SlideShare a Scribd company logo
1 of 59
Download to read offline
CNIT 141
Cryptography for Computer Networks
14. Quantum and Post-Quantum
Updated 12-3-20
Topics
• How Quantum Computers Work
• Quantum Speed-Up
• Whi Is It So Hard tp Build a Quantum
Computer?
• Post-Quantum Cryptographic Algorithms
• How Things Can Go Wrong
How Quantum Computers
Work
Digital Computing
Logic Gates
NOT
AND
XOR
• From Wikibooks (link Ch 14a)
Digital Adder
• From geeksforgeeks.com (link Ch 14b)
Analog to Digital
• Real devices are
analog
• Digital circuits
minimize time
spent in the
"forbidden zone"
• Error correction is needed
• From Wikipedia (link Ch 14c)
Analog Computing
• The Antikythera
mechanism,
dating between
150 and 100 BC,
was an early
analog computer.
• From Wikipedia
(link Ch 14d)
Slide Rule
• How many bits does it process?
Flute
• Input: white noise
• Output: clear note
• Analog Fourier transform
• How many bits does it process?
Qubit
Bloch Sphere
• Certain states
|0> and |1>
are at the top and
bottom
• Uncertain or
superposition states
are in between
• Collapses to 1 or 0
when measured
Range of States
• Digital computing
• One byte has 8 bits of information
• 256 possible states
• 8 qubits
• Qubit might have any possible value
• 256 complex numbers required to specify
state
Range of States
• Digital computing
• n bits contains n bits of information
• n qubits
• Contain 2n complex floating-point values
Quantum Algorithm
Measurement
180° rotation about X axis: Bit-flip
Hadamard gate
180° rotation about X-Z axis: Bit-flip
Converts a certain state to a superposition
state
Quantum
Gates
Quantum Speed-Up
Searching a List
• Searching an unordered list of n items
• Classical computer
• n/2 operations
• Quantum computer:
• sqrt(n) operations
• Using Grover's algorithm
Simon's Problem
• Similar to hash collisions
• Given a function f()
• Find m such that
• For all x, y satisfying f(x) = f(y)
• Then
Simon's Problem
• Classical computer
• Takes 2n/2 operations
• Quantum computer
• Takes n operations
Shor's Algorithm
• Factors numbers into prime factors
• Solves Discrete Logarithm Problem (DLP)
• And the Elliptic Curve DLP
• Breaks RSA, Diffie-Hellman, ECC
• And all currently deployed public-key
algorithms
Shor's Algorithm
• 7 x 13 mod 15
• Link Ch 14e
Breaking AES-128
• Brute-force search
• Try all 2128 possible keys
• Classical: requires 2128/2 calculations
• Grover's algorithm
• Quantum: requires 264 calculations
Grover's Algorithm
• Can break symmetric encryption and reverse
hashes
• Requires 2n/2 calculations
Double Key Length
• Even with a quantum computer, breaking
AES-256 or SHA-256
• Requires 2128 calculations
Why Is It So Hard to Build
a Quantum Computer?
Noise
• Google and IBM form Qubits are formed from
superconducting circuits
• Must be cooled to extremely low
temperatures
• Only stable for a few milliseconds
• Another method uses ion traps
Post-Quantum
Cryptographic Algorithms
A Different Hard Problem
• Can't be based on the Discrete Logarithm
Problem
• Four types
• Code-Based
• Lattice-Based
• Multivariate
• Hash-Based
Code-Based
• Based on error-correcting codes
• First one: McEliece developed in 1978
• Still unbroken
• Can be used for encryption and signatures
• Public key is 100 KB in size
Error-Correcting Code
• You want to send a three-bit message 010
• Over a noisy channel
• One method: send every bit three times
• 000111000
• If a single bit is wrong, the other two will
outvote it
• But if two errors occur the system fails
Linear Codes
• Word contains n bits
• Treat it as a vector v
• Multiply the word by a matrix G
• To form code word w = vG
• Can correct multi-bit errors
McEleice Encryption
• G is a secret combination of three matrices
• G = ABC
• Encryption is w = vG + e
• e is a random error bit
• G is the pubic key
• A B C are the private keys
McEleice Encryption
• Relies on the hardness of decoding a linear
code with insufficient information
• Known to be NP-complete
• Beyond the reach of quantum computers
Lattice-Based
• A Lattice is a set of points with a periodic
structure
Closest Vector Problem
(CVP)
• Problem: Combine basis vectors to find the
lattice point closest to a point
Short Integer Solution
(SIS)
• A is a random matrix
• q is a prime number
• b is a vector
• Problem: Given A and b
• Find a secret vector s such that
b = As mod q
Learning With Errors
(LWE)
• Problem: Given A and b
• Find a secret vector s such that
b = As + e mod q
• e is a random vector of noise
Lattice-Based
Cryptography
• These three problems are somewhat
equivalent
• Believed to be hard for both classical and
quantum computers
• But perhaps only in the hardest cases
• And finding approximate solutions might be
easier
Multivariate
• Four unknowns, and four random quadratic
equations
• Solving this may be a hard problem
Multivariate Limitations
• Actual hardness depends on the parameters
• Number of equations
• Size and type of numbers
• Choosing secure parameters is hard
• More than one multivariate scheme has
been broken
Multivariate Limitations
• Not used in major apps
• Concerns about security
• Often slow or requires tons of memory
• Benefit: produces short signatures
Hash-Based
• Based on difficulty of finding hash collisions
• Quantum computers cannot break hash
functions
• Hash-based cryptographic schemes are
complex
Winternitz One-Time
Signature (WOTS)
• Private key can be used only once
• To sign one message
• Message M is a number from 0 to w - 1
• w is a parameter of the scheme
• K is the private key
• Signature is formed by hashing K with M rounds
Hash(Hash(Hash( ... Hash(K) ... ))
• Public key is formed by hashing K with w rounds
WOTS Limitations
• Signatures can be forged
• Hash the signature of M to create the
signature of M + 1
WOTS Limitations
• Only works for short messages
• If message has 8 bits, you must calculate
• 28 - 1 = 255 rounds of hashing
• If message has 128 bits
• 2128 - 1 rounds of hashing
• Must break long messages into several
smaller ones
WOTS Limitations
• Only works once
• If a private key is used twice
• Attacker can combine those signatures to
forge other messages
• There is no simple way to fix this problem
Hash-Based Schemes
• State-of-the-art schemes use more complex
versions of WOTS
• With tree data structures
• And sophisticated techniques to sign
different messages with different keys
• SPHINCS is a state-of-the-art scheme
• Signatures are dozens of KB long
How Things Can Go
Wrong
Unclear Security Level
• Security proofs are often asymptotic
• Only true for large values of parameters
• Such as the dimension of the lattice
• In practice, smaller values are used
• Difficult to quantify the level of security
• Attacks on new schemes, like lattices, are not
well understood
Too Late?
• Post-quantum encryption is more important
than post-quantum signatures
• Signatures can be revoked & replaced
• Old encrypted data can be archived and
broken years later
• In practice, Diffie-Hellman often uses more
than the shared secret to form the session key
• Safer against quantum computers
Implementation Issues
• Some post-quantum encryption
implementations have been optimized for
speed
• And are vulnerable to timing attacks
• Post-quantum algorithms will be less secure
than older algorithms at first
• Began in 2016
• Plan: standard will be chosen in 2022
• https://nvlpubs.nist.gov/nistpubs/ir/2020/
NIST.IR.8309.pdf
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum

More Related Content

What's hot

CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum Sam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesSam Bowne
 
CNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic CurvesCNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic CurvesSam Bowne
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingSam Bowne
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsCNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsSam Bowne
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSASam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesSam Bowne
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionSam Bowne
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2Hamed Moghaddam
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 

What's hot (20)

CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic Curves
 
CNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic CurvesCNIT 141: 12. Elliptic Curves
CNIT 141: 12. Elliptic Curves
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed Hashing
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 141 9. Hard Problems
CNIT 141 9. Hard ProblemsCNIT 141 9. Hard Problems
CNIT 141 9. Hard Problems
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSA
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream Ciphers
 
CNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic CurvesCNIT 141 12. Elliptic Curves
CNIT 141 12. Elliptic Curves
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated Encryption
 
CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 

Similar to CNIT 141: 14. Quantum and Post-Quantum

Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
ITFT_Data Link Layer issues
ITFT_Data Link Layer  issuesITFT_Data Link Layer  issues
ITFT_Data Link Layer issuesSneh Prabha
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers Sam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
ASRG SOS 2022 Encrypted messaging on CAN bus
ASRG SOS 2022 Encrypted messaging on CAN busASRG SOS 2022 Encrypted messaging on CAN bus
ASRG SOS 2022 Encrypted messaging on CAN busKenTindell
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutannewbie2019
 
Network_Layer_and_Internet_Protocols_IPv.pptx
Network_Layer_and_Internet_Protocols_IPv.pptxNetwork_Layer_and_Internet_Protocols_IPv.pptx
Network_Layer_and_Internet_Protocols_IPv.pptx20CE112YASHPATEL
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInJay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInLinkedIn
 

Similar to CNIT 141: 14. Quantum and Post-Quantum (20)

Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Voldemort Nosql
Voldemort NosqlVoldemort Nosql
Voldemort Nosql
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
ITFT_Data Link Layer issues
ITFT_Data Link Layer  issuesITFT_Data Link Layer  issues
ITFT_Data Link Layer issues
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
ASRG SOS 2022 Encrypted messaging on CAN bus
ASRG SOS 2022 Encrypted messaging on CAN busASRG SOS 2022 Encrypted messaging on CAN bus
ASRG SOS 2022 Encrypted messaging on CAN bus
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
WEEK-01.pdf
WEEK-01.pdfWEEK-01.pdf
WEEK-01.pdf
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
Network_Layer_and_Internet_Protocols_IPv.pptx
Network_Layer_and_Internet_Protocols_IPv.pptxNetwork_Layer_and_Internet_Protocols_IPv.pptx
Network_Layer_and_Internet_Protocols_IPv.pptx
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInJay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
 

More from Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

An Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPAn Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPCeline George
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroomSamsung Business USA
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineCeline George
 
ClimART Action | eTwinning Project
ClimART Action    |    eTwinning ProjectClimART Action    |    eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...HetalPathak10
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxryandux83rd
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

An Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERPAn Overview of the Calendar App in Odoo 17 ERP
An Overview of the Calendar App in Odoo 17 ERP
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
 
ClimART Action | eTwinning Project
ClimART Action    |    eTwinning ProjectClimART Action    |    eTwinning Project
ClimART Action | eTwinning Project
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...
Satirical Depths - A Study of Gabriel Okara's Poem - 'You Laughed and Laughed...
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
Employablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptxEmployablity presentation and Future Career Plan.pptx
Employablity presentation and Future Career Plan.pptx
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
 

CNIT 141: 14. Quantum and Post-Quantum

  • 1. CNIT 141 Cryptography for Computer Networks 14. Quantum and Post-Quantum Updated 12-3-20
  • 2. Topics • How Quantum Computers Work • Quantum Speed-Up • Whi Is It So Hard tp Build a Quantum Computer? • Post-Quantum Cryptographic Algorithms • How Things Can Go Wrong
  • 4. Digital Computing Logic Gates NOT AND XOR • From Wikibooks (link Ch 14a)
  • 5. Digital Adder • From geeksforgeeks.com (link Ch 14b)
  • 6. Analog to Digital • Real devices are analog • Digital circuits minimize time spent in the "forbidden zone" • Error correction is needed • From Wikipedia (link Ch 14c)
  • 7. Analog Computing • The Antikythera mechanism, dating between 150 and 100 BC, was an early analog computer. • From Wikipedia (link Ch 14d)
  • 8. Slide Rule • How many bits does it process?
  • 9. Flute • Input: white noise • Output: clear note • Analog Fourier transform • How many bits does it process?
  • 10. Qubit Bloch Sphere • Certain states |0> and |1> are at the top and bottom • Uncertain or superposition states are in between • Collapses to 1 or 0 when measured
  • 11. Range of States • Digital computing • One byte has 8 bits of information • 256 possible states • 8 qubits • Qubit might have any possible value • 256 complex numbers required to specify state
  • 12. Range of States • Digital computing • n bits contains n bits of information • n qubits • Contain 2n complex floating-point values
  • 14. Measurement 180° rotation about X axis: Bit-flip Hadamard gate 180° rotation about X-Z axis: Bit-flip Converts a certain state to a superposition state Quantum Gates
  • 16. Searching a List • Searching an unordered list of n items • Classical computer • n/2 operations • Quantum computer: • sqrt(n) operations • Using Grover's algorithm
  • 17. Simon's Problem • Similar to hash collisions • Given a function f() • Find m such that • For all x, y satisfying f(x) = f(y) • Then
  • 18. Simon's Problem • Classical computer • Takes 2n/2 operations • Quantum computer • Takes n operations
  • 19.
  • 20. Shor's Algorithm • Factors numbers into prime factors • Solves Discrete Logarithm Problem (DLP) • And the Elliptic Curve DLP • Breaks RSA, Diffie-Hellman, ECC • And all currently deployed public-key algorithms
  • 21. Shor's Algorithm • 7 x 13 mod 15 • Link Ch 14e
  • 22. Breaking AES-128 • Brute-force search • Try all 2128 possible keys • Classical: requires 2128/2 calculations • Grover's algorithm • Quantum: requires 264 calculations
  • 23. Grover's Algorithm • Can break symmetric encryption and reverse hashes • Requires 2n/2 calculations
  • 24. Double Key Length • Even with a quantum computer, breaking AES-256 or SHA-256 • Requires 2128 calculations
  • 25. Why Is It So Hard to Build a Quantum Computer?
  • 26. Noise • Google and IBM form Qubits are formed from superconducting circuits • Must be cooled to extremely low temperatures • Only stable for a few milliseconds • Another method uses ion traps
  • 27.
  • 28.
  • 29.
  • 30.
  • 32. A Different Hard Problem • Can't be based on the Discrete Logarithm Problem • Four types • Code-Based • Lattice-Based • Multivariate • Hash-Based
  • 33. Code-Based • Based on error-correcting codes • First one: McEliece developed in 1978 • Still unbroken • Can be used for encryption and signatures • Public key is 100 KB in size
  • 34. Error-Correcting Code • You want to send a three-bit message 010 • Over a noisy channel • One method: send every bit three times • 000111000 • If a single bit is wrong, the other two will outvote it • But if two errors occur the system fails
  • 35. Linear Codes • Word contains n bits • Treat it as a vector v • Multiply the word by a matrix G • To form code word w = vG • Can correct multi-bit errors
  • 36. McEleice Encryption • G is a secret combination of three matrices • G = ABC • Encryption is w = vG + e • e is a random error bit • G is the pubic key • A B C are the private keys
  • 37. McEleice Encryption • Relies on the hardness of decoding a linear code with insufficient information • Known to be NP-complete • Beyond the reach of quantum computers
  • 38. Lattice-Based • A Lattice is a set of points with a periodic structure
  • 39. Closest Vector Problem (CVP) • Problem: Combine basis vectors to find the lattice point closest to a point
  • 40. Short Integer Solution (SIS) • A is a random matrix • q is a prime number • b is a vector • Problem: Given A and b • Find a secret vector s such that b = As mod q
  • 41. Learning With Errors (LWE) • Problem: Given A and b • Find a secret vector s such that b = As + e mod q • e is a random vector of noise
  • 42. Lattice-Based Cryptography • These three problems are somewhat equivalent • Believed to be hard for both classical and quantum computers • But perhaps only in the hardest cases • And finding approximate solutions might be easier
  • 43. Multivariate • Four unknowns, and four random quadratic equations • Solving this may be a hard problem
  • 44. Multivariate Limitations • Actual hardness depends on the parameters • Number of equations • Size and type of numbers • Choosing secure parameters is hard • More than one multivariate scheme has been broken
  • 45. Multivariate Limitations • Not used in major apps • Concerns about security • Often slow or requires tons of memory • Benefit: produces short signatures
  • 46. Hash-Based • Based on difficulty of finding hash collisions • Quantum computers cannot break hash functions • Hash-based cryptographic schemes are complex
  • 47. Winternitz One-Time Signature (WOTS) • Private key can be used only once • To sign one message • Message M is a number from 0 to w - 1 • w is a parameter of the scheme • K is the private key • Signature is formed by hashing K with M rounds Hash(Hash(Hash( ... Hash(K) ... )) • Public key is formed by hashing K with w rounds
  • 48. WOTS Limitations • Signatures can be forged • Hash the signature of M to create the signature of M + 1
  • 49. WOTS Limitations • Only works for short messages • If message has 8 bits, you must calculate • 28 - 1 = 255 rounds of hashing • If message has 128 bits • 2128 - 1 rounds of hashing • Must break long messages into several smaller ones
  • 50. WOTS Limitations • Only works once • If a private key is used twice • Attacker can combine those signatures to forge other messages • There is no simple way to fix this problem
  • 51. Hash-Based Schemes • State-of-the-art schemes use more complex versions of WOTS • With tree data structures • And sophisticated techniques to sign different messages with different keys • SPHINCS is a state-of-the-art scheme • Signatures are dozens of KB long
  • 52. How Things Can Go Wrong
  • 53. Unclear Security Level • Security proofs are often asymptotic • Only true for large values of parameters • Such as the dimension of the lattice • In practice, smaller values are used • Difficult to quantify the level of security • Attacks on new schemes, like lattices, are not well understood
  • 54. Too Late? • Post-quantum encryption is more important than post-quantum signatures • Signatures can be revoked & replaced • Old encrypted data can be archived and broken years later • In practice, Diffie-Hellman often uses more than the shared secret to form the session key • Safer against quantum computers
  • 55. Implementation Issues • Some post-quantum encryption implementations have been optimized for speed • And are vulnerable to timing attacks • Post-quantum algorithms will be less secure than older algorithms at first
  • 56. • Began in 2016 • Plan: standard will be chosen in 2022 • https://nvlpubs.nist.gov/nistpubs/ir/2020/ NIST.IR.8309.pdf