Information Security Methods and Practices in Classical and Quantum Regimes

Cryptography What’s that mean? ▫Kryptos: hidden, secret ▫Gráphō: to write What does it do? ▫Encryption: plaintext  ciphertext ▫Decryption: ciphertext  plaintext Why would you want that? ▫Confidentiality ▫Integrity, authentication, signing, interactive proofs, secure multi-party computation

Cryptology, Cryptanalysis, Cryptolinguistics Frequency analysis Brute force Differential Integral Impossible differential Boomerang Mod n Related key Slide Timing XSL Linear Multiple linear Davies’ attack Improved Davies’ attack

Demands for resilient crypto Auguste Kerckhoff’s principle ▫Cipher practically indecipherable ▫Cipher and keys not required to be secret ▫Key communicable and retainable ▫Applicable to telegraphic communication ▫Portable and human effort efficient ▫Easy to use Bruce Shneier ▫“Secrecy … is a prime cause of brittleness… Conversely, openness provides ductility.” Eric Raymond ▫“Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source.” Shannon’s maxim ▫“The enemy knows the system.”

Classical Regime Written language text

Transposition Exchange the position of two symbols in the text Like an anagram Scytale E.g. text  cipher Hello world!  eHll oowlr!d

Substitution Systematically exchange a symbol in the text with another symbol Caesar cipher, EXCESS-3 E.g. text  cipher Aabcd  Ddefg

Poly-Alphabetic Substitution Repeated and dynamic substitution(s) Wehrmacht Enigma Series of rotors

One Time Pad Perfect secrecy ▫Coined by Shannon ▫H(M) = H(M|C) Requirements ▫Perfect randomness ▫Secure key generation and exchange ▫Careful adherence to process

Classical Regime Binary bit sequence

Secret Key Crypto Perfect secrecy ▫Coined by Shannon ▫H(M) = H(M|C) Requirements ▫Perfect randomness ▫Secure key generation and exchange ▫Careful adherence to process

Symmetric Key Crypto The same (or similar) key ▫For both encryption and decryption Data Encryption Standard ▫56 bit key ▫Feistel network ▫Broken in 1999 in 22 hours 15 minutes by Deep Crack Triple-DES ▫56 bit keys (3 unique) ▫en-de-en-crypt Advanced Encryption Standard (Rijndael) ▫ bit keys ▫Substitution permutation network

Feistel Network Expansion Key mixing Substitution Permutation

Substitution Permutation Network Substitution ▫1/n input change  1/2 output change ▫confusion Permutation ▫mix up inputs ▫diffusion Round keys

Public Key Crypto Asymmetric keys ▫public and private No secret key Multiple use TLS, SSL, PGP, GPG, digital signatures

RSA Ron Rivest, Adi Shamir, Leonard Adleman; 1978 Key generation ▫Pick two distinct, large prime numbers: p, q ▫Compute their product: n = pq ▫Compute its totient: phi = (p-1)(q-1) ▫Pick a public key exponent: 1 < e < phi, e and phi coprime ▫Compute private key exponent: de = 1 (mod phi) Encryption ▫Forward padding ▫Cipher = text ^ e (mod n)  Exponentiation by squaring Decryption ▫Text = cipher ^ d (mod n)  = text ^ de (mod n) = text ^ (1+k*phi) (mod n) = text (mod n) ▫Reverse padding

Hybrid Crypto Diffe-Hellman key exchange Alice and Bob agree on a finite cyclic group G (Multiplicative group of integers mod p) ▫Period p, prime number ▫Base g, primitive root mod p Alice picks a random natural number a and sends g a mod p to Bob. Bob picks a random natural number b and sends g b mod p to Alice. Alice computes (g b mod p) a mod p Bob computes (g a mod p) b mod p Both know g ab mod p = g ba mod p

Quantum Regime Breaking classical crypto

Peter Shor’s Factorization Algorithm Polynomial time in log N: O( (log N) 3 ) Polynomial gates in log N: O( (log N) 2 ) Complexity class Bounded-Error Quantum Polynomial (BQP) Transform from to periodicity ▫Pick 1 < r < N: a r = 1 mod N ▫a r -1 = (a r/2 +1)(a r/2 -1) = 0 mod N ▫N = (a r/2 +1)(a r/2 -1) = pq Quantum Fourier Transform ▫Map x-space to ω-space ▫Measure with 1/r 2 probability

Factor 15 In 2001 IBM demonstrated Shor’s Algorithm and factored 15 into 3 and 5 NMR implementation with 7 qubits pentafluorobutadienyl cyclopentadienyldicarbon yl-iron complex (C11H5F5O2Fe)

DWave Superconducting processors Adiabatic quantum algorithms Solving Quantum Unconstrained Binary Optimization problems (QUBO is in NP)

Quantum Regime Future proof cryptography

Quantum Key Distribution Quantum communication channel ▫Single photon, entangled photon pair Preparation ▫Alice prepares a state, sends to Bob, measures Entanglement ▫Alice and Bob each receive half the pair, measure

Non-Orthogonal Bases Complementary bases ▫Basis A: { |0>, |1> } ▫Basis B: { |+>, |-> } Indistinguishable transmission states ▫|+> = 0.5 |0> |1> ▫|-> = 0.5 |0> |1> Random choice of en-de-coding bases ▫Succeeds ~ p = 0.5

True Random Number Generation Quantum mechanics at < atomic scale ▫Shot noise ▫Nuclear decay ▫Optics Thermal noise ▫Resistor heat ▫Avalanche/Zener diode breakdown noise ▫Atmospheric noise

EPR Einstein, Podolsky, Rosen (1935) Entangled qubits Violation of Bell Inequality

BB84 Charles A Bennett, Gilles Brassard (1984) Single photon source, polarization One way, Alice prepares sends to Bob ▫Psi encoded as random bits a, random bases b Bob measures ▫Decoded in random bases b’ ▫50% successfully measured bits a’ = a Measurement bases are shared publicly ▫Throw away a, a’ for b != b’

E91 Artur Ekert (1991) Entangled photon source ▫Perfect correlation, 100% a = a’ if b = b’ ▫Non-locality, > 50% a a’ ▫Eve measurement reduces correlation

B92 Charles A. Bennett (1992) Dim signal pulse, bright reference pulse ▫Maintains phase with a single qubit transmitted Bases: rectilinear, circular ▫P 0 = 1 - |u 1 ><u 1 |  P 0 |u 0 > = 1 ; p= 1 - | | 2 > 0  P 0 |u 1 > = 0 ▫P 1 = 1 - |u 0 ><u 0 |  P 1 |u 0 > = 0  P 1 |u 1 > = 1 ; p= 1 - | | 2 > 0 Throw away measurements != 1

SARG04 Scarani et. al. (2004) Attenuated laser pulses

Information Reconciliation 1992 Bennett, Bessette, Brassard, Salvail, Smolin Cascade protocol, repititious Compare block parity bits ▫Odd 1 count: parity = 1; even 1 count transmitted ▫Even 1 count: parity = 0; even 1 count transmitted Two-out-of-five code ▫Every transmission has two 1s and three 0s Hamming codes ▫Additional bits used to identify and correct errors

Privacy Amplification Shortened key length Universal hash function ▫Range r ▫Collision probability p < 1/r

Quantum Regime Attacks

Intercept and Resend Eve measures the qubit in basis b’’ ▫50% probability of correct measurement Eve sends to a’’ Bob ▫25% probability of correct measurement Probability of detection ▫P = 1 – (0.75) n ▫99% in n = 16 bits

Security Proofs BB84 is proven unconditionally secure against unlimited resources, provided that: ▫Eve cannot access Alice and Bob's encoding and decoding devices ▫The random number generators used by Alice and Bob must be trusted and truly random ▫The classical communication channel must be authenticated using an unconditionally secure authentication scheme

Man in the Middle Senders and recipients are indistinguishable on public channels Eve could pose as Bob ▫Receiving some large portion of messages ▫Responding promptly, at least before Bob Wegman-Carter authentication ▫Alice and Bob share a secret key

Photon Number Splitting No true single photon sources Attenuated laser pulses ▫Some small number of photons per pulse, i.e. 0.1 If > 1 photon are present, splitting can occur without detection during reconciliation A secure key is still possible, but requires additional privacy amplification

Hacking Gain access to security equipment ▫Foil random number generation ▫Plant Trojan horse Faked state attack ▫Eve - actively quenched detector module Phase remapping attack ▫Move from { |0>, |1>, |+>, |-> } to { |0>, |δ/2>, |δ>, |3δ/2> } Time-shift attack ▫Demonstrated to have ~ 4% mutual information gathered from the idQuantique ID-500 QKD

Denial of Service Stop Alice and Bob from communicating ▫Via Classical channel(s) ▫Via Quantum channel(s) Physically block transmissions Introduce large volume of errors

Quantum Regime Commercially available devices

MagiQ – QPN 8505 “Any sufficiently advanced technology is indistinguishable from magic.” –Arthur C Clarke Transmits qubit polarization over optical fiber 256 bit AES; 1,000 keys per second 140 km range, more with repeaters

idQuantique – Cerberis, Centauris Transmits qubit phase over optical fiber High speed layer 2 encryption 256 bit AES; 12 key-devices per minute, 100 km range

SmartQuantum – KeyGen, Defender Generate and distribute secret keys over quantum channel Use classical encryption and communication

Quintessence Labs G2 QKD Continuous variable brightness laser beams ▫Cheaper than SPS Dense wavelength division multiplexing ▫Erbium doped fiber amplifiers ~ 1550 nm

BBN Technologies DARPA QNet ▫Fully operational October 23, 2003 ▫Harvard University ▫Boston University ▫BBN Technologies QKD ▫Weak coherence ▫5 MHz pulse rate ▫0.1 mean photons/pulse

John Krah University of Washington Physics Department