � Secret-key authenticated encryption ◮ Prerequisite: Jefferson and Madison share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Jefferson and Madison exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. 5 / 33

  7. � � Secret-key authenticated encryption � ? ◮ Prerequisite: Jefferson and Madison share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Jefferson and Madison exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. 5 / 33

  8. � � � � � � � Public-key signatures ◮ Prerequisite: Jefferson has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Jefferson publishes any number of messages. ◮ Security goal: Integrity. 6 / 33

  9. � � � � � � Public-key signatures � ? ◮ Prerequisite: Jefferson has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Jefferson publishes any number of messages. ◮ Security goal: Integrity. 6 / 33

  10. � � � � � � � � � � � Public-key authenticated encryption (“DH” data flow) ◮ Prerequisite: Jefferson has a secret key and public key . ◮ Prerequisite: Madison has a secret key and public key . ◮ Jefferson and Madison exchange any number of messages. ◮ Security goal #1: Confidentiality. ◮ Security goal #2: Integrity. 7 / 33

  11. Many more security goals studied in cryptography ◮ Protecting against denial of service. ◮ Stopping traffic analysis. ◮ Securely tallying votes. ◮ Searching encrypted data. ◮ Much more. 8 / 33

  12. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. 9 / 33

  13. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. 9 / 33

  14. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. Snowden in Reddit AmA Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. 9 / 33

  15. Cryptographic tools Many factors influence the security and privacy of data: ◮ Secure storage, physical security; access control. ◮ Protection against alteration of data ⇒ public-key signatures, message-authentication codes. ◮ Protection of sensitive content against reading ⇒ encryption. Currently used crypto (check the lock icon in your browser) starts with RSA, Diffie-Hellman (DH) in finite fields, or elliptic curve DH, followed by AES or ChaCha20. Internet currently moving over to Curve25519 (Bernstein) and Ed25519 (Bernstein, Duif, Lange, Schwabe, and Yang). Security is getting better. Some obstacles: bugs; untrustworthy hardware; anti-security measures such as UK snooper’s charter. 10 / 33

  16. 11 / 33

  17. 12 / 33

  18. 13 / 33

  19. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. 14 / 33

  20. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. ◮ Hasn’t managed to find any computation justifying its price. ◮ Hasn’t managed to find any computation justifying 1% of its price. 14 / 33

  21. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . 15 / 33

  22. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. 15 / 33

  23. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! 15 / 33

  24. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! ◮ Also, Grover’s algorithm speeds up brute-force searches. ◮ Example: Only 2 64 quantum operations to break AES-128; 2 128 quantum operations to break AES-256. 15 / 33

  25. 16 / 33

  26. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive. “Information protection for rich people.” 17 / 33

  27. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive. “Information protection for rich people.” ◮ “Provably secure”—under highly questionable assumptions. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit. 17 / 33

  28. Physical cryptography: a return to the dark ages ◮ Locked briefcases, quantum key distribution, etc. ◮ Horrendously expensive. “Information protection for rich people.” ◮ “Provably secure”—under highly questionable assumptions. ◮ Broken again and again. Much worse track record than normal crypto. ◮ Easy to screw up. Easy to backdoor. Hard to audit. ◮ Very limited functionality: e.g., no public-key signatures. 17 / 33

  29. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. 18 / 33

  30. Is there any hope? Yes! Post-quantum crypto is crypto that resists attacks by quantum computers. ◮ PQCrypto 2006: International Workshop on Post-Quantum Cryptography. ◮ PQCrypto 2008. 18 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL Contents Whats the problem? Whats everyone up to? Are

527 views • 33 slides
Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum

Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum

Quantum entanglement can be simulated without communication Nicolas J. Cerf Centre for Quantum Information and Communication Universit Libre de Bruxelles (joint work with Nicolas Gisin, Serge Massar, and Sandu Popescu) Physical Review

124 views • 11 slides
THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought > experience> behavior 69 Experience: the totality of cognitions given by perceptions 70 Perception: a single unified awareness derived (via thought) from

815 views • 26 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Quantum Communication: How quantum signals help to maintain privacy and speed things up Juan

Quantum Communication: How quantum signals help to maintain privacy and speed things up Juan

Quantum Communication: How quantum signals help to maintain privacy and speed things up Juan Miguel Arrazola, Markos Karasamanis, Dave Touchette, Ben Lovitz, Norbert Ltkenhaus Institute for Quantum Computing University of Waterloo 2

248 views • 12 slides
Isolation and Communication A Stylistic Analysis of Thought Presentation in Mrs. Dalloway Hua Guo

Isolation and Communication A Stylistic Analysis of Thought Presentation in Mrs. Dalloway Hua Guo

Advances in Language and Literary Studies ISSN: 2203-4714 Vol. 8 No. 1; February 2017 Australian International Academic Centre, Australia Flourishing Creativity & Literacy Isolation and Communication A Stylistic Analysis of Thought

374 views • 9 slides
Semidefinite programming converse bounds for quantum communication arXiv:1709.00200 Kun Fang

Semidefinite programming converse bounds for quantum communication arXiv:1709.00200 Kun Fang

Semidefinite programming converse bounds for quantum communication arXiv:1709.00200 Kun Fang Joint work with Xin Wang, Runyao Duan Centre for Quantum Software and Information U niversity of T echnology S ydney Quantum communication A 1 B 1 A

273 views • 24 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
a 2 www.rle.mit.edu/qoptics 1 Single-Mode Quantized Electromagnetic Field Photon-Units

a 2 www.rle.mit.edu/qoptics 1 Single-Mode Quantized Electromagnetic Field Photon-Units

October 6, 2016 6.453 Quantum Optical Communication Lecture 9 Jeffrey H. Shapiro Optical and Quantum Communications Group www.rle.mit.edu/qoptics 6.453 Quantum Optical Communication Lecture 9 Announcements Turn in problem set 4 Pick

327 views • 7 slides
9/1/16 September 15, 2016 6.453 Quantum Optical Communication Lecture 3 Jeffrey H. Shapiro

9/1/16 September 15, 2016 6.453 Quantum Optical Communication Lecture 3 Jeffrey H. Shapiro

9/1/16 September 15, 2016 6.453 Quantum Optical Communication Lecture 3 Jeffrey H. Shapiro Optical and Quantum Communications Group www.rle.mit.edu/qoptics 6.453 Quantum Optical Communication Lecture 3 Announcements Turn in problem set

412 views • 7 slides
Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for

Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for

Language and Thought Lecture 25 1 Language in Cognition Language as a Tool for Communication Experience, Thought, and Action Language as a Tool for Thought Labels for Objects, Events, Attributes, Concepts Reasoning,

1.2k views • 32 slides
Secure Communication Hacking/Hustling Workshop @ Eyebeam About me Liz! She/Her Electrical

Secure Communication Hacking/Hustling Workshop @ Eyebeam About me Liz! She/Her Electrical

Secure Communication Hacking/Hustling Workshop @ Eyebeam About me Liz! She/Her Electrical Engineer/Embedded developer Teaching for a while Overview Signal is one example of a third-party app for secure texting. Well go over what it does

819 views • 32 slides
9/7/16 September 20, 2016 6.453 Quantum Optical Communication Lecture 4 Jeffrey H. Shapiro

9/7/16 September 20, 2016 6.453 Quantum Optical Communication Lecture 4 Jeffrey H. Shapiro

9/7/16 September 20, 2016 6.453 Quantum Optical Communication Lecture 4 Jeffrey H. Shapiro Optical and Quantum Communications Group www.rle.mit.edu/qoptics 6.453 Quantum Optical Communication Lecture 4 Handouts Lecture notes, slides

551 views • 7 slides
9/1/16 September 8, 2016 6.453 Quantum Optical Communication Lecture 1 Jeffrey H. Shapiro

9/1/16 September 8, 2016 6.453 Quantum Optical Communication Lecture 1 Jeffrey H. Shapiro

9/1/16 September 8, 2016 6.453 Quantum Optical Communication Lecture 1 Jeffrey H. Shapiro Optical and Quantum Communications Group www.rle.mit.edu/qoptics 6.453 Quantum Optical Communication Lecture 1 Handouts Syllabus,

328 views • 6 slides
Executive PQC School 2 days of taks. Lunches in this building. Dinner starts at 19:00

Executive PQC School 2 days of taks. Lunches in this building. Dinner starts at 19:00

Executive PQC School 2 days of taks. Lunches in this building. Dinner starts at 19:00 at Restaurant Wynwood (bit of a walk or take public transportation). Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography

802 views • 61 slides
Webmail Authentication Using Shibboleth and Virtual Directory Server Stefano Zanmarchi Carlo

Webmail Authentication Using Shibboleth and Virtual Directory Server Stefano Zanmarchi Carlo

Webmail Authentication Using Shibboleth and Virtual Directory Server Stefano Zanmarchi Carlo Manfredi Simone Marzola Giorgio Paolucci University of Padova - ITALY TERENA Eurocamp Athens November 6, 2008 Introduction Our infrustructure:

729 views • 18 slides
Webmail Walkthrough Settings that need to be in place when connecting to webmail This is if you

Webmail Walkthrough Settings that need to be in place when connecting to webmail This is if you

4 Webmail Walkthrough Settings that need to be in place when connecting to webmail This is if you have a CACnot a token Webmail Walkthrough 4 You must use Internet explorer to use webmail. If an icon for Internet Explorer is not

362 views • 22 slides
Total Dollar Volume Austin - Waco - Hill Country Region Source: Real Estate Center at Texas

Total Dollar Volume Austin - Waco - Hill Country Region Source: Real Estate Center at Texas

Total Dollar Volume Austin - Waco - Hill Country Region Source: Real Estate Center at Texas A&M University Total Dollar Volume Austin - Waco - Hill Country Region Source: Real Estate Center at Texas A&M University Total Dollar Volume

874 views • 69 slides
ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es

ZigZag: Automa,cally Hardening Web Applica,ons Against Client- side Valida,on Vulnerabili,es PRESENTED BY SAI TEJ KANCHARLA Content Introduc,on Mo,va,on And Threat Model System Overview Invariant Detec,on Invariant

549 views • 26 slides
E-crime CS642: Computer Security Professor Ristenpart

E-crime CS642: Computer Security Professor Ristenpart

E-crime CS642: Computer Security Professor Ristenpart h/p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 Spam,

1.21k views • 77 slides
Sticky Content and the Structure of the Web Scott Duke Kominers Harvard University Workshop on

Sticky Content and the Structure of the Web Scott Duke Kominers Harvard University Workshop on

Sticky Content and the Structure of the Web Scott Duke Kominers Harvard University Workshop on the Economics of Networks, Systems, and Computation July 7, 2009 Scott Duke Kominers (Harvard) NetEcon09 July 7, 2009 1 / 17 Introduction

1.4k views • 136 slides
Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M.

Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M.

Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M. Graziano 1 A. Lanzi 2 D. Balzarotti 1 1 Eurecom Sophia Antipolis, France 2 Universit` a degli Studi di Milano Milano, Italy International Conference

559 views • 43 slides

More recommend