Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantum Cryptography Christian Schaffner ICT OPEN 2017

Published byRobert Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "Quantum Cryptography Christian Schaffner ICT OPEN 2017"— Presentation transcript:

1 Quantum Cryptography Christian Schaffner ICT OPEN 2017
Research Center for Quantum Software Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica ICT OPEN 2017 Tuesday, 21 March 2017

2 Keynote: Quantum Computer
Barbara Terhal Where we stand with building This talk: What are the effects on cryptography?

3 Talk Outline When do we need to worry? Classical Cryptography
Impact of Quantum Computers on Crypto When do we need to worry? Solutions Quantum Future

4 Ancient Cryptography Blaise de Vigenère Scytale Caesar Cipher (ROT4)
50 BC 500 BC Scytale 500 AD 1000 AD 2015 AD 1500 AD Caesar Cipher (ROT4)

5 Ancient Cryptography Charles Babbage Claude Shannon Diffie / Hellman
1850 1800 1900 1950 2015 Charles Babbage 1976 Claude Shannon Diffie / Hellman Auguste Kerckhoffs “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge” Enigma Alan Turing

6 Modern Cryptography is everywhere!
is concerned with all settings where people do not trust each other

7 Cyber Security “Cyber Security in the Netherlands is an important focal area that provides security, safety and privacy solutions that are vital for our economy including but not limited to critical infrastructures, smart cities, cloud computing, online services and e-government.” Cloud computing Internet of Things (IoT) Payment systems eHealth Auto-updates – Digital Signatures Secure Browsing - TLS/SSL VPN – IPSec Secure – s/MIME, PGP RSA, DSA, DH, ECDH, … AES, 3-DES, SHA, … Based on slides by Michele Mosca

8 Quantum Effects Classical bit: 0 or 1
Quantum bit: can be in superposition of 0 and 1 Yields a more powerful computational model: 1. Shor’s algorithm allows to efficiently factor integers 2. Grover’s algorithm allows to search faster You are all familiar with classical bits who can be 0 or 1. In quantum mechanics, we like to think of them as orthogonal directions: say horizontal for 0, and vertical for 1. Now, a quantum bit can be both 0 and 1 at the same time, it can be in a “superposition” of them, you can think of them as these two 45-degree directions. This ability to be in superposition yields a more powerful computational model, the most famous example being Shor’s algorithm which allows to factor large integer number efficiently on a quantum computer. Another peculiarity of quantum mechanics is the “no-cloning theorem” which says that if we have an unknown quantum state, say one of our four states here, and we want to make a perfect clone of this state (like with Dolly the sheep). That is not allowed by quantum mechanics. You see, the inability of copying information already smells like cryptography, and indeed.

9 Current Crypto under Quantum Attacks
9 Security level systems Conventional attacks Quantum attacks Symmetric-key encryption (AES-256) 256 bits 128 bits Hash functions (SHA3-256) 85 bits Public-key crypto (key exchange, digital signatures, encryption) (RSA-2048) 112 bits ~ 0 bits Public-key crypto (ECC-256) Fastest algorithms for ECC need O(sqrt(n)) steps Products, services, businesses relying on security either stop functioning or do not provide expected levels of security

10 When do we need to worry? Depends on:
How long do you need to keep your secrets secure? (x years) How much time will it take to re-tool the existing infrastructure? (y years) How long will it take for a large-scale quantum computer to be built? (z years) Theorem (Mosca): If x + y > z, then worry. y x The majority of the current work in quantum cryptography is spent on securing communication between Alice and Bob who want to communicate over an insecure line overheard by Eve. For this problem, quantum cryptography offers a solution called “Quantum Key Distribution” which exploits the no-cloning theorem. On the other hand, the standard classical solution for securely communicating on the internet is the RSA public-key scheme, whose security is based on the difficulty of factoring large integers. If a quantum computer is built, Shor’s factoring algorithm would render basically all of the internet communication insecure. secrets revealed z time 2017 2027 Corollary: If x > z or y > z, you are in big trouble! Slide by Michele Mosca

11 Talk Outline Classical Cryptography
Impact of Quantum Computers on Crypto When do we need to worry? Solutions Quantum Future

12 Solution: Quantum-Safe Cryptography
Conventional quantum-safe cryptography (post-quantum crypto) Can be deployed without quantum technologies Believed to be secure against quantum attacks of the future Quantum Cryptography Requires some quantum technology (but no large-scale quantum computer) Typically no computational assumptions The majority of the current work in quantum cryptography is spent on securing communication between Alice and Bob who want to communicate over an insecure line overheard by Eve. For this problem, quantum cryptography offers a solution called “Quantum Key Distribution” which exploits the no-cloning theorem. On the other hand, the standard classical solution for securely communicating on the internet is the RSA public-key scheme, whose security is based on the difficulty of factoring large integers. If a quantum computer is built, Shor’s factoring algorithm would render basically all of the internet communication insecure. Slide by Michele Mosca

13 Quantum Cryptography Landscape
13 Security level systems Conventional attacks Quantum attacks Symmetric-key encryption (AES-256) 256 bits 128 bits Hash functions (SHA3-256) 85 bits Public-key crypto (key exchange, digital signatures, encryption) (RSA-2048) 112 bits ~ 0 bits Hash-based signatures probably McEliece Lattice-based Quantum Key Distribution (QKD) provable technical difficulty (€) add link to BB84 Qantum-safe Crypto

14 Conventional Quantum-Safe Crypto
Wanted: new assumptions to replace factoring and discrete logarithms in order to build conventional public-key cryptography

15 U No-Cloning Theorem ? ? ? Proof: copying is a non-linear operation
Quantum operations: ? ? ? information vs disturbance trade-off Proof: copying is a non-linear operation

16 Quantum Key Distribution (QKD)
[Bennett Brassard 84] 16 Alice Bob k = ? k = k = Eve Offers an quantum solution to the key-exchange problem which does not rely on computational assumptions (such as factoring, discrete logarithms, security of AES, SHA-3 etc.) Puts the players into the starting position to use symmetric-key cryptography (encryption, authentication etc.). add link to BB84

17 Quantum Key Distribution (QKD)
[Bennett Brassard 84] 17 Alice Bob Eve technically feasible: no quantum computer required, only quantum communication

18 Quantum Networks 2000km QKD backbone network between Beijing and Shanghai first QKD satellite launched in 2016 from China Applied for funding to build the first quantum network in NL Quantum entanglement allows to generate secure keys (like QKD)

19 Secure Computing in Quantum Cloud
Distributed quantum computing Recent result: quantum homomorphic encryption allows for secure delegated quantum computation Y. Dulek, C. Schaffner, and F. Speelman, arXiv: Quantum homomorphic encryption for polynomial-sized circuits, in CRYPTO 2016, QIP 2017

20 Summary Cyber Security Impact of Quantum Computing on crypto
Cloud computing Internet of Things (IoT) Payment systems, eHealth Auto-updates – Digital Signatures Secure Browsing - TLS/SSL VPN – IPSec Secure – s/MIME, PGP RSA, DSA, DH, ECDH, … AES, 3-DES, SHA, … Cyber Security Impact of Quantum Computing on crypto Security level systems Conventional attacks Quantum attacks Symmetric-key crypto 128 bits reduced Public-key crypto 112 bits broken! Thm: If x + y > z, then worry

21 Summary Quantum-safe crypto: Quantum Key Distribution, Quantum Cloud
Conventional quantum-safe cryptography (post-quantum crypto) Quantum Cryptography

22 Thank you for your attention!
Questions check for a recent survey on quantum cryptography beyond key distribution

Download ppt "Quantum Cryptography Christian Schaffner ICT OPEN 2017"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Week three!.  8 groups of 2  6 rounds  Ancient cryptosystems  Newer cryptosystems  Modern cryptosystems  Encryption and decryptions  Math  Security.

Week three!.  8 groups of 2  6 rounds  Ancient cryptosystems  Newer cryptosystems  Modern cryptosystems  Encryption and decryptions  Math  Security.
Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie

CNS2009handout 21 :: quantum cryptography1 ELEC5616 computer and network security matt barrie
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
1 Introduction to Information Security 0368-3065, Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Cryptography Instructor : Dr. Yanqing Zhang Presented by : Rajapaksage Jayampthi S.

Cryptography Instructor : Dr. Yanqing Zhang Presented by : Rajapaksage Jayampthi S.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Midterm Review Cryptography & Network Security

Midterm Review Cryptography & Network Security
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
Quantum Cryptography Christian Schaffner Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica Amsterdam.

Quantum Cryptography Christian Schaffner Institute for Logic, Language and Computation (ILLC) University of Amsterdam Centrum Wiskunde & Informatica Amsterdam.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Exam Review for First Half of C430 2 May 2007 5pm in Huxley 308 Michael Huth 2 May 2007 5pm in Huxley 308 Michael Huth.

Exam Review for First Half of C430 2 May pm in Huxley 308 Michael Huth 2 May pm in Huxley 308 Michael Huth.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Nawaf M Albadia 427121532.

Nawaf M Albadia

Similar presentations

Ads by Google