1 / 25

Cryptography in a Post Quantum Computing World

Cryptography in a Post Quantum Computing World. Máire O’Neill. Quantum Computing. Traditional Computing Involves bits that exist in 2 states: binary 1 and 0 Performs one calculation at a time, in sequence Quantum Computing

raziya
Télécharger la présentation

Cryptography in a Post Quantum Computing World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography in a Post Quantum Computing World Máire O’Neill

  2. Quantum Computing • Traditional Computing • Involves bits that exist in 2 states: binary 1 and 0 • Performs one calculation at a time, in sequence • Quantum Computing • Involves qubits, that exist in a superposition state: can be both 1 and 0 at the same time • Can perform millions of calculations simultaneously A 30-qubit quantum computer would have the same processing power as a conventional computer processing commands at 10 teraflops per second.

  3. Quantum Computing • Needs to use algorithms that exploit its power of quantum parallelism: • Shor’s Algorithm (1994) • Can be used to quickly factorise large numbers (exponential speedup) • Significant implications for current cryptographic techniques • Grover’s Algorithm(1996) • Can be used to search an unsorted database faster than a conventional computer (quadratic speedup - O(N1/2) time rather than O(N) ) Peter Shor

  4. Quantum Computing • Problems with Quantum Computing • Difficult to realise on a large scale due to decoherence, i.e. unwanted interaction between the system and the environment, which introduces errors • Also difficult to maintain the lifetime of information • Observing quantum particles changes the outcome => difficult to verify • In quantum communications the transmission distance is limited (eg, photons are transmitted through fibre-optic cables and over long distances the signal fades)

  5. Quantum Computing – recent breakthroughs • Largest number yet to be factored into its primes by a quantum algorithm • RSA Lab’s largest published semi-prime contains 617 decimal digits (2058 bits)> Impossible to factorise using classical computing> Would be possible using quantum computing as it could run all the necessary calculations in parallel.

  6. Quantum Computing – recent breakthroughs • Uses both classical communication and quantum entanglement, i.e. multiple particles that are linked together such that the measurement of one particle’s quantum state determines the states of the other particles. • Achieved across free-space between La Palma & Tenerife (making path between satellites and a ground station more feasible) • Quantum communications has been demonstrated over 250km via fibre optics

  7. Quantum Computing – recent breakthroughs • A quantum memory state held stable at room temp for 39 minutes, almost 100 times longer than previous record (and 3 hours at cryogenic temperatures) • Not long, but in this amount of time, could run >20M calculations

  8. Quantum Computing – recent breakthroughs D-Wave’s current model billed as a 512-qubit machine (2012). Bought by Lockheed Martin & Google/NASA Difficult to verify if performing quantum operations or not! Has shown significant speed-ups but only for certain calculations Has helped to advance the research in Quantum Computing The World’s First Quantum Computer ???

  9. Quantum Computing – NSA’s Efforts NSA funding a $79.7 million research program to build a ‘crytologically useful quantum computer’ S. Rich, B.Gellman, The Washington Post

  10. Post-Quantum Cryptography

  11. Need for Post-Quantum Cryptography What happens when quantum computers become a reality 10/15 years from now? Commonly used public-key cryptographic algorithms(based on integer factorisation and discrete log problem) such as: RSA, DSA, Diffie-Hellman Key Exchange, ECC, ECDSA will be vulnerable to Shor’s algorithm and will no longer be secure. Symmetric algorithms appear to be secure against quantum computers (and Grover’s algorithm) by simply increasing the associated key sizes. But what about key exchange?

  12. What is Post-Quantum Cryptography? Post Quantum Cryptography  Quantum Cryptography Disadvantages of Quantum Crypto:Expensive, assumes authentication, limited distance, etc.. Ref: http://swissquantum.idquantique.com/IMG/jpg/bb84.jpg

  13. What is Post-Quantum Cryptography? • Post Quantum Cryptography algorithmsrefer to conventional non-quantum cryptographic algorithms that remain secure even after practical quantum computing is a reality. • Main types of post quantum cryptography (public-key algorithm and signature schemes): • Code-based • Hash-based • Multivariate-quadratic • Lattice-based

  14. Post-Quantum Cryptography • Code-Based Cryptography • Based on difficulty in decoding a random linear code • Both encryption and signature schemes. Encryption schemes include: McEliece (1978); Niederreiter (1986); and variants • Niederreiter most efficient • Relatively large public key sizes (65/192kBytes for 80/128-bit security) • Advantages/Disadvantages • Most mature PQ Crypto • Rarely used in practice due to large public key sizes

  15. Post-Quantum Cryptography • Hash-Based Cryptography • Security relies on collision resistance of cryptographic hash function • Only signature schemes exist, such as:Merkle signature schemes (1989); CMSS (2006); XMSS(2011) • Based on one-time signature (OTS) schemes; however, in these each key can only be used once • Combined with hash trees, key can be used to sign multiple messages • Relatively small public/private key sizes (eg 46 Bytes – 7568 Bytes) • Advantages/Disadvantages • Most promising PQ signature schemes • Limited use of each public key

  16. Post-Quantum Cryptography • Multivariate-Quadratic Cryptography • Based on difficulty in solving a set of nonlinear MQ equations • Only signature schemes exist, such as: Oil and Vinegar (1997); Rainbow (2005); Quartz/HFE (1996); Matsumoto-Imai (1998) • Large public and private key sizes (up to 75kBytes) • Advantages/Disadvantages • Underlying operations can be implemented efficiently (more efficient than ECC/RSA) • Not suitable for embedded devices due to large key sizes

  17. Post-Quantum Cryptography • Lattice-based Cryptography • Based on shortest vector problem/closest vector problem • Both encryption and signature schemes. Encryption schemes include: NTRU (1996); LWE (2005); R-LWE (2010); • Recent advances with ideal lattices have made them more practical • Large public /private key sizes (up to 732kBytes) • Advantages/Disadvantages • Underlying operations can be implemented efficiently • Most promising PQ crypto, attracting most interest in research community

  18. Post-Quantum Cryptography • Summary • Code-based most mature PQ crypto • Lattice-based most promising: • > standardised in 2008 (IEEE Std 1363.1) • > it allows for other constructions/applications beyond public-key encryption, eg. identity-based encryption, homomorphic encryption. • Challenges in Post-Quantum Cryptography • Further security analysis of PQ crypto algorithms needed • Suitable parameter choices still an open research problem – currently use relatively large key sizes • Optimal and practical PQ algorithm implementations are needed • Resistance of PQ crypto architectures to physical/side-channel leakages

  19. Post-Quantum Cryptography

  20. Fully Homomorphic Encryption

  21. Accelerating Fully Homomorphic Encryption (FHE) What is Fully Homomorphic Encryption? • In 2009, Craig Gentry using lattice-based cryptography showed the first fully homomorphic encryption scheme • Fully homomorphic encryption allows computations on encrypted data, allowing privacy of encrypted data stored on the cloud. • Significant potential, but: • Key generation can take over 2 hours • Very large public-key sizes (10MB to 2GB) • Long encryption time (up to 7 mins) • Memory to store parameters an issue • Need for optimised and practical implementations

  22. Accelerating Fully Homomorphic Encryption (FHE) Accelerating Fully Homomorphic Encryption Current research at CSIT Accelerating main underlying primitives in integer-based FHE i.e. large-integer multiplication and modular reduction Public key sizes >19GBits

  23. Accelerating Fully Homomorphic Encryption (FHE) Accelerating Fully Homomorphic Encryption Current research at CSIT Proposed an improved Low Hamming Weight Multiplier Architecture bican be taken to be a LHW integer with max HW of 15

  24. Accelerating Fully Homomorphic Encryption (FHE) Accelerating Fully Homomorphic Encryption All designs fit easily on a Xilinx Virtex-7 XC7VX1140T device x55 improvement in speed over reference s/w design for Large parameters x66 improvement in speed over GPU-based design

  25. Accelerating Fully Homomorphic Encryption (FHE) http://acmtecs.acm.org/special-issues/14/embcrypt2014.html

More Related