Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Belfast2014 - O`Neill

advertisement 
Cryptography in a Post Quantum
Computing World
Máire O’Neill
Quantum Computing
Traditional Computing
- Involves bits that exist in 2 states: binary 1 and 0
- Performs one calculation at a time, in sequence
Quantum Computing
- Involves qubits, that exist in a superposition
state: can be both 1 and 0 at the same time
- Can perform millions of calculations
simultaneously
A 30-qubit quantum computer would have the same processing power as
a conventional computer processing commands at 10 teraflops per second.
Quantum Computing
Needs to use algorithms that exploit its power of quantum parallelism:
Shor’s Algorithm (1994)
- Can be used to quickly factorise large numbers (exponential speedup)
- Significant implications for current cryptographic techniques
Grover’s Algorithm(1996)
- Can be used to search an unsorted database faster than a conventional
computer (quadratic speedup - O(N1/2) time rather than O(N) )
Peter Shor
Quantum Computing
Problems with Quantum Computing
- Difficult to realise on a large scale due to decoherence,
i.e. unwanted interaction between the system and the environment,
which introduces errors
- Also difficult to maintain the lifetime of information
- Observing quantum particles changes the outcome => difficult to verify
- In quantum communications the
transmission distance is limited
(eg, photons are transmitted through
fibre-optic cables and over long
distances the signal fades)
Quantum Computing – recent breakthroughs
- Largest number yet to be factored into its primes by a quantum algorithm
- RSA Lab’s largest published semi-prime contains 617 decimal digits (2058 bits)
> Impossible to factorise using classical computing
> Would be possible using quantum computing as it could run all the necessary
calculations in parallel.
Quantum Computing – recent breakthroughs
- Uses both classical communication and quantum entanglement, i.e. multiple
particles that are linked together such that the measurement of one particle’s
quantum state determines the states of the other particles.
- Achieved across free-space between La Palma & Tenerife
(making path between satellites and a ground station more feasible)
- Quantum communications has been demonstrated over 250km via fibre optics
Quantum Computing – recent breakthroughs
- A quantum memory state held stable at room temp for 39 minutes, almost 100
times longer than previous record (and 3 hours at cryogenic temperatures)
- Not long, but in this amount of time, could run >20M calculations
Quantum Computing – recent breakthroughs
D-Wave’s current model billed
as a 512-qubit machine (2012).
Bought by Lockheed Martin &
Google/NASA
Difficult to verify if performing
quantum operations or not!
Has shown significant speed-ups
but only for certain calculations
Has helped to advance the
research in Quantum Computing
The World’s First Quantum Computer ???
Quantum Computing – NSA’s Efforts
NSA funding a $79.7 million research program to build a ‘crytologically
useful quantum computer’
S. Rich, B.Gellman, The Washington Post
Post-Quantum Cryptography
Need for Post-Quantum Cryptography
What happens when quantum computers become a reality
10/15 years from now?
Commonly used public-key cryptographic algorithms
(based on integer factorisation and discrete log problem) such as:
RSA, DSA, Diffie-Hellman Key Exchange, ECC, ECDSA
will be vulnerable to Shor’s algorithm and will no longer be secure.
Symmetric algorithms appear to be secure against quantum
computers (and Grover’s algorithm) by simply increasing
the associated key sizes.
But what about key exchange?
What is Post-Quantum Cryptography?
Post Quantum Cryptography
 Quantum Cryptography
Ref:
http://swissquantum.idquantique.com/IMG/jpg/bb84.jpg
Disadvantages of Quantum Crypto:
Expensive, assumes authentication, limited distance, etc..
What is Post-Quantum Cryptography?
Post Quantum Cryptography algorithms refer to conventional
non-quantum cryptographic algorithms that remain secure even
after practical quantum computing is a reality.
Main types of post quantum cryptography (public-key algorithm
and signature schemes):
• Code-based
• Hash-based
• Multivariate-quadratic
• Lattice-based
Post-Quantum Cryptography
Code-Based Cryptography
- Based on difficulty in decoding a random linear code
- Both encryption and signature schemes. Encryption schemes include:
McEliece (1978); Niederreiter (1986); and variants
- Niederreiter most efficient
- Relatively large public key sizes (65/192kBytes for 80/128-bit security)
Advantages/Disadvantages
- Most mature PQ Crypto
- Rarely used in practice due to large public key sizes
Post-Quantum Cryptography
Hash-Based Cryptography
- Security relies on collision resistance of cryptographic hash function
- Only signature schemes exist, such as:
Merkle signature schemes (1989); CMSS (2006); XMSS(2011)
- Based on one-time signature (OTS) schemes; however, in these each key
can only be used once
- Combined with hash trees, key can be used to sign multiple messages
- Relatively small public/private key sizes (eg 46 Bytes – 7568 Bytes)
Advantages/Disadvantages
- Most promising PQ signature schemes
- Limited use of each public key
Post-Quantum Cryptography
Multivariate-Quadratic Cryptography
- Based on difficulty in solving a set of nonlinear MQ equations
- Only signature schemes exist, such as:
Oil and Vinegar (1997); Rainbow (2005);
Quartz/HFE (1996); Matsumoto-Imai (1998)
- Large public and private key sizes (up to 75kBytes)
Advantages/Disadvantages
- Underlying operations can be implemented efficiently
(more efficient than ECC/RSA)
- Not suitable for embedded devices due to large key sizes
Post-Quantum Cryptography
Lattice-based Cryptography
- Based on shortest vector problem/closest vector problem
- Both encryption and signature schemes.
Encryption schemes include:
NTRU (1996); LWE (2005); R-LWE (2010);
- Recent advances with ideal lattices have made
them more practical
- Large public /private key sizes (up to 732kBytes)
Advantages/Disadvantages
- Underlying operations can be implemented efficiently
- Most promising PQ crypto, attracting most interest in research community
Post-Quantum Cryptography
Summary
- Code-based most mature PQ crypto
- Lattice-based most promising:
> standardised in 2008 (IEEE Std 1363.1)
> it allows for other constructions/applications beyond public-key
encryption, eg. identity-based encryption, homomorphic encryption.
Challenges in Post-Quantum Cryptography
- Further security analysis of PQ crypto algorithms needed
- Suitable parameter choices still an open research problem – currently use
relatively large key sizes
- Optimal and practical PQ algorithm implementations are needed
- Resistance of PQ crypto architectures to physical/side-channel leakages
Post-Quantum Cryptography
Fully Homomorphic Encryption
Accelerating
WhatFully
is Fully Homomorphic
Homomorphic Encryption?
Encryption (FHE)
- In 2009, Craig Gentry using lattice-based cryptography showed the
first fully homomorphic encryption scheme
- Fully homomorphic encryption allows computations on encrypted
data, allowing privacy of encrypted data stored on the cloud.
- Significant potential, but:
 Key generation can take over 2 hours
 Very large public-key sizes (10MB to 2GB)
 Long encryption time (up to 7 mins)
 Memory to store parameters an issue
- Need for optimised and practical
implementations
Accelerating
Fully
Accelerating
FullyHomomorphic
Homomorphic Encryption
Encryption (FHE)
Current research at CSIT
Accelerating main underlying primitives in integer-based FHE
i.e. large-integer multiplication and modular reduction
Parameter Toy
Small
Medium
Large
936
1476
2016
2556
150000
830000
4200000
19350000
158
572
2110
7659
Public key
sizes >19GBits
Accelerating
Fully
Accelerating
FullyHomomorphic
Homomorphic Encryption
Encryption (FHE)
Current research at CSIT
Proposed an improved Low Hamming Weight Multiplier Architecture
bi can be taken to be a LHW integer with max HW of 15
Parameter Toy
Small
Medium
Large
936
1476
2016
2556
150000
830000
4200000
19350000
158
572
2110
7659
Accelerating
Fully
Accelerating
FullyHomomorphic
Homomorphic Encryption
Encryption (FHE)
Toy
Small
Medium
Large
Proposed
Design
with
256-pt FFT
with
256-pt FFT
with
512-pt FFT
with
1024-pt FFT
Time (s)
No. of Slice
Registers
No. of Slice
LUTs
No. of
DSP48E1s
RAM access
bit width
0.0014
58572
136779
544
8479
0.0255
58572
136779
544
8479
0.47
63528
144379
608
8479
7.88
68467
153771
672
8479
All designs fit easily on a Xilinx Virtex-7 XC7VX1140T device
Group
Toy
Small
Medium
Large
This work: Xilinx Virtex 7
0.0014s
0.0255s
0.47 s
7.88 s
Ref: Intel Core 2 Duo
0.05 s
1.0 s
21 s
7 min 15 s
GPU Platform
1.69 s
x55 improvement in speed over reference s/w design for Large parameters
x66 improvement in speed over GPU-based design
Accelerating Fully Homomorphic
Encryption (FHE)
http://acmtecs.acm.org/specialissues/14/embcrypt2014.html
Related documents
Quantum Mechanics: What`s It Good For?
Quantum Mechanics: What`s It Good For?
Abstract
Abstract
Golden Age of Algorithms
Golden Age of Algorithms
Double quantum dot
Double quantum dot
The Future of Computer Science, and Why Every
The Future of Computer Science, and Why Every
Theory of Everything .
Theory of Everything .
Download
advertisement