qcrypt implemen ng a next genera on quantum key dis lla
play

QCrypt: Implemenng a Next-Generaon Quantum Key Disllaon Engine in - PowerPoint PPT Presentation

Aug 20, 2022 •364 likes •666 views

Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . QCrypt: Implemenng a Next-Generaon Quantum Key Disllaon Engine in Pracce P. Junod (HEIG-VD) Joint work with A. Burg, J. Constann

  1. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . QCrypt: Implemen�ng a Next-Genera�on Quantum Key Dis�lla�on Engine in Prac�ce P. Junod (HEIG-VD) Joint work with A. Burg, J. Constan�n (EPFL), Ch. Portmann (ETHZ & Uni. of Geneva) R. Houlmann, Ch. L. Ci Wen, N. Walenta, H. Zbinden (Uni. of Geneva) N. Kulesza (ID Quan�que SA) ESC 2013 - Mondorf-les-Bains (Luxembourg) - January 18, 2013 1 / 29

  2. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Outline 1 Context Classical Channel 2 Authen�ca�on Error Correc�on Privacy Amplifica�on 3 Overall Security Random Numbers Security Parameter 2 / 29

  3. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . QCrypt in a Nutshell 4-year project funded by the SNF Nano-Tera ini�a�ve (2009-2013) Researchers from Uni. of Geneva, ETHZ, EPFL, HEIG-VD and ID Quan�que SA Two different goals: 1 Build a next-genera�on high-speed QKD engine 2 Build a 100 Gbps (classical) encryp�on engine 3 / 29

  4. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . GAP - University of Geneva / ID Quan�que SA Pioneers in the domain of prac�cal quantum cryptography 4 / 29

  5. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . QCrypt - Fast Encryptor 10 Ethernet channels of 10 Gbps each 100 Gbps layer-2 AES-GCM encryp�on engine 100 Gbps data channel over a single fiber (Securely) get keys from the QKD engine 5 / 29

  6. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . QCrypt - QKD Engine Based on the Coherent One-Way ( COW ) Protocol Simple data channel with no ac�ve elements at Bob Interference visibility as measure of Eve's informa�on Fast single photon detectors with gate frequencies of up to 2.3 GHz. Target throughput for the dis�lled key: 1 Mbps 6 / 29

  7. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Outline 1 Context Classical Channel 2 Authen�ca�on Error Correc�on Privacy Amplifica�on 3 Overall Security Random Numbers Security Parameter 7 / 29

  8. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Informa�on-Theore�cally Secure Authen�ca�on Like for BB84 and other QKD protocols, one needs to exchange informa�on on a non-confiden�al, but authen�cated channel. Requirements on the MAC: 1 Informa�on-theore�c security 2 Process blocks of 2 20 bits 3 Authen�ca�on tag of 127 bits 8 / 29

  9. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . (Strong) Universal Hashing Defini�on (Universal Func�ons) Let X and Y be two finite sets. A family H of hash func�ons ! Y is called " -almost universal if the following condi�on h : X � holds: for any x 6 = x 0 2 X , Pr [ h ( x ) = h ( x 0 )] � " . Defini�on (Strongly 2-Universal Func�ons) Let X and Y be two finite sets. A family H of hash func�ons ! Y is called " -almost strongly 2-universal if the following h : X � condi�on folds: for any x 1 6 = x 2 2 X and any y 1 ; y 2 2 Y , " Pr [ h ( x 1 ) = y 1 ; h ( x 2 ) = y 2 ] � jYj 9 / 29

  10. 1 Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . (Strong) Universal Hashing Theorem (Wegman-Carter, 1981 / S�nson, 1991) Suppose that H is an " -strongly 2-universal family of hash func�ons. Then H is an informa�on-theore�cally secure message authen�ca�on code with � = jYj and � � " . Here, � denotes the impersona�on probability and � the subs�tu�on probability. 10 / 29

  11. m 1 Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Towards a Concrete Construc�on (1) We consider the two following families of hash func�ons: ( ) x i k i : x i ; k 2 GF ( 2 n ) H ~ X = h k ( x ) = i = 0 H � f h ( a ; b ) ( x ) = [ ax ] n � 1 + b : a 2 GF ( 2 n ) and b 2 GF ( 2 n � 1 ) g = H ~ is also called polynomial hashing . Theorem (Wegman-Carter, 1979) H ~ is a m 2 n -almost universal family of hash func�ons. Theorem (Wegman-Carter, 1981) The set H � is a 2 n � 1 -almost strongly universal family of hash func�ons. 11 / 29

  12. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Towards a Concrete Construc�on (2) Theorem (S�nson, 1994) Suppose H 1 is an " 1 -almost universal family of hash func�ons mapping X to Y and suppose that H 2 is an " 2 -almost strongly universal family of hash func�ons mapping Y to Z . Then the composi�on H 2 � H 1 is an ( " 1 + " 2 ) -almost strongly universal family of hash func�ons mapping X to Z . Corollary Combining the H ~ and H � families result in a m + 2 2 n -almost strongly universal family of hash func�ons where ` = n ( m + 1 ) is the length in bits of the input message. 12 / 29

  13. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Towards a Concrete Construc�on (3) Finite field of size 2 128 Given a message m 128-bit block, one needs m + 1 mul�plica�ons and m + 1 addi�ons in the field 3 n � 1 secret key bits are consumed for each block 13 / 29

  14. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Implemen�ng Key Reuse One can decrease the key bits consump�on using the following trick (proposed by Wegman and Carter): Instead of genera�ng a new strongly-universal hash func�on for each message, generate a single-one and keep it secret. Then, encrypt every authen�ca�on tag using a one-�me pad For authen�ca�ng t messages n bits each, you need 3 n � 1 + t ( n � 1 ) bits instead of t ( 3 n � 1 ) . Recently shown by Portmann (2012) to be " -UC-secure , i.e., the overall authen�ca�on error probability will be upper-bounded by t " for t messages. 14 / 29

  15. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Implemen�ng Key Reuse Concretely, as we need about t = 7 : : : 10 opera�ons of authen�ca�ons on blocks of 2 20 bits for dis�lling 10 5 bits, we get an upper bound on the a�ack probability in the order of t � 2 � 114 for the authen�ca�on part. About 2 : 4 % of the dis�lled key bits will be dedicated to authen�ca�on. 15 / 29

  16. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Error Correc�on Engine Error correc�on is comprised of forward error correc�on followed by a (randomised) integrity verifica�on. Implemented through the quasi-cyclic LDPC code defined in IEEE 802.11n. Syndrome encoding with a block code length of 1944 bits The code rate can be set to 1 = 2 , 2 = 3 , 3 = 4 or 4 = 5 depending on the QBER. 16 / 29

  17. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Error Correc�on Engine An integrity check (UHF with collision probability upper bound of 2 � 32 ) is required since the error detec�on capability of the FEC decoding is insufficient to guarantee that all errors will be corrected. The integrity check is performed prior the privacy amplifica�on (PA) to avoid revealing informa�on to Eve without being able to account it with the PA process. 17 / 29

  18. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Privacy Amplifica�on The privacy amplifica�on (PA) mechanism is responsible to decrease the informa�on of Eve about the corrected key. The PA mechanism uses a fixed compression ra�o of 10-to-1. It processes input blocks of 10 6 bits and outputs block of 10 5 bits. It relies on a universal hash func�on. 18 / 29

  19. t 1 t 0 t 0 t 2 t 1 t 0 Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . Toeplitz Hashing Origin: a construc�on by Wegman and Carter Let M be an n � m matrix over GF ( 2 ) . Then, the mapping y = M x is universal. However, it would require to transmit m = 10 11 random bits. Mansour et al. (1993) and Krawczyk (1994) showed that restric�ng the matrix to Toeplitz matrices keeps universality, but requires only n + m � 1 random bits. 0 : : : 1 t n � 2 t n � 1 : : : B t � 1 t n � 3 t n � 2 C B C : : : B C t � 2 t � 1 t n � 4 t n � 3 B . . . . . . C T = ; . . . . . . B C . . . . . . B C B C B : : : C t � m + 2 t � m + 3 t � m + 4 t n � m � 2 t n � m � 1 @ A : : : t � m + 1 t � m + 2 t � m + 3 t n � m � 1 t n � m 19 / 29

  20. Context Classical Channel Overall Security . . . . . . . . . . . . . . . . . . . . . LFSR Hashing Even be�er: Krawczyk (1994) proposed a construc�on that requires only 2 m bits relying on genera�ng the pseudo-random bits using an random LFSR. But... This construc�on is only almost -universal, which is not sufficient for PA Genera�ng quickly random irreducible polynomials of degree 10 5 is ... challenging, to say the least! 20 / 29

Recommend

QSat: Quantum Communication Uplink to a 3U CubeSat Feasibility & Design QCrypt 2018

QSat: Quantum Communication Uplink to a 3U CubeSat Feasibility & Design QCrypt 2018

QSat: Quantum Communication Uplink to a 3U CubeSat Feasibility & Design QCrypt 2018 Shanghai, China 27 th August 2018 Sebastian Philipp Neumann Rupert Ursin Group IQOQI Vienna Overview QSat mission setup Why a CubeSat?

652 views • 17 slides
QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru,

QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru,

Motivations QFactory Security QCrypt 2018: On the possibility of classical client blind quantum computing Alexandru Cojocaru, L eo Colisson, Elham Kashefi, Petros Wallden August 30, 2018 A. Cojocaru, L. Colisson, E. Kashefi, P. Wallden

824 views • 63 slides
Security proofs for continuous-variable quantum key distribution Anthony Leverrier Inria Paris

Security proofs for continuous-variable quantum key distribution Anthony Leverrier Inria Paris

Security proofs for continuous-variable quantum key distribution Anthony Leverrier Inria Paris QCrypt 2020 - virtual 10 August 2020 Anthony Leverrier (Inria) QCrypt 2020 1 / 24 Disclaimer there wont be any COVID joke, sorry! I

711 views • 32 slides
Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic

Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic

Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic Andrew M. Childs Alex B. Grilo QCrypt 2020 arXiv:1911.08101 Verifiable quantum advantage 1 Verifiable quantum advantage When a quantum cloud is

808 views • 51 slides
distribution and beyond Eleni Diamanti LIP6, CNRS, Sorbonne Universit Paris Centre for Quantum

distribution and beyond Eleni Diamanti LIP6, CNRS, Sorbonne Universit Paris Centre for Quantum

Practical aspects of quantum key distribution and beyond Eleni Diamanti LIP6, CNRS, Sorbonne Universit Paris Centre for Quantum Computing QCrypt, 10-14 August 2020 Quantum communication networks 2 Photonic resources Encoding in properties

632 views • 31 slides
Towards the Practical Space-Ground Integrated Quantum Communication Network Cheng-Zhi Peng CAS

Towards the Practical Space-Ground Integrated Quantum Communication Network Cheng-Zhi Peng CAS

QCrypt 2020: Industry Session 2020/08/12 Online Conference Towards the Practical Space-Ground Integrated Quantum Communication Network Cheng-Zhi Peng CAS Center of Excellence in Quantum Information and Quantum Physics University of Science and

362 views • 15 slides
On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University

On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University

On the insecurity of quantum Bitcoin mining arXiv:1804.08118 Or Sattath, Ben-Gurion University QCrypt 2018 SUMMARY The Bitcoin network will become less secure once Bitcoin miners use a quantum computer. Quantum Bitcoin mining a high

872 views • 24 slides
cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., .,

cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., .,

QCrypt 2020 Industry session August 12, 2020 E-meeting Standardization of quantum cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., ., Ltd td. *qinhao@casquantumnet.com Quantum key distribution:

161 views • 13 slides
Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan

Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan

Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending Yang Liu Jinan Institute of Quantum Technology (JIQT) University of Science and Technology of China (USTC) QCRYPT 2020 Twin-Field QKD (TF-QKD) Proposed in 2018,

841 views • 45 slides
Secure bit commitment from relativistic constraints Jed Kaniewski Centre for Quantum Technologies

Secure bit commitment from relativistic constraints Jed Kaniewski Centre for Quantum Technologies

Secure bit commitment from relativistic constraints Jed Kaniewski Centre for Quantum Technologies National University of Singapore joint work with Marco Tomamichel, Esther H anggi and Stephanie Wehner [ arXiv: 1206.1740 ] QCrypt 2012,

1.54k views • 88 slides
Implemen'ng a NRG code, handling second quan'za'on

Implemen'ng a NRG code, handling second quan'za'on

Implemen'ng a NRG code, handling second quan'za'on expressions, symmetries, paralleliza'on issues Rok itko Ins'tute Joef Stefan Ljubljana, Slovenia Tools:

479 views • 31 slides
Summary : SC/Quantum detectors 2 hr 45m 3 hr 30m two long days with detectors for

Summary : SC/Quantum detectors 2 hr 45m 3 hr 30m two long days with detectors for

Summary : SC/Quantum detectors 2 hr 45m 3 hr 30m two long days with detectors for astronomy, dark matter and neutrinos and photo-detectors in genera: TES,SNSPDs, MKIDs J.Estrada (fnal) Transition Edge Sensors for CMB going BIG!

573 views • 19 slides
A Quantum Money solution to the Blockchain Scalability Problem Andrea Coladangelo, Or Sattath

A Quantum Money solution to the Blockchain Scalability Problem Andrea Coladangelo, Or Sattath

A Quantum Money solution to the Blockchain Scalability Problem Andrea Coladangelo, Or Sattath QCrypt 2020 The scalability problem The amount of resources or time needed per transaction grows with the number of users. e.g. Long waiting times

404 views • 24 slides
Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will

Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will

Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will discuss some of the diculties in v olv ed in implemen ting those features of Leda that are relev an t to the ob ject-orien

138 views • 9 slides
The Gender Equality Network in Physics in the European Research Area (GENERA) in Physics Day

The Gender Equality Network in Physics in the European Research Area (GENERA) in Physics Day

The Gender Equality Network in Physics in the European Research Area (GENERA) in Physics Day in Geneva Objectives of the day teresa.montaruli@unige.ch and tessa.carver@unige.ch 1 What is GENERA? GENERA is a project from physics

475 views • 22 slides
Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money

Pseudorandom States, No-Cloning Pseudorandom States, No-Cloning Theorems and Quantum Money Theorems and Quantum Money Zhengfeng Ji (UTS:QSI) QCrypt 2018, Shanghai 1 . 1 A Joint Work With A Joint Work With Yi-Kai Liu Fang Song (NIST and

257 views • 24 slides
Li#ing Off: Our Ini-al Product and Our Next Genera-on

Li#ing Off: Our Ini-al Product and Our Next Genera-on

Li#ing Off: Our Ini-al Product and Our Next Genera-on Ideas Tom Deyo, CEO and Bonnie Norman and Bob Sahadi of Board of Directors What are we covering today?

297 views • 18 slides
Implemen'ng)programma'c)screening)for)distress)related)to)

Implemen'ng)programma'c)screening)for)distress)related)to)

Implemen'ng)programma'c)screening)for)distress)related)to) physical)symptoms)and)emo'onal)/)psychosocial)concerns) Margaret'Fitch''''''''' ''''Jeff'Myers'''''''''''''Stephanie'Burlein6Hall' ' PURPOSE '

223 views • 3 slides
Chapter 7 Sets The problem w e will consider in this c hapter is the implemen

Chapter 7 Sets The problem w e will consider in this c hapter is the implemen

Chapter 7 Sets The problem w e will consider in this c hapter is the implemen tation of a data structure that corresp onds roughly to the notion of a in mathematics. Our purp ose is not to explain set the

487 views • 22 slides
III. CONFIDENTIALITY IV. CONFLICT OF INTEREST 1 2018-02-23 Suppor ort t to the implemen

III. CONFIDENTIALITY IV. CONFLICT OF INTEREST 1 2018-02-23 Suppor ort t to the implemen

2018-02-23 Support to the implementation of the judicial reform in Armenia legal al advis viser Jdrzej Klatka Suppor ort t to the implemen menta tati tion on of the judicial refor orms ms in Armenia I. SCOPE II. INDEPENDENCE III.

225 views • 20 slides
Implemen'ng a Ring-based Real-'me Capable Network Using a

Implemen'ng a Ring-based Real-'me Capable Network Using a

Robotics Research Institute technische universitt Jun.-Prof. Dr. rer. nat. Sascha Uhrig dortmund Implemen'ng a Ring-based Real-'me Capable Network Using a Mul'threaded Java Processor

800 views • 13 slides
Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with Gorjan Alagic, Alexander Russell and Fang Song QCrypt 2018, Shanghai, China Message authentication Alice Bob m Message authentication Alice Bob

1.3k views • 68 slides
Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and Alexander Russell QCrypt 2020, in Cyberspace Results overview We study the simulation of random quantum objects , i.e. random quantum states

1.08k views • 72 slides
Implemen(ng Threads and Synchroniza(on Jeff Chase Duke

Implemen(ng Threads and Synchroniza(on Jeff Chase Duke

D D u k e S y s t t e m s Implemen(ng Threads and Synchroniza(on Jeff Chase Duke University Operating Systems: The Classical View Each process Programs has a private run as data data virtual address

734 views • 59 slides

More recommend