executive pqc school
play

Executive PQC School 2 days of taks. Lunches in this building. - PowerPoint PPT Presentation

Executive PQC School 2 days of taks. Lunches in this building. Dinner starts at 19:00 at Restaurant Wynwood (bit of a walk or take public transportation). Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography


  1. Executive PQC School ◮ 2 days of taks. ◮ Lunches in this building. ◮ Dinner starts at 19:00 at Restaurant Wynwood (bit of a walk or take public transportation). Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 1

  2. Introduction to post-quantum cryptography Tanja Lange Technische Universiteit Eindhoven 22 June 2017 Executive School on Post-Quantum Cryptography

  3. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 3

  4. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 3

  5. Cryptographic applications in daily life ◮ Mobile phones connecting to cell towers. ◮ Credit cards, EC-cards, access codes for banks. ◮ Electronic passports; soon ID cards. ◮ Internet commerce, online tax declarations, webmail. ◮ Facebook, Gmail, WhatsApp, iMessage on iPhone. ◮ Any webpage with https . ◮ Encrypted file system on iPhone: see Apple vs. FBI. ◮ PGP encrypted email, Signal, Tor, Tails, Qubes OS. Snowden in Reddit AmA Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 3

  6. � � Cryptography ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 4

  7. � � � Secret-key encryption ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 7

  8. � � � Secret-key authenticated encryption ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 7

  9. � � Secret-key authenticated encryption � ? ◮ Prerequisite: Alice and Bob share a secret key . ◮ Prerequisite: Eve doesn’t know . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality despite Eve’s espionage. ◮ Security goal #2: Integrity , i.e., recognizing Eve’s sabotage. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 7

  10. � � � � � � � Public-key signatures ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Alice publishes any number of messages. ◮ Security goal: Integrity. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 8

  11. � � � � � � Public-key signatures � ? ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Eve doesn’t know . Everyone knows . ◮ Alice publishes any number of messages. ◮ Security goal: Integrity. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 8

  12. � � � Public-key signatures � m, s � m, s � m m � K k Secret key k = , public key K = . Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 9

  13. � � � � Public-key encryption � c � c � m m ◮ Alice uses Bob’s public key K = to encrypt. ◮ Bob uses his secret key k = to decrypt. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 10

  14. � � � � � � � � � � � Public-key authenticated encryption (“DH” data flow) ◮ Prerequisite: Alice has a secret key and public key . ◮ Prerequisite: Bob has a secret key and public key . ◮ Alice and Bob exchange any number of messages. ◮ Security goal #1: Confidentiality. ◮ Security goal #2: Integrity. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 11

  15. Cryptographic tools Many factors influence the security and privacy of data: ◮ Secure storage, physical security; access control. ◮ Protection against alteration of data ⇒ public-key signatures, message-authentication codes. ◮ Protection of sensitive content against reading ⇒ encryption. Currently used crypto (check the lock icon in your browser) starts with RSA, Diffie-Hellman (DH) in finite fields, or elliptic curve DH, followed by AES or ChaCha20. Internet currently moving over to Curve25519 (Bernstein) and Ed25519 (Bernstein, Duif, Lange, Schwabe, and Yang). Security is getting better. Some obstacles: bugs; untrustworthy hardware; Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 12

  16. Cryptographic tools Many factors influence the security and privacy of data: ◮ Secure storage, physical security; access control. ◮ Protection against alteration of data ⇒ public-key signatures, message-authentication codes. ◮ Protection of sensitive content against reading ⇒ encryption. Currently used crypto (check the lock icon in your browser) starts with RSA, Diffie-Hellman (DH) in finite fields, or elliptic curve DH, followed by AES or ChaCha20. Internet currently moving over to Curve25519 (Bernstein) and Ed25519 (Bernstein, Duif, Lange, Schwabe, and Yang). Security is getting better. Some obstacles: bugs; untrustworthy hardware;let alone anti-security measures such as backdoors. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 12

  17. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 15

  18. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 16

  19. D-Wave quantum computer isn’t universal . . . ◮ Can’t store stable qubits. ◮ Can’t perform basic qubit operations. ◮ Can’t run Shor’s algorithm. ◮ Can’t run other quantum algorithms we care about. ◮ Hasn’t managed to find any computation justifying its price. ◮ Hasn’t managed to find any computation justifying 1% of its price. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 16

  20. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 17

  21. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 17

  22. . . . but universal quantum computers are coming . . . ◮ Massive research effort. Tons of progress summarized in, e.g., https: //en.wikipedia.org/wiki/Timeline_of_quantum_computing . ◮ Mark Ketchen, IBM Research, 2012, on quantum computing: “We’re actually doing things that are making us think like, ‘hey this isn’t 50 years off, this is maybe just 10 years off, or 15 years off.’ It’s within reach.” ◮ Fast-forward to 2022, or 2027. Universal quantum computers exist. ◮ Shor’s algorithm solves in polynomial time: ◮ Integer factorization. RSA is dead. ◮ The discrete-logarithm problem in finite fields. DSA is dead. ◮ The discrete-logarithm problem on elliptic curves. ECDSA is dead. ◮ This breaks all current public-key cryptography on the Internet! Tanja Lange http://ecrypt.eu.org/csa Introduction to post-quantum cryptography 17

Recommend


More recommend