the quantum world - smals research · the quantum world . 2 hypothetical scenario how is your...
TRANSCRIPT
![Page 1: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/1.jpg)
Tania Martin Smals Research
www.smalsresearch.be June 2017
The Quantum World
![Page 2: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/2.jpg)
2
Hypothetical scenario
How is your company responding to the announcement of the new commercially available quantum computer that can “break” RSA and ECC?
I have no comment on that…
What the hell??? I don’t have any plan for that !!!
![Page 3: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/3.jpg)
3
Hypothetical scenario
What the hell!!! I hope for you (my dear Research team) that you have anticipated this HUGE problem that can threaten much of our business (eID, communication protocols, etc.)!!!
Euh, sorry but no, we decided that it was not urgent…
![Page 4: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/4.jpg)
4
Hypothetical scenario
What the hell!!! I hope for you (my dear Research team) that you have anticipated this HUGE problem that can threatens many of our business (eID, communication protocols, etc.)!!!
Euh, sorry but no, we decided that it was not urgent…
![Page 5: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/5.jpg)
5
It’s too important to be set aside!!!
House Homeland Security Committee Chairman Michael McCall is calling on Congress to increase spending on quantum computing research to ensure that the U.S. is the first nation to employ quantum computing as a tool to decrypt data.
— September 2016
http://www.bankinfosecurity.com/rep-mccaul-us-must-gain-decryption-edge-a-9422
![Page 6: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/6.jpg)
6
It’s too important to be set aside!!!
![Page 7: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/7.jpg)
7
A certain future
1994 2030 2050 2018
QC = Quantum Computer
![Page 8: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/8.jpg)
8
A certain future
1994 2030 2050 2018
QC = Quantum Computer
![Page 9: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/9.jpg)
Quantum computer technology [Know the enemy]
AG
END
A
Quantum cryptography
[Enhance cryptography]
Quantum attacks
[Break actual cryptography]
Post quantum cryptography
[Counter quantum attacks]
![Page 10: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/10.jpg)
Quantum computer technology
![Page 11: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/11.jpg)
11
I can safely say that no one understands quantum mechanics
Richard Feynman (1918-1988) Father of the new way to conceive quantum mechanics
![Page 12: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/12.jpg)
12
What is a quantum computer?
A quantum computer uses quantum properties of the matter to perform computation of data
A digital computer uses transistors to perform computation of data
![Page 13: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/13.jpg)
13
Examples of used *matter*
Formally, any matter used in quantum mechanics can be in
a superposition of 2 states
• horizontal • vertical • both
The polarization of a photon can be
An atom can be
• not excited • excited • both
![Page 15: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/15.jpg)
15
Recap
1 qubit
𝛼|0 + 𝛽|1
|0 and |1 are pronunced "ket 0" and "ket 1"
1 bit
or 0 1
![Page 16: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/16.jpg)
16
What does mean?
Reference to Schrödinger’s cat 1
![Page 17: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/17.jpg)
17
What does mean?
Reference to Schrödinger’s cat 1
Equal probability that cat is alive or dead: 𝛼 = 𝛽 = 1
2
3 2 states: • Cat alive • Cat dead
2
![Page 18: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/18.jpg)
18
Quantum theory
Positivism
Not supposed to represent
reality
Not fully represent
reality
Fully represent
reality
Modified quantum laws
Influence of consciousness
Position as added variable
Quantum decoherence
Multiple universes
S. Hawking N. Bohr
R. Penrose E. Wigner L. de Broglie
D. Bohm
R. Omnès M. Gell-Mann
J. Hartle H. Everett
G. Ghirardi A. Rimini
W. E. Weber
J. Von Neumann F. London E. Bauer
J. Bell H.-D. Zeh W. Zurek
![Page 19: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/19.jpg)
19
vs.
Either 0 or 1
1 bit
or 0 1
1 out of 2𝑁 possible states
1 qubit
𝛼|0 + 𝛽|1
𝑁 bits
……… 0 1 0 0 1 1 0
𝑁 qubits
…………… 𝛼1|00…0 + 𝛼2|00…1 + … + 𝛼2𝑁|11…1
Both 0 and 1
All out of 2𝑁 possible states -
![Page 20: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/20.jpg)
20
Consequences of -
Mathematical operation on 𝑁 -
Parallel computation on 𝟐𝑵 data
Computation power of a
x2 each time a - is added
![Page 21: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/21.jpg)
21
-- in real life
1994 2030 2050 2007 2017 2023
QC = Quantum Computer
![Page 22: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/22.jpg)
Quantum cryptography
![Page 23: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/23.jpg)
23
Goal
Quantum Random Number Generator
Quantum Key Distribution
Quantum Commitment
Oblivious Transfer Secure Multi-Party
Computation
Exploit the mechanical properties to perform crypto tasks
![Page 24: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/24.jpg)
24
Based on:
• Radioactive decay
• Noise
• Quantum optics
Generate better high-quality random numbers
Quantum Random Number Generator
![Page 25: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/25.jpg)
25
Quantum Random Number Generator
The beam splitter deviates the photon to a 0/1 detector
The photon’s choice at beam splitting is totally random
Single-photon splitting
Example based on quantum optics
LASER Photon
Semi-transparent mirror
Dete
ctor 0
"0"
Detector 1 "1"
0 1 1 0 1 …
![Page 26: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/26.jpg)
26
Quantum Key Distribution
qkdsimulator.com
throught the classical channel
throught the channel
Transfer securely from Alice to Bob
From , produce a random shared
secret key -
![Page 27: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/27.jpg)
27
Quantum Key Distribution Polarization of a photon
LASER
LASER
LASER
LASER
![Page 28: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/28.jpg)
28
Quantum Key Distribution Polarization of a photon
Unpolarized photon 0 1
0 1
Polarization filter Beam splitter
100%
0%
50%
50%
4 polarized photons
Not readable during transfer otherwise qubits are disturb
![Page 29: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/29.jpg)
29
Quantum Key Distribution The BB84 protocol
![Page 30: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/30.jpg)
30
1 0 1 1 0 0 1 1 0 0 1 1 1 0
Quantum Key Distribution The BB84 protocol
![Page 31: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/31.jpg)
31
1 0 1 1 0 0 1 1 0 0 1 1 1 0
1 0 0 1 0 0 1 1 0 0 0 1 1 0
Quantum Key Distribution The BB84 protocol
50% 50% 50% 50% 50%
![Page 32: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/32.jpg)
32
1 0 1 1 0 0 1 1 0 0 1 1 1 0
1 0 0 1 0 0 1 1 0 0 0 1 1 0
1 - - 1 0 0 - 1 0 0 - 1 - 0
Quantum Key Distribution The BB84 protocol
√ √ √ √ √ √ √ √ √
Shared key
![Page 33: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/33.jpg)
33
Quantum Key Distribution Eavesdropping the BB84 protocol
Lecture of the qubit state 1
Qubit modification in the channel 3
Detection (error rate) & abortion 4
splitter disturbance
2
1
2
3
4
![Page 34: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/34.jpg)
34
Currently
The highest bit rate for QKD with optical fiber is held by Toshiba with
1 Mbit/s over 50 km
[up to our knowledge]
Limitation on the distance of key exchange
Quantum Key Distribution In practice
![Page 35: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/35.jpg)
Quantum attacks
![Page 36: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/36.jpg)
36
Goal
Shor’s algorithm Grover’s algorithm
HHL’s algorithm
Quantum simulator Etc…
Exploit the mechanical properties to crack/solve hard problems
![Page 37: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/37.jpg)
37
Shor’s algorithm
Created by Peter Shor (1994)
Solve prime factorization in polynomial time
1092
2 546
2 273
3 91
7 13
Prime factors: 2, 2, 3, 7, 13
1092 = 22 ∗ 3 ∗ 7 ∗ 13
This is a very simple example
![Page 38: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/38.jpg)
38
Shor’s algorithm
Easy to compute 𝑁 from (𝑝, 𝑞)
Hard to recover (𝑝, 𝑞) from 𝑁 with standard methods
Breaking public-key cryptography
RSA-1024 = 135066410865995223349603216278805969938881475605667027524485143851526510604859533833940287150571909441798207282164471551373680419703964191743046496589274256239341020864383202110372958725762358509643110564073501508187510676594629205563685529475213500852879416377328533906109750544334999811
150056977236890927563
E.g. an RSA number: 𝑁 = 𝑝 ∗ 𝑞 , where 𝑝, 𝑞 are prime numbers
![Page 39: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/39.jpg)
39
Shor’s algorithm
Easy to compute 𝑁 from (𝑝, 𝑞)
Easy to recover (𝑝, 𝑞) from 𝑁 with Shor’s algorithm
Breaking public-key cryptography
E.g. an RSA number: 𝑁 = 𝑝 ∗ 𝑞 , where 𝑝, 𝑞 are prime numbers
RSA-1024 = 135066410865995223349603216278805969938881475605667027524485143851526510604859533833940287150571909441798207282164471551373680419703964191743046496589274256239341020864383202110372958725762358509643110564073501508187510676594629205563685529475213500852879416377328533906109750544334999811
150056977236890927563
![Page 40: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/40.jpg)
40
Grover’s algorithm
Created by Lov Grover (1996)
Solve invertion of function
in sub-linear time
Function 𝑓
Output 𝑦 = 𝑓(𝑥)
Input 𝑥
![Page 41: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/41.jpg)
41
Grover’s algorithm
Easy to find 𝑦 from (𝑓, 𝑥)
Hard to find 𝑥 from (𝑓, 𝑦) with standard methods
Searching an unstructured DB / an unsorted list
E.g. searching a phonebook where: • 𝑥 is a name • 𝑦 = 𝑓(𝑥) is a phone number
Phonebook of 10,000 entries
Need 5,000 guesses
![Page 42: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/42.jpg)
42
Grover’s algorithm
Easy to find 𝑦 from (𝑓, 𝑥)
Easy to find 𝑥 from (𝑓, 𝑦) with Grover’s algorithm
Searching an unstructured DB / an unsorted list
E.g. searching a phonebook where: • 𝑥 is a name • 𝑦 = 𝑓(𝑥) is a phone number
Phonebook of 10,000 entries
Need 100 guesses
![Page 43: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/43.jpg)
43
Grover’s algorithm
Easy to find 𝑦 from (𝑓, 𝑥)
Easy to find 𝑥 from (𝑓, 𝑦) with Grover’s algorithm
Searching an unstructured DB / an unsorted list
E.g. searching a phonebook where: • 𝑥 is a name • 𝑦 = 𝑓(𝑥) is a phone number
Phonebook of 25 million entries
Need 5,000 guesses
![Page 44: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/44.jpg)
44
Grover’s algorithm Breaking symmetric-key cryptography
Brute-forcing
a 128-bit key
in ≈ 𝟐𝟔𝟒 iterations
Brute-forcing
a 256-bit key
in ≈ 𝟐𝟏𝟐𝟖 iterations
Simple solution
Use loooooooooooonger keys!
![Page 45: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/45.jpg)
Post-quantum cryptography
![Page 46: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/46.jpg)
46
Goal
Hash-based crypto Code-based crypto
Lattice-based crypto
Multivariate crypto Etc…
Cryptographic schemes/algorithms resistant to attacks
![Page 47: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/47.jpg)
47
Sign data with 3
Hash-based crypto
Created by Ralph Merkle (1970)
Alternative to signature schemes
like RSA/DSA/ECDSA
Hash function ℎ
1
2
3 4
Create private key - and public key -
1 Distribute
2 Verify signature with
4
![Page 48: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/48.jpg)
48
Hash-based crypto The Lamport signature scheme
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
0 0 0 1 1 1 1 0
Create private key - and public key -
1
and must be used only once
![Page 49: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/49.jpg)
49
Hash-based crypto The Lamport signature scheme
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
ℎ
random
hash
0 0 0 1 1 1 1 0
Create private key - and public key -
1 Distribute
2
![Page 50: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/50.jpg)
50
Hash-based crypto The Lamport signature scheme
ℎ
random
hash
ℎ
hash
ℎ
random
hash
ℎ
hash
ℎ
hash
ℎ
random
hash
ℎ
random
hash
ℎ
hash
0 0 0 1 1 1 1 0
Create private key - and public key -
1 Distribute
2 Sign data with
3
= 1 1 0 1 = random random random random
random random random random random random random random
![Page 51: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/51.jpg)
51
Hash-based crypto The Lamport signature scheme
hash hash hash hash hash hash hash hash
0 0 1 0
Create private key - and public key -
1 Distribute
2 Sign data with
3
= 1 1 0 1 = random random random random
random random random random
Verify signature with 4
ℎ
=?
ℎ
=?
ℎ
=?
ℎ
=?
0 1 1 1
![Page 52: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/52.jpg)
52
Hash-based crypto The Lamport signature scheme
To be quantum-resistant
The lengths of , and - must be > x2 larger than the security parameter
hash random random
A 128-bit security requires lengths > 256 bits
EX
![Page 53: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/53.jpg)
53
Hash-based crypto The Merkle signature scheme
Create private key - and public key -
1
: B = ℎ(A) A B
h[0,0]
X0
Y0
h[0,1]
X1
Y1
h[0,2]
X2
Y2
h[0,3]
X3
Y3
h[0,4]
X4
Y4
h[0,5]
X5
Y5
h[0,6]
X6
Y6
h[0,7]
X7
Y7
h[1,0] h[1,1] h[1,2] h[1,3]
h[2,1] h[2,0]
h[3,0]
( , ) must be used only once Xi Yi
![Page 54: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/54.jpg)
54
Hash-based crypto The Merkle signature scheme
h[0,0]
Create private key - and public key -
1 Distribute
2
h[3,0]
h[1,0]
h[2,0]
h[0,1] h[0,2] h[0,3] h[0,4] h[0,5] h[0,6] h[0,7]
h[1,1] h[1,2] h[1,3]
h[2,1]
: B = ℎ(A) A B
X0
Y0
X1
Y1
X2
Y2
X3
Y3
X4
Y4
X5
Y5
X6
Y6
X7
Y7
![Page 55: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/55.jpg)
55
h[1,3] h[1,2]
Hash-based crypto The Merkle signature scheme
h[0,0]
Create private key - and public key -
1 Distribute
2
h[3,0]
h[1,0]
h[2,0]
h[0,1] h[0,2] h[0,3] h[0,4] h[0,5] h[0,6] h[0,7]
h[1,1]
h[2,1]
: B = ℎ(A) A B
X0
Y0
X1
Y1
X2
Y2
X3
Y3
X4
Y4
X5
Y5
X6
Y6
X7
Y7
Sign data with 3
Sig = Y2 h[2,1] h[1,0] h[0,3]
Y2
h[0,3]
h[1,0]
h[2,1]
X2
Sign
X2
![Page 56: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/56.jpg)
56
h[1,3] h[1,2]
h[0,0] h[0,1] h[0,4] h[0,5] h[0,6] h[0,7]
Hash-based crypto The Merkle signature scheme
Create private key - and public key -
1 Distribute
2
h[3,0]
h[1,0]
h[2,0]
h[0,2] h[0,3]
h[1,1]
h[2,1]
: B = ℎ(A) A B
Y2
Sign data with 3
Verif Sig = Y2 h[2,1] h[1,0] h[0,3]
Y2
Verify signature with 4
Y2
=?
=?
=?
=?
![Page 57: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/57.jpg)
57
Code-based crypto
Created by Robert McEliece(1978)
Alternative to PK encryption like RSA/ECC
Based on error-correcting code
Most well-known
• the McEliece cryptosystem • the Niederreiter cryptosystem • the Courtois-Finiasz-Sendrier signature scheme
![Page 58: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/58.jpg)
58
The principles
Code-based crypto
KDF ℎ
1
2
3 4
Create private key - and public key -
1 Distribute
2 Decrypt with
4 Encrypt data with -
and add -
3
The size of is extremely large: > 8,3 Mbits to be quantum-resistant
![Page 59: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/59.jpg)
59
Lattice-based crypto
Lattices first studied by Lagrange & Gauss
(18th century)
Alternative to PK encryption like RSA/ECC
![Page 60: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/60.jpg)
60
Encryption
• the Peikert ring-LWE key exchange • the Goldreich-Goldwasser-Halevi encryption scheme • NTRUEncrypt
Lattice-based crypto
Signature
• the Gunesyu-Lyubashevsky-Poppleman ring-LWE scheme • the Goldreich-Goldwasser-Halevi signature scheme • NTRUSign
Hash
• SWIFFT (based on Fast Fourier Transform) • LASH (LAttice based haSH function)
The most well-known schemes
LWE = Learning With Errors
![Page 61: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/61.jpg)
61
Lattice-based crypto Security assumptions
Learning With Errors (LWE)
Find 𝑥 from 𝑓, 𝑦 when 𝑦 contains errors
Shortest Vector Problem (SVP)
Find the shortest vector in a lattice
[and its sub-problem]
Short Integer Solution (SIS)
Find the shortest vector in specific lattices
![Page 62: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/62.jpg)
62
Post-quantum actors
![Page 63: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/63.jpg)
63
The helper: -
Quantum risk assessment
Roadmap design & implementation
Quantum safe hardware & software
Education service
Michele Mosca Co-Founder, President and CEO of Co-founder of at Project leader of
![Page 64: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/64.jpg)
64
The integrator: -
Prototype integrations into protocols/applications such as
OpenSSL
2
Open source C library
liboqs for quantum-resistant
cryptographic algorithms
1
Some performance results can be found at https://eprint.iacr.org/2016/1017.pdf
![Page 65: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/65.jpg)
Recommandations
![Page 66: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/66.jpg)
66
Quantum tech is not a dream
1994 2030 2050 2007 2017 2023
QC = Quantum Computer
No certification yet for quantum products
![Page 67: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/67.jpg)
67
How to be quantum-resistant
Which crypto?
New app to dev?
App well structured?
PK crypto
SK crypto
yes
no
yes no
Use longer keys Use/change to
PQC libs
PK = Public Key | SK= Symmetric Key | PQC = Post Quantum Cryptography
![Page 68: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/68.jpg)
68
Be careful with PQC
Hash-based crypto
• Keys must be used once • Lengths of variables and keys must be long enough (> x2)
to be quantum-resistant
Code-based crypto
• Size of public key is extremely large (> 8,3 Mbits) to be quantum-resistant
Lattice-based crypto
• Not mature yet
PQC = Post Quantum Cryptography
![Page 69: The Quantum World - Smals Research · The Quantum World . 2 Hypothetical scenario How is your company responding to the announcement of the new commercially available quantum](https://reader031.vdocuments.us/reader031/viewer/2022041014/5ec555ac13b08355f20a99a8/html5/thumbnails/69.jpg)
69
Tania Martin 02 787 56 05 [email protected]
Smals
www.smals.be
@Smals_ICT
www.smalsresearch.be
@SmalsResearch