SlideShare a Scribd company logo

Emily Stamm - Post-Quantum Cryptography

CSNP
CSNP

This document provides an introduction to post-quantum cryptography. It discusses how quantum computers could break current public key cryptography and outlines several approaches to post-quantum cryptography, including lattice-based, code-based, multivariate, hash-based, and isogeny-based cryptography. It summarizes the National Institute of Standards and Technology's post-quantum cryptography standardization project and competition, which is evaluating these approaches.

1 of 33
Download to read offline
Emily Stamm Allstate Information Security January 9, 2020 Post-Quantum Cryptography
• Introduction to Cryptography • Quantum Computing • Post-Quantum Cryptography • Lattice-Based • Code-Based • Multivariate • Hash-Based • Isogeny-Based Outline
Introduction to Cryptography
Whatis Cryptography? Cryptography from Greek kryptós "hidden / secret” and graphein, "to write” • From the Caesar Shift 2000 yearsago • To the Lorenz Cipher Machinein WWII • To today:’secure communicationin presence of third parties’
Cryptography Today Confidentiality:restrict the access of information Integrity:verify that data has not been altered (maliciously or accidentally) Authentication: verify the identity of a party Types of Cryptography 1. Public Key Cryptography (Asymmetric) 2. Secret Key Cryptography (Symmetric) 3. Cryptographic Hashing
Hard Math Problems: the strengthof the algorithm relies on the hardness of some underlying math problem What is Good Cryptography? Proper Implementation: algorithms must be correctly implemented so as not to leak information Key Secrecy: secret piece of information (key) used to uncover information
What is Public Key Cryptography? • Key to encrypt and the key to decrypt are different • Public Key:known to everyone • Private Key:known to parties accessing data • Digital signature version: private key to sign and public key to verify • Examples:RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography
Where is Public Key Cryptography Used? • Used anytime two or more parties need to communicate • ‘Parties’ aren’t necessarily people (browsers, servers, endpoints) • E.g. HTTPS, Firewalls, Routers, Printers, SSH, TLS, Bitcoin
Quantum Computing
Quantum Computing • A quantum computer is a computer based on quantum physics rather than classical physics • Instead of a bit uses a quantum bit or qubit The D-Wave 2000Q Quantum Computer IBM’s50-qubit quantum computer • Take advantage of quantum phenomenon to perform some tasks much more efficiently • E.g. entanglement, parallelism, interference
• Shor’s Algorithm: quantum factoring algorithm in ~4n3 time, 2n qubits • Reduces factoring to finding the period and breaks RSA • Efficiently computed using Quantum FourierTransform to reveal periodicities • Similaralgorithm for elliptic curve (n bit finite field) attack in ~ 360n3 time, 6n qubits • Similaralgorithmsfor all PKC based on (abelian) hidden subgroupproblem • Eventually all our current public key cryptography will be obsolete Effect on Cryptography IBM’s50-qubit quantum computer
• Quantum cryptography is cryptography that runs on a quantum computer • Security like no other form of cryptography by laws of quantum mechanics against quantum and classical attacks Quantum Cryptography Thor Labs, Quantum Cryptography Analogy Demonstration Kit
What is POST-QUANTUM CRYPTOGRAPHY? Problem: Quantum cryptography requires a quantum computer, which is expensive, large, and requires extreme conditions Solution: Post-QuantumCryptography (PQC) cryptography that runs on current computers and is secure against classical and quantum attacks Kahn, 2019
Post-Quantum Cryptography
NIST Competition for Post-QuantumCryptography (PQC) Currently evaluatingand eliminatingcryptosystems 5 levelsof security Encryption/Key Exchange and Signatures Identify hardnessassumptions that are not broken by quantum computers Build cryptosystems based on these problems Prove security against quantumand classical attacks
Why Switch to PQC Now? 1. PQC works on current computers 2. More secure against quantum and classical attacks 3. It’s hard to estimate when quantum threat will occur 4. Transitioning cryptography takes many years 5. Some implementations may not be able to switch cryptography in time eg: a satellite goes into space for 30 years 6. Government agencies announced switch to PQC based on NIST results
NIST Competition Currently Encryption Signatures Overall Lattice: 9 3 12 Code: 7 0 7 Multivariate: 0 4 4 Hash: 0 2 2 Isogeny: 1 0 1 Total 17 9 26
Lattice-Based Cryptography • Cryptography based on hard lattice problems • 1996: NTRU (Hoffstein,Pipher, Silverman) • NIST: 9 Encryption, 3 Digital Signatures • Pros • Efficient, simple, adaptable • Secure: some schemes as secure as worst-case lattice problems • Cons • Large key sizes
Lattice
Hard LatticeProblems • Shortest Vector Problem (SVP): Given a basis for a lattice, find the shortest nonzero vector in the lattice. • Given a ‘bad’ basis, this is NP-hard • Closest Vector Problem (CVP): Given a basis for a lattice and a target vector, find the closest lattice vector. • Generalization ofSVP – same hardness • Special Case is Bounded Decoding Distance (BDD) Problem: Given a basis for a latticeand target vector of distance at most m to the lattice, find the closest lattice vector. SVP CVP
• b1 = <a1, s> + e1 mod q • b2 = <a2, s> + e2 mod q • … • bm= <am, s> + em mod q • Each ai is a random vector • The s is the secret vector • Each ei is the error term – a small random number • Problem: Given the pairs (ai,bi) for i = 1, … , m, find the secret vector s • Formulated as a Bounded Distance Decoding lattice problem: Given A ={(ai)} a matrix, b = {(bi)} = As + e mod q, where is from e error distribution, Find target vector s close enough to latticegenerated by solutionsto y = As mod q Learning With Errors Buchanan 2018 s a1 a2 … am b1 b2 … bm e1 e2 … em
Alice Bob Bob sends ciphertext (a,b) to Alice Eve LWE Lattice Scheme Asymmetric Encryption & Decryption Alice sends public key to Bob Public Key: Recover s by solving Bounded Distance Decoding Problem 3. DECRYPTION Bob has bit x = 0 or 1 2. ENCRYPTION • b1 = <a1, s> + e1 mod q • b2 = <a2, s> + e2 mod q • … • bm= <am, s> + em mod q Private Key: 1. KEY GENERATION s
Lattice-based Encryption Schemes(9) Digital Signatures (3) • FrodoKEM: LWE • LAC: LWE • NewHope: Ring LWE • NTRU: Ring LWE • Kyber : Module LWE • Three Bears: Module LWE • Round5: Learning with Rounding (LWR) • NTRU Prime: Ring LWR • SABER: Module LWR • CRYSTALS-DILITHIUM : Module LWE • FALCON : Ring LWE • qTESLA : Ring LWE
Code-BasedCryptography • Cryptography based on error correcting codes: maps that ‘correct’ the error of an input i.e. f(x+e) = x for small error e • 1978: McEliece • NIST: 7 Encryption • Pros • Fast to encrypt/decrypt • Hardness well studied and understood (>40 years) • Cons • Large key sizes (10,000-1 million bits) • Classic McEliece • NTS-KEM • BIKE • HQC • LEDAcrypt • Rollo • RQC
Error Correcting Codes A map is error correcting if it sends an input (+/- small error) back to itself, that is, it ’corrects the error’
Alice Bob Bob sends ciphertext c to Alice Eve McEliece Code-based Scheme Asymmetric Encryption & Decryption Alice sends public key G to Bob Public Key: Find without knowing error e Private Key: 1. KEY GENERATION Public Key: 3. DECRYPTION Bob has message m vector 2. ENCRYPTION Given message m and small random error vector e, get ciphertext
MultivariateCryptography • Cryptography based on polynomial equations in multiple variables • 1998: C* (Matsumoto Imai) now broken but inspired other schemes • 1996: HFE Hidden Field Equations (Patarin) • NIST: 4 Digital Signatures • GeMSS • LUOV • MQDSS • Rainbow • Pros • Fast (much faster than RSA) • Small signature size • Operations are simple arithmetic • Cons • Large key sizes (80,000-800,000 bits) • Security analysis difficult
Hash-Based Cryptography • Cryptography based on hash functions • 1978: Combine one-time hash signatures with Merkle trees (Merkle) • NIST: 2 Digital Signatures • Picnic • SPHINCS+ • Pros • Only security assumption is security of hash function • Easily replace hash functions with newer/efficient/secure • Fast • Cons • Large private key and signatures • Only finite number of signatures
Isogeny-Based Cryptography • Cryptography based on maps between elliptic curves • 2011: SIDH Supersingular Isgoney Diffie-Hellman (De Feo, Jao, Plu) • NIST: 1 Encryption • SIKE (Supersingular Isogeny Key Exchange) • Pros • Smallest key sizes of all remaining cryptosystems:6,000 bits • Cons • Security problem upon which SIKE not been studied as much • Slower than manyother candidates Leuven,2019
CONCLUSIONS • Cryptography ensures secure communicationin the presence of third parties through difficult math problems • Quantum computer uses quantummechanics • Quantum algorithms(e.g. Shor’s Algorithm ) can break current public key cryptography(e.g. RSA, ECC) • Post-Quantum Cryptography runs on our current computers but is (conjectured) secure againstquantum and classical computers
Conclusions: PQC Types Lattice-Based Cryptography: Learning with Errors Code-Based Cryptography (encryption): Error Correcting Codes Multivariate Cryptography (signatures): Equations in Multiple Variables Hash-Based Cryptography (signatures): Hash functions and Merkle Trees Isogeny-Based Cryptography (encryption): Maps between Elliptic Curves
Emily Stamm Security Research Engineer | Allstate Vice President | CSNP Email: emily.stamm@cnsp.org Resources NIST PQC Competition: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography Thank You!
References Thor Labs https://www.thorlabs.com/newgrouppage9.cfm?objectgroup_id=9869 Jeremy Kahn 2018 https://www.bloomberg.com/news/articles/2018-06-29/why-quantum-computers-will-be-super-awesome-someday-quicktake Learning With Errors and Ring Learning With Errors Buchanan 2018 https://medium.com/asecuritysite-when-bob-met-alice/learning-with-errors-and-ring-learning-with-errors-23516a502406 Ku Leuven, ELLIPTIC CURVES ARE QUANTUM DEAD, LONG LIVE ELLIPTIC CURVES, 2019 CURVEShttps://www.esat.kuleuven.be/cosic/elliptic-curves-are-quantum-dead-long-live-elliptic-curves/

Recommended

Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Samy Shehata
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Martins Okoi
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityKamal Diwakar
 
Cryptography
CryptographyCryptography
Cryptography
gueste4c97e
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
Alexandre Augusto Giron
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 

Recommended

Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Samy Shehata
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
Martins Okoi
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityKamal Diwakar
 
Cryptography
CryptographyCryptography
Cryptography
gueste4c97e
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
Alexandre Augusto Giron
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 
Ch01
Ch01Ch01
Ch01n C
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
Sam Bowne
 
Ch02 classic nemo
Ch02 classic nemoCh02 classic nemo
Ch02 classic nemo
Samia Elsayed
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerQuantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Gokul Alex
 
Cryptography
CryptographyCryptography
Cryptography
IGZ Software house
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
James McGivern
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
vignans institute for management and technology for women
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
sahilnarvekar
 
Cryptography
CryptographyCryptography
Cryptography
KARNAN L S
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
Anas Rock
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
Asad Ali
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptographyShivangi Saxena
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Anisur Rahman
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5Mohamed El-Serngawy
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
NEHA PATEL
 
5967073.ppt
5967073.ppt5967073.ppt
5967073.ppt
MuhammadFahadNaeem1
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 

More Related Content

What's hot

Ch01
Ch01Ch01
Ch01n C
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
Sam Bowne
 
Ch02 classic nemo
Ch02 classic nemoCh02 classic nemo
Ch02 classic nemo
Samia Elsayed
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerQuantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Gokul Alex
 
Cryptography
CryptographyCryptography
Cryptography
IGZ Software house
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
James McGivern
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
vignans institute for management and technology for women
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
sahilnarvekar
 
Cryptography
CryptographyCryptography
Cryptography
KARNAN L S
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
Anas Rock
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
Asad Ali
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Anisur Rahman
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
NEHA PATEL
 

What's hot (20)

Ch01
Ch01Ch01
Ch01
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
Ch02 classic nemo
Ch02 classic nemoCh02 classic nemo
Ch02 classic nemo
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A PrimerQuantum Knowledge Proofs and Post Quantum Cryptography - A Primer
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
 
Cryptography
CryptographyCryptography
Cryptography
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
 

Similar to Emily Stamm - Post-Quantum Cryptography

5967073.ppt
5967073.ppt5967073.ppt
5967073.ppt
MuhammadFahadNaeem1
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
Sam Bowne
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Vishnu Pendyala
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
RobertCarreonBula
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
Sam Bowne
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Quantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdfQuantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdf
RonSteinfeld1
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Quantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief IntroductionQuantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief Introduction
Hedera Hashgraph
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
Sam Bowne
 
Cryptography for Everyone
Cryptography for EveryoneCryptography for Everyone
Cryptography for Everyone
Serkan Yıldırım
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
Sam Bowne
 

Similar to Emily Stamm - Post-Quantum Cryptography (20)

5967073.ppt
5967073.ppt5967073.ppt
5967073.ppt
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
 
Rsa
RsaRsa
Rsa
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Quantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdfQuantum_Safe_Crypto_Overview_v3.pdf
Quantum_Safe_Crypto_Overview_v3.pdf
 
RSA
RSARSA
RSA
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Quantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief IntroductionQuantum Computing & Cryptography: A Brief Introduction
Quantum Computing & Cryptography: A Brief Introduction
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
Cryptography for Everyone
Cryptography for EveryoneCryptography for Everyone
Cryptography for Everyone
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 

More from CSNP

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
CSNP
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
CSNP
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
CSNP
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
CSNP
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
CSNP
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
CSNP
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
CSNP
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
CSNP
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
CSNP
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 

More from CSNP (12)

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 

Emily Stamm - Post-Quantum Cryptography

  • 1. Emily Stamm Allstate Information Security January 9, 2020 Post-Quantum Cryptography
  • 2. • Introduction to Cryptography • Quantum Computing • Post-Quantum Cryptography • Lattice-Based • Code-Based • Multivariate • Hash-Based • Isogeny-Based Outline
  • 4. Whatis Cryptography? Cryptography from Greek kryptós "hidden / secret” and graphein, "to write” • From the Caesar Shift 2000 yearsago • To the Lorenz Cipher Machinein WWII • To today:’secure communicationin presence of third parties’
  • 5. Cryptography Today Confidentiality:restrict the access of information Integrity:verify that data has not been altered (maliciously or accidentally) Authentication: verify the identity of a party Types of Cryptography 1. Public Key Cryptography (Asymmetric) 2. Secret Key Cryptography (Symmetric) 3. Cryptographic Hashing
  • 6. Hard Math Problems: the strengthof the algorithm relies on the hardness of some underlying math problem What is Good Cryptography? Proper Implementation: algorithms must be correctly implemented so as not to leak information Key Secrecy: secret piece of information (key) used to uncover information
  • 7. What is Public Key Cryptography? • Key to encrypt and the key to decrypt are different • Public Key:known to everyone • Private Key:known to parties accessing data • Digital signature version: private key to sign and public key to verify • Examples:RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography
  • 8. Where is Public Key Cryptography Used? • Used anytime two or more parties need to communicate • ‘Parties’ aren’t necessarily people (browsers, servers, endpoints) • E.g. HTTPS, Firewalls, Routers, Printers, SSH, TLS, Bitcoin
  • 10. Quantum Computing • A quantum computer is a computer based on quantum physics rather than classical physics • Instead of a bit uses a quantum bit or qubit The D-Wave 2000Q Quantum Computer IBM’s50-qubit quantum computer • Take advantage of quantum phenomenon to perform some tasks much more efficiently • E.g. entanglement, parallelism, interference
  • 11. • Shor’s Algorithm: quantum factoring algorithm in ~4n3 time, 2n qubits • Reduces factoring to finding the period and breaks RSA • Efficiently computed using Quantum FourierTransform to reveal periodicities • Similaralgorithm for elliptic curve (n bit finite field) attack in ~ 360n3 time, 6n qubits • Similaralgorithmsfor all PKC based on (abelian) hidden subgroupproblem • Eventually all our current public key cryptography will be obsolete Effect on Cryptography IBM’s50-qubit quantum computer
  • 12. • Quantum cryptography is cryptography that runs on a quantum computer • Security like no other form of cryptography by laws of quantum mechanics against quantum and classical attacks Quantum Cryptography Thor Labs, Quantum Cryptography Analogy Demonstration Kit
  • 13. What is POST-QUANTUM CRYPTOGRAPHY? Problem: Quantum cryptography requires a quantum computer, which is expensive, large, and requires extreme conditions Solution: Post-QuantumCryptography (PQC) cryptography that runs on current computers and is secure against classical and quantum attacks Kahn, 2019
  • 15. NIST Competition for Post-QuantumCryptography (PQC) Currently evaluatingand eliminatingcryptosystems 5 levelsof security Encryption/Key Exchange and Signatures Identify hardnessassumptions that are not broken by quantum computers Build cryptosystems based on these problems Prove security against quantumand classical attacks
  • 16. Why Switch to PQC Now? 1. PQC works on current computers 2. More secure against quantum and classical attacks 3. It’s hard to estimate when quantum threat will occur 4. Transitioning cryptography takes many years 5. Some implementations may not be able to switch cryptography in time eg: a satellite goes into space for 30 years 6. Government agencies announced switch to PQC based on NIST results
  • 17. NIST Competition Currently Encryption Signatures Overall Lattice: 9 3 12 Code: 7 0 7 Multivariate: 0 4 4 Hash: 0 2 2 Isogeny: 1 0 1 Total 17 9 26
  • 18. Lattice-Based Cryptography • Cryptography based on hard lattice problems • 1996: NTRU (Hoffstein,Pipher, Silverman) • NIST: 9 Encryption, 3 Digital Signatures • Pros • Efficient, simple, adaptable • Secure: some schemes as secure as worst-case lattice problems • Cons • Large key sizes
  • 20. Hard LatticeProblems • Shortest Vector Problem (SVP): Given a basis for a lattice, find the shortest nonzero vector in the lattice. • Given a ‘bad’ basis, this is NP-hard • Closest Vector Problem (CVP): Given a basis for a lattice and a target vector, find the closest lattice vector. • Generalization ofSVP – same hardness • Special Case is Bounded Decoding Distance (BDD) Problem: Given a basis for a latticeand target vector of distance at most m to the lattice, find the closest lattice vector. SVP CVP
  • 21. • b1 = <a1, s> + e1 mod q • b2 = <a2, s> + e2 mod q • … • bm= <am, s> + em mod q • Each ai is a random vector • The s is the secret vector • Each ei is the error term – a small random number • Problem: Given the pairs (ai,bi) for i = 1, … , m, find the secret vector s • Formulated as a Bounded Distance Decoding lattice problem: Given A ={(ai)} a matrix, b = {(bi)} = As + e mod q, where is from e error distribution, Find target vector s close enough to latticegenerated by solutionsto y = As mod q Learning With Errors Buchanan 2018 s a1 a2 … am b1 b2 … bm e1 e2 … em
  • 22. Alice Bob Bob sends ciphertext (a,b) to Alice Eve LWE Lattice Scheme Asymmetric Encryption & Decryption Alice sends public key to Bob Public Key: Recover s by solving Bounded Distance Decoding Problem 3. DECRYPTION Bob has bit x = 0 or 1 2. ENCRYPTION • b1 = <a1, s> + e1 mod q • b2 = <a2, s> + e2 mod q • … • bm= <am, s> + em mod q Private Key: 1. KEY GENERATION s
  • 23. Lattice-based Encryption Schemes(9) Digital Signatures (3) • FrodoKEM: LWE • LAC: LWE • NewHope: Ring LWE • NTRU: Ring LWE • Kyber : Module LWE • Three Bears: Module LWE • Round5: Learning with Rounding (LWR) • NTRU Prime: Ring LWR • SABER: Module LWR • CRYSTALS-DILITHIUM : Module LWE • FALCON : Ring LWE • qTESLA : Ring LWE
  • 24. Code-BasedCryptography • Cryptography based on error correcting codes: maps that ‘correct’ the error of an input i.e. f(x+e) = x for small error e • 1978: McEliece • NIST: 7 Encryption • Pros • Fast to encrypt/decrypt • Hardness well studied and understood (>40 years) • Cons • Large key sizes (10,000-1 million bits) • Classic McEliece • NTS-KEM • BIKE • HQC • LEDAcrypt • Rollo • RQC
  • 25. Error Correcting Codes A map is error correcting if it sends an input (+/- small error) back to itself, that is, it ’corrects the error’
  • 26. Alice Bob Bob sends ciphertext c to Alice Eve McEliece Code-based Scheme Asymmetric Encryption & Decryption Alice sends public key G to Bob Public Key: Find without knowing error e Private Key: 1. KEY GENERATION Public Key: 3. DECRYPTION Bob has message m vector 2. ENCRYPTION Given message m and small random error vector e, get ciphertext
  • 27. MultivariateCryptography • Cryptography based on polynomial equations in multiple variables • 1998: C* (Matsumoto Imai) now broken but inspired other schemes • 1996: HFE Hidden Field Equations (Patarin) • NIST: 4 Digital Signatures • GeMSS • LUOV • MQDSS • Rainbow • Pros • Fast (much faster than RSA) • Small signature size • Operations are simple arithmetic • Cons • Large key sizes (80,000-800,000 bits) • Security analysis difficult
  • 28. Hash-Based Cryptography • Cryptography based on hash functions • 1978: Combine one-time hash signatures with Merkle trees (Merkle) • NIST: 2 Digital Signatures • Picnic • SPHINCS+ • Pros • Only security assumption is security of hash function • Easily replace hash functions with newer/efficient/secure • Fast • Cons • Large private key and signatures • Only finite number of signatures
  • 29. Isogeny-Based Cryptography • Cryptography based on maps between elliptic curves • 2011: SIDH Supersingular Isgoney Diffie-Hellman (De Feo, Jao, Plu) • NIST: 1 Encryption • SIKE (Supersingular Isogeny Key Exchange) • Pros • Smallest key sizes of all remaining cryptosystems:6,000 bits • Cons • Security problem upon which SIKE not been studied as much • Slower than manyother candidates Leuven,2019
  • 30. CONCLUSIONS • Cryptography ensures secure communicationin the presence of third parties through difficult math problems • Quantum computer uses quantummechanics • Quantum algorithms(e.g. Shor’s Algorithm ) can break current public key cryptography(e.g. RSA, ECC) • Post-Quantum Cryptography runs on our current computers but is (conjectured) secure againstquantum and classical computers
  • 31. Conclusions: PQC Types Lattice-Based Cryptography: Learning with Errors Code-Based Cryptography (encryption): Error Correcting Codes Multivariate Cryptography (signatures): Equations in Multiple Variables Hash-Based Cryptography (signatures): Hash functions and Merkle Trees Isogeny-Based Cryptography (encryption): Maps between Elliptic Curves
  • 32. Emily Stamm Security Research Engineer | Allstate Vice President | CSNP Email: emily.stamm@cnsp.org Resources NIST PQC Competition: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography Thank You!
  • 33. References Thor Labs https://www.thorlabs.com/newgrouppage9.cfm?objectgroup_id=9869 Jeremy Kahn 2018 https://www.bloomberg.com/news/articles/2018-06-29/why-quantum-computers-will-be-super-awesome-someday-quicktake Learning With Errors and Ring Learning With Errors Buchanan 2018 https://medium.com/asecuritysite-when-bob-met-alice/learning-with-errors-and-ring-learning-with-errors-23516a502406 Ku Leuven, ELLIPTIC CURVES ARE QUANTUM DEAD, LONG LIVE ELLIPTIC CURVES, 2019 CURVEShttps://www.esat.kuleuven.be/cosic/elliptic-curves-are-quantum-dead-long-live-elliptic-curves/