post quantum cryptography
play

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange - PowerPoint PPT Presentation

Oct 05, 2022 •272 likes •760 views

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago; Ruhr University Bochum & Technische Universiteit Eindhoven 12 September 2020 Cryptography Sender Receiver Alice Bob Tsai

  1. Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago; Ruhr University Bochum & Technische Universiteit Eindhoven 12 September 2020

  2. � Cryptography Sender Receiver “Alice” “Bob” Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  3. � Cryptography Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  4. � Cryptography Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” ◮ Motivation #1: Communication channels are spying on our data. ◮ Motivation #2: Communication channels are modifying our data. ◮ Literal meaning of cryptography: “secret writing”. ◮ Achieves various security goals by secretly transforming messages. ◮ Confidentiality: Eve cannot infer information about the content ◮ Integrity: Eve cannot modify the message without this being noticed ◮ Authenticity: Bob is convinced that the message originated from Alice Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  5. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Tsai Ing-Wen picture credit: By 總 統 府 , Attribution, Wikimedia. Donald Trump picture credit: By Shealah Craighead - White House, Public Domain, Wikimedia. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 2

  12. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  13. � Commonly used systems Sender Untrustworthy network Receiver “Alice” “Eve” with quantum computer “Bob” Cryptography with symmetric keys AES-128 . AES-192 . AES-256 . AES-GCM . ChaCha20 . HMAC-SHA-256 . Poly1305 . SHA-2 . SHA-3 . Salsa20 . Cryptography with public keys BN-254 . Curve25519 . DH . DSA . ECDH . ECDSA . EdDSA . NIST P-256 . NIST P-384 . NIST P-521 . RSA encrypt . RSA sign . secp256k1 . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  14. � Symmetric-key authenticated encryption Sender Untrustworthy network Receiver “Alice” “Eve” with quantum computer “Bob” ◮ Very easy solutions if Alice and Bob already share long secret key k : ◮ “One-time pad” for confidentiality. ◮ “Wegman–Carter MAC” for integrity and authenticity. ◮ AES-256: Standardized method to expand short secret key (256-bit k ) into string indistinguishable from long secret key. ◮ AES introduced in 1998 by Daemen and Rijmen. Security analyzed in papers by dozens of cryptanalysts. ◮ No credible threat from quantum algorithms. Grover costs 2 128 . ◮ Some results assume attacker has quantum access to computation, then some systems are weaker . . . but I’d know if my laptop had turned into a quantum computer. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 9

  15. Post-quantum cryptography Cryptography under the assumption that the attacker has a quantum computer. ◮ 1994: Shor’s quantum algorithm. 1996: Grover’s quantum algorithm. Many subsequent papers on quantum algorithms: see quantumalgorithmzoo.org . ◮ 2003: Daniel J. Bernstein introduces term Post-quantum cryptography. ◮ 2006: First International Workshop on Post-Quantum Cryptography. PQCrypto 2006, 2008, 2010, 2011, 2013, 2014, 2016, 2017, 2018, 2019, (soon) 2020. ◮ 2015: NIST hosts its first workshop on post-quantum cryptography. ◮ 2016: NIST announces a standardization project for post-quantum systems. ◮ 2017: Deadline for submissions to the NIST competition. ◮ 2019: Second round of NIST competition begins. ◮ 2020: Third round of NIST competition begins. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 10

  16. 21 December 2017: NIST posts 69 submissions from 260 people. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  17. By end of 2017: 8 out of 69 submissions attacked. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  18. By end of 2018: 22 out of 69 submissions attacked. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

  19. 30 January 2019: 26 candidates retained for second round. BIG QUAKE . BIKE . CFPKM . Classic McEliece . Compact LWE . CRYSTALS-DILITHIUM . CRYSTALS-KYBER . DAGS . Ding Key Exchange . DME . DRS . DualModeMS . Edon-K . EMBLEM and R.EMBLEM . FALCON . FrodoKEM . GeMSS . Giophantus . Gravity-SPHINCS . Guess Again . Gui . HILA5 . HiMQ-3 . HK17 . HQC . KINDI . LAC . LAKE . LEDAkem . LEDApkc . Lepton . LIMA . Lizard . LOCKER . LOTUS . LUOV . McNie . Mersenne-756839 . MQDSS . NewHope . NTRU Prime . NTRU-HRSS-KEM . NTRUEncrypt . NTS-KEM . Odd Manhattan . OKCN/AKCN/CNKE . Ouroboros-R . Picnic . pqNTRUSign . pqRSA encryption . pqRSA signature . pqsigRM . QC-MDPC KEM . qTESLA . RaCoSS . Rainbow . Ramstake . RankSign . RLCE-KEM . Round2 . RQC . RVB . SABER . SIKE . SPHINCS+ . SRTPI . Three Bears . Titanium . WalnutDSA . Some less security than claimed; some really broken; some attack scripts. Merges for second round: HILA5 & Round2; LAKE, LOCKER, & Ouroboros-R; LEDAkem & LEDApkc; NTRUEncrypt & NTRU-HRSS-KEM. Daniel J. Bernstein & Tanja Lange Post-quantum cryptography 11

Recommend

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

626 views • 23 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

729 views • 42 slides
The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

895 views • 68 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

456 views • 19 slides
Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography ECRYPT-CSA Executive School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n > k noisy channel noisy

783 views • 52 slides
BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography

BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography

BIK IKE - Bi Bit-Flipping Key Encapsulation Presented to the 2 nd NIST Post-Quantum Cryptography Standardization Conference August, 24 th 2019, Santa Barbara, California, USA Authors: Affiliations: Nicolas Aragon University of Limoges, France

291 views • 14 slides
Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1

Mathematical Methods for Cryptography 2017, Svolvaer, Lofoten, Norway 1 / 41 Code-Based Post-Quantum Cryptography Wijik Lee 1 , Young-Sik Kim 2 , and Jong-Seon No 1 1 Department of ECE, INMC, Seoul National University, Seoul, Korea 2 Chosun

566 views • 41 slides
Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische

Post-quantum cryptography Daniel J. Bernstein 1 Tanja Lange 1 Peter Schwabe 2 Technische Universiteit Eindhoven Radboud University 08 September 2016 Cryptography Motivation #1: Communication channels are spying on our data.

1.34k views • 117 slides
Code-based Cryptography PQCRYPTO Summer School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography PQCRYPTO Summer School on Post-Quantum Cryptography 2017 TU

Code-based Cryptography PQCRYPTO Summer School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication linear expansion data codeword k n > k noisy channel noisy codeword

916 views • 74 slides
PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 27 December 2015 D-Wave quantum computer isnt universal . . .

790 views • 65 slides
Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago

Post-quantum cryptography Daniel J. Bernstein & Tanja Lange University of Illinois at Chicago & Ruhr University Bochum & Technische Universiteit Eindhoven 10 June 2019 Cryptography Motivation #1: Communication channels are spying

1.17k views • 91 slides
Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER

Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER

Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER EPRINT.IACR.ORG/2014/794 BY DUCAS, LYUBASHEVSKY, AND PREST 2016-09-21, Royal Holloway, Egham OFFICIAL Public Key Cryptography (PKC) Also called

403 views • 26 slides

More recommend