post quantum rsa
play

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and - PowerPoint PPT Presentation

Jan 31, 2024 •271 likes •788 views

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Post-quantum RSA Daniel J. Bernstein, Nadia Heninger,

  1. Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  2. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  3. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  4. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  5. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” ◮ Reviewer 4: “a paranoid post-quantum solution may be sought at the great expense of performance” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  6. The referees are questioning applicability . . . ◮ Reviewer 1: “The cryptosystem is an interesting thought experiment, but I cannot believe it will be actually used” ◮ Reviewer 2: “I can’t see it ever being used. . . . the main result is almost comical” ◮ Reviewer 3: “I’m not really convinced by the practicality of the scheme. . . . I can’t imagine exchanging 1 terabyte keys to secure communications” ◮ Reviewer 4: “a paranoid post-quantum solution may be sought at the great expense of performance” ◮ Reviewer 5: “not cheap” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  7. . . . so how do we respond? ◮ Appeal to the past: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  8. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  9. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  10. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  11. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  12. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  13. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  14. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  15. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  16. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  17. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” ◮ The real answer: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  18. . . . so how do we respond? ◮ Appeal to the past: “Make RSA Great Again!” ◮ Appeal to the future: “Moore’s law says it’ll be okay!” ◮ Double down: “Digital cash with RSA blind signatures!” ◮ FUD: “Maybe all the alternatives will be broken!” ◮ Put it in perspective: “It’s better than QKD!” ◮ The real answer: “Someone is wrong on the Internet.” Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  19. RSA scalability vs. Shor scalability Conventional wisdom: ◮ Shor’s algorithm has the same scalability as legitimate usage of RSA. ◮ “there’s not going to be a larger key-size where a classical user of RSA gains [a] significant advantage over a quantum computing attacker” ◮ “If you increase the key size, it’d still be just as easy to break it as it is to encrypt” What is the actual scalability of integer factorization? What is the actual scalability of legitimate usage of RSA? Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  20. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  21. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) def bubblesort(x): for j in range(len(x)): for i in reversed(range(j)): x[i],x[i+1] = min(x[i],x[i+1]),max(x[i],x[i+1]) bubblesort takes poly time. Θ( n 2 ) comparisons. Huge speedup over blindsort ! Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  22. What is the fastest sorting algorithm? def blindsort(x): while not issorted(x): permuterandomly(x) def bubblesort(x): for j in range(len(x)): for i in reversed(range(j)): x[i],x[i+1] = min(x[i],x[i+1]),max(x[i],x[i+1]) bubblesort takes poly time. Θ( n 2 ) comparisons. Huge speedup over blindsort ! Is this the end of the story? No, still not optimal. Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  23. What is the fastest factoring algorithm? Shor’s algorithm? ◮ Poly time. Huge speedup over NFS! ◮ b 2 (log b ) 1+ o (1) qubit operations to factor b -bit integer, using standard subroutines for fast integer arithmetic. Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

  24. What is the fastest factoring algorithm? Shor’s algorithm? ◮ Poly time. Huge speedup over NFS! ◮ b 2 (log b ) 1+ o (1) qubit operations to factor b -bit integer, using standard subroutines for fast integer arithmetic. ◮ Is this the end of the story? No, still not optimal. Exercise to illustrate suboptimality of Shor’s algorithm: � 10 3009 π � Find a prime divisor of . Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta

Recommend

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum

The Quantum Risk & Post-Quantum Crypto JP Aumasson The Quantum Risk & Post-Quantum Crypto JP Aumasson uantum /me 15 years experience in applied cryptography (PhD, industry, consulting) Designed widely used algorithms Author of the

816 views • 52 slides
Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers

Quantum Algorithms Tutorial Ronald de Wolf 1/ 37 Post-quantum cryptography I Quantum computers can break public-key cryptography that is based on assuming hardness of factoring, discrete logs, and a few other problems I Post-quantum

2.98k views • 37 slides
SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design

SW/HW Codesign of the Post-Quantum Cryptography Algorithm NTRUEncrypt Using HLS and RTL Design Methodologies Farnoud Farahmand, Duc Tri Nguyen, Viet B. Dang*, Ahmed Ferozpuri and Kris Gaj George Mason University Post st-Quantum Quantum

441 views • 14 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers

Post-Quantum Cryptography Dr. Ruben Niederhagen, February 8, 2016 Introduction Quantum Computers Using quantum states for computation: Introduced in 1985 by David Deutsch [3]. Operate on qubits using gates that perform reversible

1.69k views • 157 slides
The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion University Credit for some slides: Melissa Chase and Picnic team Post-Quantum Cryptography Large-scale quantum computer could efficiently factor large

533 views • 34 slides
Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all

Post-quantum cryptography Tanja Lange 07 October 2015 SPACE 2015 In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were actually doing things that are making us think like,

901 views • 41 slides
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal

Basics on Public Key Crypto Systems Research Directions in Post-Quantum Cryptography Variants of McEliece System Distinguisher Attacks McEliece for Rank Metric Codes An Overview on Post-Quantum Cryptography with an Emphasis on Code based

1.05k views • 100 slides
Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange

Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange

https://microsoft.com/en-us/research/people/plonga http://patricklonga.com Twitter: @PatrickLonga Outline Motivation: the quantum menace Post-quantum key exchange from supersingular isogenies: Preliminaries SIDH SIKE

1.82k views • 154 slides
Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and

Post-quantum cryptography Tanja Lange 02 October 2015 Academy Contact Forum Coding Theory and Cryptography VI In the long term, all encryption needs to be post-quantum Mark Ketchen, IBM Research, 2012, on quantum computing: Were

854 views • 42 slides
for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P.

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols Utsav Banerjee * , Tenzin S. Ukyab, Anantha P. Chandrakasan * utsav@mit.edu Massachusetts Institute of Technology Post-Quantum Cryptography Current public key

911 views • 25 slides
From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren

Quantum computers and factoring Learning with errors Cryptography from LWE From linear algebra to post-quantum cryptography Dr. Ir. Fr e Vercauteren frederik.vercauteren@gmail.com Open Security Research (China) ESAT/COSIC - KU Leuven

1.34k views • 70 slides
Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The

Implementing post-quantum cryptography Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Part I: How to make software secure Implementing post-quantum cryptography 2 Timing

1.44k views • 116 slides
Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o

1 / 2 9 Post Quantum Crypto B e r n d F i x < b r f @ h o i - p o l l o i . o r g > Post-Quantum Crypto Bernd Fix < b r f @ h o i - p o l l o i . o r g > 2 / 2 9 Intro P r

340 views • 29 slides
A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum

A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum

A Story of United Nations of Post Quantum Cryptogrpahy Direct dialogue between quantum alg. & braid Crypt. Licheng Wang and Lihua Wang National Institute of Information and Communications Technology Story of two United

272 views • 8 slides
Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven

Introduction to post-quantum cryptography I Tanja Lange Technische Universiteit Eindhoven Executive School on Post-Quantum Cryptography 01 July 2019 Cryptography Motivation #1: Communication channels are spying on our data. Motivation

728 views • 42 slides
Post-quantum Security of the CBC, CFB, OFB, Modes of Operation. CTR, and XTS Modes of Operation.

Post-quantum Security of the CBC, CFB, OFB, Modes of Operation. CTR, and XTS Modes of Operation.

Post-quantum Security of the CBC, CFB, OFB, CTR, and XTS Post-quantum Security of the CBC, CFB, OFB, Modes of Operation. CTR, and XTS Modes of Operation. Mayuresh Anand Motivation Mayuresh Anand, Ehsan Ebrahimi Targhi, Gelo Noel Tabia,

235 views • 22 slides
Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu

Part I: Introduction to Post Quantum Cryptography Tutorial@CHES 2017 - Taipei Tim Gneysu Ruhr-Universitt Bochum & DFKI 04.10.2017 Overview Goals Provide a high-level introduction to Post-Quantum Cryptography (PQC)

1.18k views • 113 slides
The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at

The year in post-quantum crypto Daniel J. Bernstein, Tanja Lange University of Illinois at Chicago, Eindhoven University of Technology Post-quantum cryptography: Cryptography designed under the assumption that the attacker (not the user!) has

1.29k views • 94 slides
["si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

["si:saId] Why CSIDH? Drop-in post-quantum replacement for (EC)DH.

CSIDH : An Efficient Post-Quantum Commutative Group Action Wouter Castryck 1 Tanja Lange 2 Chloe Martindale 2 Lorenz Panny 2 Joost Renes 3 1 KU Leuven 2 TU Eindhoven 3 Radboud Universiteit Brisbane, 6 December 2018 ["si:saId] Why CSIDH?

934 views • 57 slides
The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences:

The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences:

1 2 The post-quantum Internet Risk management Daniel J. Bernstein Combining congruences: state-of-the-art pre-quantum University of Illinois at Chicago & attack against original DH, Technische Universiteit Eindhoven RSA, and some

2.34k views • 171 slides
Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit

Post-quantum cryptography Tanja Lange (with Daniel J. Bernstein) Technische Universiteit Eindhoven 17 January 2016 8th Winter School on Quantum Cybersecurity Cryptography Motivation #1: Communication channels are spying on our

894 views • 68 slides
PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange

PQCHacks: a gentle introduction to post-quantum cryptography Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 27 December 2015 D-Wave quantum computer isnt universal . . .

789 views • 65 slides

More recommend