quantum authentication with key recycling
play

Quantum Authentication with Key Recycling Christopher Portmann - PowerPoint PPT Presentation

Feb 07, 2023 •164 likes •717 views

Introduction Classical secure channel Quantum secure channel Quantum Authentication with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich, Switzerland Dept. of Computer Science, ETH Zurich, Switzerland EUROCRYPT 2017, Paris, 4 May

  1. Introduction Classical secure channel Quantum secure channel Quantum Authentication with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich, Switzerland Dept. of Computer Science, ETH Zurich, Switzerland EUROCRYPT 2017, Paris, 4 May C. Portmann Quantum Authentication with Key Recycling

  2. Introduction Classical secure channel Quantum secure channel Authentication and Encryption of Quantum Messages with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich, Switzerland Dept. of Computer Science, ETH Zurich, Switzerland EUROCRYPT 2017, Paris, 4 May C. Portmann Quantum Authentication with Key Recycling

  3. Introduction Overview Classical secure channel Main idea Quantum secure channel Overview of results Analyze a subset of the family of Q-MACs from Barnum, Crépeau, Gottesman, Smith, Tapp [FOCS 2002] Prove that all the key can be recycled upon accepting the message. Prove that part of the key can be recycled upon rejecting the message, and that this is optimal (= the rest is leaked). Composable security proof using the Abstract/Constructive Cryptography framework [Maurer, Renner, 2011]. C. Portmann Quantum Authentication with Key Recycling

  4. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (classical) Classical MACs: t ′ ? = f k 1 ( x ′ ) ⊕ k 2 Message x Family of hash functions { f k } ( x , t ) ( x ′ , t ′ ) Key ( k 1 , k 2 ) Tag t := f k 1 ( x ) ⊕ k 2 Wegman, Carter [1981], P[2014] New key k 2 needed for every new message x . k 1 can be recycled! C. Portmann Quantum Authentication with Key Recycling

  5. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (classical) Classical MACs: t ′ ? = f k 1 ( x ′ ) ⊕ k 2 Message x Family of hash functions { f k } ( x , t ) ( x ′ , t ′ ) Key ( k 1 , k 2 ) Tag t := f k 1 ( x ) ⊕ k 2 Wegman, Carter [1981], P[2014] New key k 2 needed for every new message x . k 1 can be recycled! C. Portmann Quantum Authentication with Key Recycling

  6. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (quantum) Authentic channel A x x x No cloning! If Bob gets ρ , then Eve doe not. If Bob can verify that he received the correct cipher, Eve has no information about it. = ⇒ Eve has no information about the key either. = ⇒ Key can be recycled! Same principal as quantum key distribution. C. Portmann Quantum Authentication with Key Recycling

  7. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (quantum) Authentic channel A ρ ρ ρ No cloning! If Bob gets ρ , then Eve doe not. If Bob can verify that he received the correct cipher, Eve has no information about it. = ⇒ Eve has no information about the key either. = ⇒ Key can be recycled! Same principal as quantum key distribution. C. Portmann Quantum Authentication with Key Recycling

  8. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (quantum) Secure channel S ρ ρ ρ No cloning! If Bob gets ρ , then Eve doe not. If Bob can verify that he received the correct cipher, Eve has no information about it. = ⇒ Eve has no information about the key either. = ⇒ Key can be recycled! Same principal as quantum key distribution. C. Portmann Quantum Authentication with Key Recycling

  9. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (quantum) Secure channel S ρ ρ ρ No cloning! If Bob gets ρ , then Eve doe not. If Bob can verify that he received the correct cipher, Eve has no information about it. = ⇒ Eve has no information about the key either. = ⇒ Key can be recycled! Same principal as quantum key distribution. C. Portmann Quantum Authentication with Key Recycling

  10. Introduction Overview Classical secure channel Main idea Quantum secure channel Key recycling (quantum) Secure channel S ρ ρ ρ No cloning! If Bob gets ρ , then Eve doe not. If Bob can verify that he received the correct cipher, Eve has no information about it. = ⇒ Eve has no information about the key either. = ⇒ Key can be recycled! Same principal as quantum key distribution. C. Portmann Quantum Authentication with Key Recycling

  11. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K A B k k x ′ , ⊥ x Insecure channel R ( x , t ) ( x ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

  12. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K A B k k x ′ , ⊥ x Insecure ch. R ( x , t ) ( x ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

  13. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K Authentic ch. A A B x , ⊥ k k x x ′ , ⊥ x x 0 , 1 Insecure ch. R ( x , t ) ( x ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

  14. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K Authentic ch. A A B x , ⊥ k k x x ′ , ⊥ x x 0 , 1 Insecure ch. R σ auth E ( x , t ) ( x ′ , t ′ ) ( x , t ) ( x ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

  15. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K Authentic ch. A A B x , ⊥ k k x x ′ , ⊥ x x 0 , 1 Insecure ch. R σ auth E ( x , t ) ( x ′ , t ′ ) ( x , t ) ( x ′ , t ′ ) Two systems R and S are ε -close if no distinguisher can tell them apart except with advantage ε , R ≈ ε S ⇐ ⇒ sup | Pr [ D ( R ) = 1 ] − Pr [ D ( S ) = 1 ] | ≤ ε. D C. Portmann Quantum Authentication with Key Recycling

  16. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing an authentic channel π auth π auth Secret key K Authentic ch. A A B x , ⊥ k k x x ′ , ⊥ x x 0 , 1 Insecure ch. R σ auth E ( x , t ) ( x ′ , t ′ ) ( x , t ) ( x ′ , t ′ ) ( π auth , π auth ) constructs A from K � R with error ε , if there exists a A B simulator σ auth such that the dashed boxes are ε -close. E π auth ,ε ⇒ ∃ σ auth s.t. π auth π auth ( K � R ) ≈ ε σ auth K � R − − − − → A ⇐ A . E A B E C. Portmann Quantum Authentication with Key Recycling

  17. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing a secure channel from an authentic ch. π otp π otp Secret key K A B k k x , ⊥ x Authentic ch. A c c = x ⊕ k c 0 , 1 C. Portmann Quantum Authentication with Key Recycling

  18. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing a secure channel from an authentic ch. π otp π otp Secret key K Secure ch. S A B x , ⊥ x k k x , ⊥ x | x | 0 , 1 Authentic ch. A c c = x ⊕ k c 0 , 1 C. Portmann Quantum Authentication with Key Recycling

  19. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing a secure channel from an authentic ch. π otp π otp Secret key K Secure ch. S A B x , ⊥ x k k x , ⊥ x | x | Authentic ch. A σ otp c E c = x ⊕ k c 0 , 1 c 0 , 1 ( π otp A , π otp B ) constructs S from K � A with error 0 , π otp , 0 π otp A π otp ( K � A ) = σ otp E S = ⇒ K � A − − − → S B C. Portmann Quantum Authentication with Key Recycling

  20. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing a secure ch. from an insecure ch. (1) π otp π otp Key K 1 Secure ch. S A B x , ⊥ k 1 k 1 x x , ⊥ x | x | 0 , 1 Key K 2 k 2 k 2 c ′ c σ otp E c Ch. R π auth π auth σ auth A B E ( c , t ) ( c ′ , t ′ ) ( c , t ) ( c ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

  21. Introduction From an authentic channel Classical secure channel From an XOR-malleable, confidential channel Quantum secure channel Key recycling Constructing a secure ch. from an insecure ch. (1) π otp π otp Key K 1 Secure ch. S A B x , ⊥ k 1 k 1 x x , ⊥ x | x | 0 , 1 Key K 2 k 2 k 2 c ′ c σ otp E c Ch. R π auth π auth σ auth A B E ( c , t ) ( c ′ , t ′ ) ( c , t ) ( c ′ , t ′ ) C. Portmann Quantum Authentication with Key Recycling

Recommend

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely & Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption & Authentication Schemes with

829 views • 62 slides
Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with Gorjan Alagic, Alexander Russell and Fang Song QCrypt 2018, Shanghai, China Message authentication Alice Bob m Message authentication Alice Bob

1.3k views • 68 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

NDSS 2020, February 26, 2020 Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 , Panos Kampanakis 2 , Michael Devetsikiotis 1 1 Dept. of Electrical and Computer Engineering, The University of New

795 views • 23 slides
Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark Zhandry Stanford University 1/19 Classical Chosen Message Attack (CMA) m i i = S ( k, m i )

658 views • 19 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Quantum non-malleability and authentication Christian Majenz QMATH, University of Copenhagen

Quantum non-malleability and authentication Christian Majenz QMATH, University of Copenhagen

Quantum non-malleability and authentication Christian Majenz QMATH, University of Copenhagen Joint work with Gorjan Alagic, NIST and University of Maryland CRYPTO 2017, UCSB 24.08.2017 Motivation: a classical story... Crypto for bank

1.01k views • 83 slides
How Recycling Works in Massachusetts Where does your recycling go? Dos and Dont of

How Recycling Works in Massachusetts Where does your recycling go? Dos and Dont of

How Recycling Works in Massachusetts Where does your recycling go? Dos and Dont of Single Stream Recycling Why wishcycling is harmful? ASK the experts can I recycle this? 1 Introduction Suzanne Wood, LEED AP

449 views • 11 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz,

Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz,

Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz, Alexander Russell and Fang Song Eurocrypt 2020, in Cyberspace Introduction Integrity and authenticity Integrity and authenticity It says X

785 views • 63 slides
TOXIC RECYCLING How to Avoid Poisoning the Recycling Chain? The BIR World Recycling Convent ion

TOXIC RECYCLING How to Avoid Poisoning the Recycling Chain? The BIR World Recycling Convent ion

TOXIC RECYCLING How to Avoid Poisoning the Recycling Chain? The BIR World Recycling Convent ion in Prague, 27 10- 2015 Jindrich Petrlik IPEN Dioxin, PCBs and Waste WG co-chair Executive director of Arnika - Toxics and Waste Programme

174 views • 15 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
THE RANK METHOD AND APPLICATIONS TO QUANTUM LOWER BOUNDS Mark Zhandry Joint work with Dan Boneh

THE RANK METHOD AND APPLICATIONS TO QUANTUM LOWER BOUNDS Mark Zhandry Joint work with Dan Boneh

THE RANK METHOD AND APPLICATIONS TO QUANTUM LOWER BOUNDS Mark Zhandry Joint work with Dan Boneh This Talk Highlight technique from very recent paper: Quantum-Secure Message Authentication Codes Specifically: Quantum Oracle Interrogation

734 views • 25 slides
Recycling Challenge Recycling Challenge Background The average Canadian recycles 112 kg of

Recycling Challenge Recycling Challenge Background The average Canadian recycles 112 kg of

Separating Mixtures Recycling Challenge Recycling Challenge Background The average Canadian recycles 112 kg of material per year. In Ontario, we recycle 1.5 million tonnes of recycling a year. Problem Recycling facilities are

502 views • 7 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
Agenda 1. Overview 2. Organics Recycling in the US Georgia Recycling Coalition 3. Organics

Agenda 1. Overview 2. Organics Recycling in the US Georgia Recycling Coalition 3. Organics

Agenda 1. Overview 2. Organics Recycling in the US Georgia Recycling Coalition 3. Organics Recycling in Georgia September 19, 2017 4. Challenges Ryan Cooper Sustainability Specialist Organics Recycling 5. Solutions Rubicon

787 views • 19 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Tennessee Recycling Symposium Providing total recycling and waste solutions to meet your

Tennessee Recycling Symposium Providing total recycling and waste solutions to meet your

Tennessee Recycling Symposium Providing total recycling and waste solutions to meet your sustainability goals Dawn Gaines Sales Manager Non-Fiber 1 RockTenn Recycling Content RockTenn Corporate Overview RockTenn Recycling

287 views • 9 slides

More recommend