Quantum Computing in Cryptography MATH318/CPSC418 April 15, 2020
Topics: 1. Qubits: why quantum? 2. Shor’s algorithm and the DLP 3. Quantum Key Distribution and BB84 4. More directions in quantum cryptography 5. Resources: more directions for you!
Part 1: Basics
What is a bit? • Essentially, a system that stores a binary value (0 or 1) • Implemented by capacitors that store charge
What is a qubit? • Represented by a complex unit vector • (modulo global phase) • • - Measurement can only distinguish with certainty between opposite points on the Bloch sphere
Basis measurements
Really, what is a qubit? So far, there are several possible ways to build one: • NMR (nuclear magnetic resonance) devices • NV (nitrogen vacancy) centers • Superconductors • Photons • Trapped ions
Properties of qubits • Superposition • Interference • Entanglement
More weird stuff • Measurement postulate • No cloning theorem
More weird stuff • Measurement postulate • No cloning theorem • Can make some tasks difficult, but great for crypto!
Part 2: Shor’s algorithm
Question: how to agree on a key? • Agree in person, in advance • Send via a trusted courier • Use a public channel, relying on the protocol for secrecy • e.g. Diffie-Hellman, RSA, El Gamal
Question: how to agree on a key? • Agree in person, in advance • Send via a trusted courier • Use a public channel, relying on the protocol for secrecy • e.g. Diffie-Hellman, RSA, El Gamal • All of these rely on computationally difficult problems
Shor’s algorithm • Both DLP and factoring can be solved by a quantum computer in polynomial time, using Shor’s algorithm • Both problems are examples of the HSP (hidden subgroup problem) • HSP is still open in general, but solved for finite abelian groups • No good classical algorithm exists
Classical reduction • Given 𝑂 = 𝑞𝑟 with 𝑞, 𝑟 prime, find 𝑞 or 𝑟 • Assume 𝑞, 𝑟 ≠ 2, 𝑞 ≠ 𝑟 • Quantum computers can compute periods in polynomial time: • Given 𝑏 and 𝑂 , find the smallest exponent 𝑠 > 0 such that 𝑏 𝑠 = 𝑏 0 = 1 (mod 𝑂 ) • Based on superposition and interference • Special case of DLP!
Algorithm: 1. Pick 𝑏 < 𝑂 and check that gcd 𝑏, 𝑂 = 1 2. Find 𝑠 , the period of 𝑏 mod 𝑂 3. If 𝑠 is odd, go back to step 1 4. If 𝑠 is even: If 𝑏 𝑠/2 = −1 (mod 𝑂 ), go back to step 1 1. Else, one of gcd(𝑏 𝑠/2 + 1, 𝑂) or gcd(𝑏 𝑠/2 − 1, 𝑂) is a factor of 𝑂 2.
Consequences • Diffie-Hellman, RSA, El Gamal, etc. are no longer considered safe • Record for largest number factored is 1,005,973 as of 2019 • Post-quantum cryptography relies on computational difficulty of problems that are (assumed to be) difficult for both classical and quantum computers • e.g. lattices, multivariable equations, etc.
Part 3: QKD
Question: how to agree on a key? • Agree in person, in advance • Send via a trusted courier • Use a public channel, relying on the protocol for secrecy • e.g. Diffie-Hellman, RSA, El Gamal • All of these rely on computationally difficult problems! One solution: quantum key distribution (QKD)
A protocol: BB84
What about Eve?
Is it secure? • In theory, BB84 allows Alice to send a key to Bob over public channels • If someone is listening, they will be caught with high probability • This security makes no assumptions about Eve’s computational power
…really ? • BB84 is very susceptible to physical attacks • If Eve can figure out Alice’s basis string, then security is completely lost https://nis-summer-school.enisa.europa.eu/2018/cources/PQC/7-preneel_qkd_enisa_v2.pdf
Current challenges • Qubit decoherence – qubits can “measure themselves” in transit • Appears to be a listener, even if there isn’t • Key rate is very low • Less than half of the bits transmitted can be used for the key in the ideal scenario • The more decoherence, the lower the key rate • Eve can easily prevent Alice and Bob from ever establishing a key
Modern QKD: Ideas • Now in use by major banks, governments, etc. • Still developing new protocols to improve the key rate, simplify measurements, etc. • Satellite QKD is looking the most promising • Difficult for Eve to interfere with a signal in freespace • More immune to tampering with actual device • Device-independent QKD • What if Alice and Bob don’t trust their QKD devices? • Tied to non-local games
Part 4: Quantum cryptography
Quantum coin-flipping • Suppose Alice and Bob want to flip a coin and communicate the result over a public channel • Both want to win the toss, and neither trusts the other (or the channel) • This can be done using a quantum coin-flipping protocol • Similar idea to BB84
Three-step quantum cryptography • QKD can only be used to establish secure keys, not for sending data • Encryption/decryption is still Classical • Kak’s three-step protocol is a form of quantum encryption • Related to quantum commitment schemes • Alice and Bob each have the ability to “lock” their data, such that only they can later unlock it
Position-based verification • Message can only be decrypted by a user at a specific geographic location • Works in theory, but not practical in the foreseeable future • Requires a large amount of entanglement
Part 5: Resources And some other stuff
D-Wave • https://www.dwavesys.com/ • Adiabatic quantum computation, useful for machine learning and optimization problems • Not a universal form of computation, so hasn’t attracted as much attention as Google or IBM • Company based on selling cloud access to their computers • Currently holds record for largest number factored: 1,005,973 https://link.springer.com/article/10.1007/s11433-018-9307-1
IBM Qiskit • https://qiskit.org/ • Superconducting quantum computers with 5, 20 or 50 qubits, for research and teaching purposes • Anyone can run programs on their smaller computers via internet • Sometimes there is a queue, though, and there is regular maintenance • There are a lot of beginner tutorials on their website, so it is worth looking at if you’re interested
And finally… You should take CPSC519 (offered fall 2020)! • But be prepared for a lot of linear algebra
Recommend
More recommend
