Quantum Computing's Impact on Traditional Cryptography, Slides of Cryptography and System Security

Download Quantum Computing's Impact on Traditional Cryptography and more Slides Cryptography and System Security in PDF only on Docsity!

Quantum

Cryptography

2

Quantum Taketh Away...

All well studied computationally-secure crypto-systems cracked with hypothetical quantum computers ( Q = QUANTUM below)

FACTORING Q PT

Rabin cracked

RSA cracked

DLOG QPT

Dlog hash function cracked

El-Gamal cracked

Diffie-Helman key exchange cracked

Elliptic curve cryptography cracked

4

Solubility of Hidden

Kernel Problem

THM: If a QPT algorithm exists for carrying out the transformation U for a given ψ, then there is a QPT algorithm for solving the associated hidden kernel problem for ψ. For a proof see [Nielsen & Chuang §5.4.3] Necessary condition: For this to make sense, U needs to be carried out by a quantum algorithm, so must be a unitary transformation. LEMMA: U is a unitary transformation.

5

DLOG ≤

Hidden Kernel

INPUT: Prime p , primitive , any OUTPUT: ψ for which solving Hidden-Kernel gives d = Use index-calculus. Let I = {indices mod p - 1 } =

G =

H =

Z

p − 1

! ∈ Z

∗ p

! ∈ Z

∗ p

dlog

!

(") mod p

I × I

Z ∗ p

K = {( x , y ) |!

x

y

= 1 } = {( x , y ) |!

x

dy

= {( x , y ) |! x + dy = 1 } = subgroup generated by (− d , 1 )

!( x , y ) = "

x

y

7

FIND-ORDER ≤

Hidden Kernel

STAGE 2) Order of a is the generator of following kernel K :

G =

H = image of ψ in

K = ker(ψ) = subgroup generated by ord( a ) Z Z ∗ n

!( x ) = a

x

mod n

8

...Quantum Giveth

Using Heisenberg’s uncertainty principle can design a key exchange protocol provably secure against eavesdropping. Basic set-up:

1. Alice sends Bob photons across an insecure quantum channel eavesdropped by Eve.
2. Bob replies with measurement type list.
3. Alice returns list of valid measurement types, and tamper-check list
4. If no tampering, now have common key Phase 1 across a “quantum channel”; Phases 2-4 classical broadcasts

10

Alice Part 1

Quantum Channel

Suppose require k expected rand. secret bits.

Alice prepares 8 k random secret bits.

First 4 k rand. bits represent random phases

Second 4 k bits represent spins

Alice prepares and transmits 4 k photons: 1 0 1 1 0 1 0 0 1 0 1 1 0 1 1 1 0 1 0 0 0 1 0 0 1 0 1 1 0 1 0 0 1 0 1 1 ×^ +^ ×^ ×^ +^ ×^ +^ +^ ×^ +^ ×^ × 0 1 1 1 0 1 0 0 0 1 0 0 × + × × + × + + × + × ×

11

Bob Part 2

Classical Channel

Prepares 4 k random phases:

Reads Alice’s photons with respect to phase guesses:

Sends his phase-guess information to Alice:

• • × + × × × + × × × + 0 1 1 1 0 1 0 0 0 1 0 0 × + × × + × + + × + × ×
• • × + × × × + × × × + ? 1 1?? 1? 0 0? 0?
• • × + × × × + × × × +

13

Bob Part 4

Classical Channel

Bob checks the detection bits against his corresponding measurements:

If all bits agree, sends “ACCEPT” signal and uses remaining error-free bits for shared key: K = “ 100” **? 1 1?? 1? 0 0? 0?

• 1 1 + × 0 ? 1 1?? 1? 0 0? 0?**

14

Bob Part 4

If Eavesdropped

If Eve observed quantum channel, when she guesses the wrong phase has 50% probability of re-transmitting the wrong bit (e.g. guesses alternating phases “+×+×...”)

Eve has 50% prob. of guessing wrong phase for each detection bit.

Bob has 25% prob. of detecting wrong bit, per eavesdropped bit. If so sends “FAIL” 0 1 1 1 0 1 0 0 0 1 0 0 × + × × + × + + × + × ×

• × + × + × + × + × + × 1? 1 0?? ? 1 1?? 1? 0 0? 0?