We discuss the emerging threat and implications of quantum computing technology on the security of cryptosystems currently deployed in applications, and why system designers should consider addressing this risk already in the near term. We then discuss an overview of the current approaches for building quantum safe cryptosystems and their security and performance aspects. We conclude with a glimpse at the state of the art and research challenges in the area of quantum-safe cryptography, including the design of more advanced quantum-safe cryptographic protocols, such as privacy-preserving cryptocurrencies.
A brief presentation on Position-Based, Device-Independent and Post Quantum Cryptographies. Detailing Position-Based QC, defining Device-Independent QC and discussing Post Device-Independent.
Shor's algorithm is for quantum computer. Using this algorithm any arbitrarily large number can be factored in polynomial time. which is not possible in classical computer
With the introduction of quantum computing on the horizon, computer security organizations are stepping up research and development to defend against a new kind of computer power. Quantum computers pose a very real threat to the global information technology infrastructure of today. Many security implementations in use based on the difficulty for modern-day computers to perform large integer factorization. Utilizing a specialized algorithm such as mathematician Peter Shor’s, a quantum computer can compute large integer factoring in polynomial time versus classical computing’s sub-exponential time. This theoretical exponential increase in computing speed has prompted computer security experts around the world to begin preparing by devising new and improved cryptography methods. If the proper measures are not in place by the time full-scale quantum computers produced, the world’s governments and major enterprises could suffer from security breaches and the loss of massive amounts of encrypted data
This document provides an introduction to post-quantum cryptography. It discusses how quantum computers could break current public key cryptography and outlines several approaches to post-quantum cryptography, including lattice-based, code-based, multivariate, hash-based, and isogeny-based cryptography. It summarizes the National Institute of Standards and Technology's post-quantum cryptography standardization project and competition, which is evaluating these approaches.
Presents an overview of quantum computing including its history, key concepts like qubits and superposition, applications like factoring large numbers and solving optimization problems, and advantages like speed and security compared to classical computers. Some challenges to building quantum computers are maintaining stability due to sensitivity to interference and requiring very cold temperatures.
A brief presentation on Position-Based, Device-Independent and Post Quantum Cryptographies. Detailing Position-Based QC, defining Device-Independent QC and discussing Post Device-Independent.
Shor's algorithm is for quantum computer. Using this algorithm any arbitrarily large number can be factored in polynomial time. which is not possible in classical computer
With the introduction of quantum computing on the horizon, computer security organizations are stepping up research and development to defend against a new kind of computer power. Quantum computers pose a very real threat to the global information technology infrastructure of today. Many security implementations in use based on the difficulty for modern-day computers to perform large integer factorization. Utilizing a specialized algorithm such as mathematician Peter Shor’s, a quantum computer can compute large integer factoring in polynomial time versus classical computing’s sub-exponential time. This theoretical exponential increase in computing speed has prompted computer security experts around the world to begin preparing by devising new and improved cryptography methods. If the proper measures are not in place by the time full-scale quantum computers produced, the world’s governments and major enterprises could suffer from security breaches and the loss of massive amounts of encrypted data
This document provides an introduction to post-quantum cryptography. It discusses how quantum computers could break current public key cryptography and outlines several approaches to post-quantum cryptography, including lattice-based, code-based, multivariate, hash-based, and isogeny-based cryptography. It summarizes the National Institute of Standards and Technology's post-quantum cryptography standardization project and competition, which is evaluating these approaches.
Presents an overview of quantum computing including its history, key concepts like qubits and superposition, applications like factoring large numbers and solving optimization problems, and advantages like speed and security compared to classical computers. Some challenges to building quantum computers are maintaining stability due to sensitivity to interference and requiring very cold temperatures.
This document provides an overview of quantum cryptography. It introduces key concepts like the Heisenberg uncertainty principle, photon polarization, and the need for quantum cryptography due to potential threats from quantum computers. The document describes how quantum key distribution works using protocols like BB84 to generate and test secure encryption keys between two parties by detecting any eavesdropping. It notes that working prototypes have been implemented over fiber optic cables and open air.
This document discusses the history and future of quantum computing. It explains how quantum computers work using principles of quantum mechanics like superposition and entanglement. Quantum computers can perform multiple computations simultaneously by exploiting the ability of qubits to exist in superposition. Current research involves building larger quantum registers with more qubits and performing calculations with 2 qubits. The future of quantum computing may enable solving certain problems much faster than classical computers, with desktop quantum computers potentially arriving within 10 years.
This document discusses post-quantum cryptography and code-based cryptography as a potential solution. It provides an overview of cryptography, both symmetric and asymmetric, and explains how quantum computers could break many current systems by solving mathematical problems efficiently. Code-based cryptography is introduced as an alternative that does not rely on these vulnerable problems. The McEliece cryptosystem and Staircase code-based schemes are described. The document then outlines a project to implement a random split of Staircase codes to thwart information set decoding attacks, including researching the topic, developing implementations, validating the approach works as intended, and verifying the results against benchmarks. It emphasizes that development should begin now to have solutions ready when needed.
This document provides an introduction to quantum cryptography. It discusses how quantum cryptography solves the key distribution problem faced by conventional cryptography through the use of polarized photons and quantum properties like the Heisenberg uncertainty principle. The document summarizes the BB84 quantum key distribution protocol developed by Bennett and Brassard, in which Alice and Bob use randomly polarized photons to generate an encryption key. It also discusses some challenges for practical quantum cryptography implementations, like developing single photon sources and detectors and transmitting photons over long distances.
This document discusses post-quantum cryptography and code-based cryptosystems as an alternative that is secure against quantum computers. It describes the McEliece cryptosystem, which uses error correcting codes, and introduces staircase generator codes and randomly split staircase generator codes to improve efficiency and security. The randomly split staircase generator codes cryptosystem allows for both encryption and digital signatures using efficient procedures while providing 80-bit security levels against quantum attacks, though it has large key sizes of around 10 megabytes.
Quantum computing uses quantum mechanics phenomena like superposition and entanglement to perform calculations exponentially faster than classical computers for certain problems. While quantum computers have shown promise in areas like optimization, simulation, and encryption cracking, significant challenges remain in scaling up quantum bits and reducing noise and errors. Current research aims to build larger quantum registers of 50+ qubits to demonstrate quantum advantage and explore practical applications, with the future potential to revolutionize fields like artificial intelligence, materials design, and drug discovery if full-scale quantum computers can be realized.
This document provides an overview of quantum computing. It outlines the key features of quantum computing including qubits, superposition, entanglement, and interference. It describes quantum algorithms like Shor's algorithm and Grover's algorithm. It also discusses quantum logic gates, advantages and disadvantages of quantum computing, current applications in artificial intelligence, cryptography, and simulation. The document concludes that quantum computing is an emerging technology that could be used more efficiently for complex tasks in the future.
Karen Easterbrook, Microsoft
Brian LaMacchia, Microsoft
Quantum computers may be 10 years away, but well-funded adversaries are already preparing for their arrival. Even if they can’t read high-value encrypted traffic today, they are recording and storing for when they can decrypt it in the future. If your secrets need to be protected for more than 10 years, you need to take action now. In this talk, we will explore how sufficiently large quantum computers will catastrophically break all public-key cryptography commonly used today, the overall scope of this threat, and the steps underway to develop and deploy quantum-resistant replacement algorithms and security protocols. We will introduce the code and tools that you can use today to fend off these future advanced threats.
Quantum computation uses the quantistic physics principles to store and to process information on computational devices.
Presentation for a workshop during the event "SUPER, Salone delle Startup e Imprese Innovative"
This document discusses quantum computers, which harness quantum phenomena like superposition and entanglement to perform operations. A qubit, the basic unit of information in a quantum computer, can exist in multiple states simultaneously. While this allows massive parallelism and an exponential increase in computational power over classical computers, building large-scale quantum computers faces challenges in maintaining coherence. Potential applications include cryptography, optimization problems, and software testing due to quantum computers' probabilistic solving approach.
Quantum computers are designed to perform tasks much more accurately and efficiently than conventional computers, providing developers with a new tool for specific applications.
It is clear in the short-term that quantum computers will not replace their traditional counterparts; instead, they will require classical computers to support their specialized abilities, such as systems optimization.
What is Quantum Computing
What is Quantum bits (Qubit)
What is Reversible Logic gates and Logic Circuits
What is Quantum Neuron (Quron)
What are the methods of implementing ANN using Quantum computing
Quantum computing is a rapidly developing field of computer science that explores the application of quantum mechanics to information processing. It promises to revolutionize the way we solve complex problems that are currently beyond the capabilities of classical computers.
This PowerPoint presentation provides an introduction to the basics of quantum computing, including the principles of quantum mechanics, the properties of quantum bits or qubits, quantum entanglement, quantum superposition, and types of quantum computing .
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
Quantum cryptography a modern cryptographic securityKamal Diwakar
This document provides an overview of quantum cryptography. It begins with introductions to traditional cryptography and quantum cryptography. Quantum cryptography relies on principles of quantum mechanics like the Heisenberg uncertainty principle and photon polarization to securely distribute keys. It explains that quantum key distribution is needed because secure key distribution is not possible with traditional communications, but is possible using quantum communications. The document then discusses why quantum cryptography is needed, what problem quantum key distribution solves, and that deploying quantum key distribution systems is not complex. It also outlines two types of quantum cryptography - position-based and post-quantum cryptography. Finally, it provides an example of an existing quantum network and concludes that quantum cryptography could be the first application of quantum mechanics at the single particle level
Grover's algorithm is a quantum algorithm that allows finding an item in an unstructured database with fewer queries than classical algorithms. It works by amplifying the probability of measuring the target item. The key steps are: (1) initialize a superposition of all possible inputs, (2) apply an oracle to mark the target item, (3) apply Grover's diffusion operator to amplify the target amplitude, and (4) repeat steps 2-3 until the target can be measured with high probability. An example is using Grover's algorithm to find a phone number in an unsorted database with only sqrt(N) queries, compared to N/2 queries classically.
Quantum computing uses principles of quantum theory and qubits (quantum bits) that can represent superpositions of states to perform calculations. The document traces the history of quantum computing from its proposal in 1982 to modern developments. It explains key concepts like qubits, entanglement, and parallelism that allow quantum computers to solve certain problems like factorization and simulation much faster than classical computers. Recent progress in building quantum computers is discussed, including D-Wave Systems' quantum annealing approach. While obstacles remain, quantum computing could have important applications in networking, cryptography, and artificial intelligence.
This document provides an introduction to quantum computing. It discusses how quantum computers work using quantum bits (qubits) that can exist in superpositions of states unlike classical bits. Qubits can become entangled so that operations on one qubit affect others. Implementing qubits requires isolating quantum systems to avoid decoherence. Challenges include controlling decoherence, but research continues on algorithms, hardware, and bringing theoretical quantum computers to practical use. Quantum computers may solve problems intractable for classical computers.
This document outlines a presentation on quantum key distribution. The presentation covers an introduction to cryptography, classical cryptography techniques like the one-time pad, quantum cryptography concepts like photon polarization, and quantum key distribution protocols like BB84. Quantum key distribution allows two parties to detect an eavesdropper attempting to gain knowledge of an encrypted key by exploiting quantum effects. The document provides context and details for each topic that will be covered in the presentation.
Criptografía cuántica - fundamentos, productos y empresasSoftware Guru
La criptografía cuántica es una de las joyas de la corona del cómputo cuántico. Además de conocerse a detalle el fundamento teórico de los protocolos de esta disciplina, se ha hecho investigación experimental por más de dos décadas y, como resultado, existen ya equipos de criptografía cuántica que se pueden comprar e instalar bajo la lógica de cualquier producto comercial.
En esta plática, titulada “Criptografía cuántica - fundamentos, productos y empresas”, el Dr Venegas Andraca dará una introducción concisa a los protocolos de criptografía cuántica BB84 y EK91, describirá las ventajas que estos protocolos tienen respecto de protocolos populares de criptografía convencional, expondrá las restricciones tecnológicas de BB84 y EK91, presentará los equipos de criptografía cuántica disponibles en el mercado y dará un análisis sucinto de las estimaciones de crecimiento comercial de esta disciplina.
DEF CON 27 - ANDREAS BAUMHOF - are quantum computers really a threat to crypt...Felipe Prado
This document provides an overview of quantum computing and its implications for cryptography. It discusses how quantum computers could break popular asymmetric cryptographic algorithms like RSA by efficiently solving problems like integer factorization that are intractable on classical computers. The document explains Shor's algorithm, which uses quantum Fourier transforms to find the period of exponential functions and derive prime factors in polynomial time, posing a threat to RSA. It also discusses quantum computing concepts like superposition and entanglement that enable this speedup. Overall, the document serves as an introduction to how quantum computers may impact cryptography by breaking algorithms like RSA.
This document provides an overview of quantum cryptography. It introduces key concepts like the Heisenberg uncertainty principle, photon polarization, and the need for quantum cryptography due to potential threats from quantum computers. The document describes how quantum key distribution works using protocols like BB84 to generate and test secure encryption keys between two parties by detecting any eavesdropping. It notes that working prototypes have been implemented over fiber optic cables and open air.
This document discusses the history and future of quantum computing. It explains how quantum computers work using principles of quantum mechanics like superposition and entanglement. Quantum computers can perform multiple computations simultaneously by exploiting the ability of qubits to exist in superposition. Current research involves building larger quantum registers with more qubits and performing calculations with 2 qubits. The future of quantum computing may enable solving certain problems much faster than classical computers, with desktop quantum computers potentially arriving within 10 years.
This document discusses post-quantum cryptography and code-based cryptography as a potential solution. It provides an overview of cryptography, both symmetric and asymmetric, and explains how quantum computers could break many current systems by solving mathematical problems efficiently. Code-based cryptography is introduced as an alternative that does not rely on these vulnerable problems. The McEliece cryptosystem and Staircase code-based schemes are described. The document then outlines a project to implement a random split of Staircase codes to thwart information set decoding attacks, including researching the topic, developing implementations, validating the approach works as intended, and verifying the results against benchmarks. It emphasizes that development should begin now to have solutions ready when needed.
This document provides an introduction to quantum cryptography. It discusses how quantum cryptography solves the key distribution problem faced by conventional cryptography through the use of polarized photons and quantum properties like the Heisenberg uncertainty principle. The document summarizes the BB84 quantum key distribution protocol developed by Bennett and Brassard, in which Alice and Bob use randomly polarized photons to generate an encryption key. It also discusses some challenges for practical quantum cryptography implementations, like developing single photon sources and detectors and transmitting photons over long distances.
This document discusses post-quantum cryptography and code-based cryptosystems as an alternative that is secure against quantum computers. It describes the McEliece cryptosystem, which uses error correcting codes, and introduces staircase generator codes and randomly split staircase generator codes to improve efficiency and security. The randomly split staircase generator codes cryptosystem allows for both encryption and digital signatures using efficient procedures while providing 80-bit security levels against quantum attacks, though it has large key sizes of around 10 megabytes.
Quantum computing uses quantum mechanics phenomena like superposition and entanglement to perform calculations exponentially faster than classical computers for certain problems. While quantum computers have shown promise in areas like optimization, simulation, and encryption cracking, significant challenges remain in scaling up quantum bits and reducing noise and errors. Current research aims to build larger quantum registers of 50+ qubits to demonstrate quantum advantage and explore practical applications, with the future potential to revolutionize fields like artificial intelligence, materials design, and drug discovery if full-scale quantum computers can be realized.
This document provides an overview of quantum computing. It outlines the key features of quantum computing including qubits, superposition, entanglement, and interference. It describes quantum algorithms like Shor's algorithm and Grover's algorithm. It also discusses quantum logic gates, advantages and disadvantages of quantum computing, current applications in artificial intelligence, cryptography, and simulation. The document concludes that quantum computing is an emerging technology that could be used more efficiently for complex tasks in the future.
Karen Easterbrook, Microsoft
Brian LaMacchia, Microsoft
Quantum computers may be 10 years away, but well-funded adversaries are already preparing for their arrival. Even if they can’t read high-value encrypted traffic today, they are recording and storing for when they can decrypt it in the future. If your secrets need to be protected for more than 10 years, you need to take action now. In this talk, we will explore how sufficiently large quantum computers will catastrophically break all public-key cryptography commonly used today, the overall scope of this threat, and the steps underway to develop and deploy quantum-resistant replacement algorithms and security protocols. We will introduce the code and tools that you can use today to fend off these future advanced threats.
Quantum computation uses the quantistic physics principles to store and to process information on computational devices.
Presentation for a workshop during the event "SUPER, Salone delle Startup e Imprese Innovative"
This document discusses quantum computers, which harness quantum phenomena like superposition and entanglement to perform operations. A qubit, the basic unit of information in a quantum computer, can exist in multiple states simultaneously. While this allows massive parallelism and an exponential increase in computational power over classical computers, building large-scale quantum computers faces challenges in maintaining coherence. Potential applications include cryptography, optimization problems, and software testing due to quantum computers' probabilistic solving approach.
Quantum computers are designed to perform tasks much more accurately and efficiently than conventional computers, providing developers with a new tool for specific applications.
It is clear in the short-term that quantum computers will not replace their traditional counterparts; instead, they will require classical computers to support their specialized abilities, such as systems optimization.
What is Quantum Computing
What is Quantum bits (Qubit)
What is Reversible Logic gates and Logic Circuits
What is Quantum Neuron (Quron)
What are the methods of implementing ANN using Quantum computing
Quantum computing is a rapidly developing field of computer science that explores the application of quantum mechanics to information processing. It promises to revolutionize the way we solve complex problems that are currently beyond the capabilities of classical computers.
This PowerPoint presentation provides an introduction to the basics of quantum computing, including the principles of quantum mechanics, the properties of quantum bits or qubits, quantum entanglement, quantum superposition, and types of quantum computing .
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
Quantum cryptography a modern cryptographic securityKamal Diwakar
This document provides an overview of quantum cryptography. It begins with introductions to traditional cryptography and quantum cryptography. Quantum cryptography relies on principles of quantum mechanics like the Heisenberg uncertainty principle and photon polarization to securely distribute keys. It explains that quantum key distribution is needed because secure key distribution is not possible with traditional communications, but is possible using quantum communications. The document then discusses why quantum cryptography is needed, what problem quantum key distribution solves, and that deploying quantum key distribution systems is not complex. It also outlines two types of quantum cryptography - position-based and post-quantum cryptography. Finally, it provides an example of an existing quantum network and concludes that quantum cryptography could be the first application of quantum mechanics at the single particle level
Grover's algorithm is a quantum algorithm that allows finding an item in an unstructured database with fewer queries than classical algorithms. It works by amplifying the probability of measuring the target item. The key steps are: (1) initialize a superposition of all possible inputs, (2) apply an oracle to mark the target item, (3) apply Grover's diffusion operator to amplify the target amplitude, and (4) repeat steps 2-3 until the target can be measured with high probability. An example is using Grover's algorithm to find a phone number in an unsorted database with only sqrt(N) queries, compared to N/2 queries classically.
Quantum computing uses principles of quantum theory and qubits (quantum bits) that can represent superpositions of states to perform calculations. The document traces the history of quantum computing from its proposal in 1982 to modern developments. It explains key concepts like qubits, entanglement, and parallelism that allow quantum computers to solve certain problems like factorization and simulation much faster than classical computers. Recent progress in building quantum computers is discussed, including D-Wave Systems' quantum annealing approach. While obstacles remain, quantum computing could have important applications in networking, cryptography, and artificial intelligence.
This document provides an introduction to quantum computing. It discusses how quantum computers work using quantum bits (qubits) that can exist in superpositions of states unlike classical bits. Qubits can become entangled so that operations on one qubit affect others. Implementing qubits requires isolating quantum systems to avoid decoherence. Challenges include controlling decoherence, but research continues on algorithms, hardware, and bringing theoretical quantum computers to practical use. Quantum computers may solve problems intractable for classical computers.
This document outlines a presentation on quantum key distribution. The presentation covers an introduction to cryptography, classical cryptography techniques like the one-time pad, quantum cryptography concepts like photon polarization, and quantum key distribution protocols like BB84. Quantum key distribution allows two parties to detect an eavesdropper attempting to gain knowledge of an encrypted key by exploiting quantum effects. The document provides context and details for each topic that will be covered in the presentation.
Criptografía cuántica - fundamentos, productos y empresasSoftware Guru
La criptografía cuántica es una de las joyas de la corona del cómputo cuántico. Además de conocerse a detalle el fundamento teórico de los protocolos de esta disciplina, se ha hecho investigación experimental por más de dos décadas y, como resultado, existen ya equipos de criptografía cuántica que se pueden comprar e instalar bajo la lógica de cualquier producto comercial.
En esta plática, titulada “Criptografía cuántica - fundamentos, productos y empresas”, el Dr Venegas Andraca dará una introducción concisa a los protocolos de criptografía cuántica BB84 y EK91, describirá las ventajas que estos protocolos tienen respecto de protocolos populares de criptografía convencional, expondrá las restricciones tecnológicas de BB84 y EK91, presentará los equipos de criptografía cuántica disponibles en el mercado y dará un análisis sucinto de las estimaciones de crecimiento comercial de esta disciplina.
DEF CON 27 - ANDREAS BAUMHOF - are quantum computers really a threat to crypt...Felipe Prado
This document provides an overview of quantum computing and its implications for cryptography. It discusses how quantum computers could break popular asymmetric cryptographic algorithms like RSA by efficiently solving problems like integer factorization that are intractable on classical computers. The document explains Shor's algorithm, which uses quantum Fourier transforms to find the period of exponential functions and derive prime factors in polynomial time, posing a threat to RSA. It also discusses quantum computing concepts like superposition and entanglement that enable this speedup. Overall, the document serves as an introduction to how quantum computers may impact cryptography by breaking algorithms like RSA.
DEF CON 23 - Phillip Aumasson - quantum computers vs computers securityFelipe Prado
This document discusses quantum computers and their implications for computer security. It begins with introductions to quantum mechanics concepts and how quantum computers work. It then explains that quantum computers could break many current encryption standards by efficiently solving problems like integer factorization that are hard for classical computers. Alternative "post-quantum" encryption methods are discussed. The document also covers quantum key distribution, proposals for quantum copy protection, and potential applications of quantum machines for tasks like machine learning. While quantum computers may revolutionize computing, many challenges remain around building them and developing quantum algorithms.
Technical Seminar on Securing the IoT in the Quantum WorldSiri Murthy
This document summarizes research on securing Internet of Things (IoT) communication in a quantum world. Currently, IoT relies on cryptographic algorithms like AES and RSA, but these may be broken by quantum computers. The document reviews symmetric key and asymmetric key cryptography. It proposes using hash-based and code-based cryptosystems, like SPHINCS and McEliece, which are quantum-resistant. Doubling the key size of AES to 256 bits could also secure it against quantum attacks. The development of practical quantum computers may take 5-10 more years, so it is important to adopt quantum-resistant algorithms now to protect data in the future.
Why Should You Pay Attention To Quantum Computing?Milos Dunjic
Quantum computing, is an exciting and rather unusual field of informatics. Recently I had privilege to participate on The Quantum Panel, as part of the Payments Canada conference, where I shared some of my view with wider audience.
An overview of how 'quantum' will affect cybersecurity - from cryptography to quantum computing algorithms, we will look at how quantum will affect what we do in information security.
Quantum Computing and its security implicationsInnoTech
Quantum computers work with qubits that can exist in superposition and be entangled. They have enormous computational power compared to digital computers and could solve problems like prime factorization rapidly. This poses risks to current encryption methods and allows for perfectly secure quantum communication. Several types of quantum computers are being developed, from quantum annealers to analog and universal models, with the latter offering exponential speedups but being the hardest to build. Significant progress is being made, with quantum computers in the tens of qubits now and the need to transition encryption to post-quantum algorithms within the next decade.
The document discusses applications of superconductor materials and devices in quantum information science. It covers 5 topics: 1) an overview of the quantum information landscape, 2) macroscopic quantum phenomena in superconductor devices and superconductor qubits, 3) the transmon qubit which is a leading qubit platform, 4) topological superconducting qubits based on Majorana fermion states, and 5) S-TI-S Josephson junctions which are a compelling qubit platform. Superconductivity is expected to play a major role in developing qubit devices and quantum circuits.
This document provides an overview of quantum computing trends and directions. It introduces Francisco Gálvez as the presenter and covers the following topics: IBM's quantum computers including the IBM Quantum Experience platform, basic concepts in quantum computing, quantum architecture focusing on superconducting qubits, quantum algorithms like Shor's and Grover's algorithms, applications of quantum computing, and the IBM Quantum Experience platform which allows users to design and run quantum circuits on real quantum processors.
This document discusses using quantum-safe cryptography to protect against future quantum computers. It proposes a "hybrid" approach where a FIPS-approved classical algorithm is used for conformance while a quantum-safe algorithm is also used to provide long-term security. Specifically, it examines using the "OtherInfo" field when deriving keys to include a quantum-safe symmetric key as part of the key derivation process. This would allow quantum-safe encryption of data even when using a FIPS-approved scheme for key establishment and compliance. However, it is unclear if including symmetric keys in "OtherInfo" is permitted by standards.
Quantum computing description in short. History about quantum computers. Hero's of quantum computers,. introductions abstract what are quantum computers
Quantum information theory deals with integrating information theory with quantum mechanics by studying how information can be stored and retrieved from quantum systems. Quantum computing uses quantum physics and quantum bits (qubits) that can exist in superpositions of states to perform computations in parallel and solve problems like factoring prime numbers faster than classical computers. Key challenges for quantum computing include preventing decoherence and protecting fragile quantum states.
Puniani, Arjan Singh | Candidate Time-Delayed Decryption Protocols for Deploy...Arjan
1) The document proposes protocols for time-delayed encrypted message transmission that would render trusts obsolete over time.
2) It involves encrypting a message and dispersing the decryption key using techniques like memory-hard puzzles, Lagrange interpolation polynomials, and hash functions to ensure the key cannot be reassembled before a specified date.
3) The goal is to provide a way to transmit sensitive information that would be guaranteed to be disclosed after a certain period, even if the original trustees could no longer be relied upon.
This document discusses common cryptography pitfalls and failures. It begins by explaining that while cryptography is widely used, it is easy to misimplement. It then discusses failures with hashing functions, encryption models like symmetric and asymmetric, modes of operation like ECB and CBC, and real-world cases like Adobe's private key leakage. The document also covers password storage best practices, public-key cryptosystems like RSA and optimal asymmetric encryption padding, and the performance costs of cryptography. It emphasizes that one should avoid rolling their own crypto algorithms or implementations and instead use established libraries.
[DSC Europe 23] Ales Gros - Quantum and Today s security with Quantum.pdfDataScienceConferenc1
Quantum computing poses risks to modern cryptography. By 2026, there is a 1 in 7 chance that quantum computers will be able to break fundamental public-key cryptography. By 2031, there is a 1 in 2 chance. Cryptography is used everywhere in the digital world, including internet protocols, digital signatures, critical infrastructure, financial systems, and blockchains. If quantum computers are able to break current cryptography, cyber criminals could gain access to critical infrastructure, forge digital signatures to manipulate legal records, decrypt historical data, and create fraudulent transactions. This poses serious risks that must be addressed as quantum computing advances.
Quantum Computing & Cryptography: A Brief IntroductionHedera Hashgraph
Often touted as the next computational paradigm, many race to develop the first large-scale quantum computer. Google’s recent announcement that they achieved quantum supremacy — the ability for a quantum computer to do something a classical computer cannot — highlights concerns on whether we are prepared for a post-quantum world, one in which widely deployed cryptographic algorithms are broken. But how advanced are quantum computers really, and should we be worried about their impact on distributed ledger technologies?
Join Atul Luykx, Head of Cryptography at Hedera Hashgraph, to learn how quantum computing is impacting cryptography and its applications. In this webinar, you’ll learn:
- What happens when cryptography is broken?
- How quantum computing breaks cryptography?
- What can be done to avoid quantum attacks?
- Hedera Hashgraph’s approach on quantum resistance in its consensus algorithm and public ledger.
- Updates on the latest post-quantum cryptography developments
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
In this presentation we will review how already available quantum technology can help improve well known security mechanisms and protocols. Next we will explore how close (or far away) a quantum internet is and if it will even be fully quantum.
Quantum computing has the potential to revolutionize many fields including cryptography. Quantum computing can solve mathematical problems that current cryptography relies on, like factoring large numbers, much faster than classical computers. This would make current encryption methods vulnerable to attacks. Researchers are developing new quantum-resistant cryptography methods and quantum key distribution to secure communication as quantum computing advances.
Similar to Quantum_Safe_Crypto_Overview_v3.pdf (20)
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
1. www.monash.edu.au
An Overview of Quantum-Safe
Cryptography
Assoc. Prof. Ron Steinfeld
Dept of Software Systems & Cybersecurity
Faculty of IT
Monash University
10 May 2022
2. Quantum-Safe Crypto Overview
Outline
• The Quantum Computing threat to Cryptography
– Why quantum-safe cryptography?
• Quantum-Safe Cryptography (PQC)
– Current approaches & characteristics
> Security
> Performance
> The coming new crypto standards (NIST,ETSI,…)
• Glimpse at State-of-the-art Research &
Challenges
3. Quantum-Safe Crypto Overview
Quantum Computing Threat to Cryptography
• Quantum computers
– Concept suggested by quantum physicists Paul Benioff
and Richard Feynman (early 1980s)
– Exploit quantum mechanics to process information
> Use quantum bits = “qubits” instead of 0’s and 1’s
> Qubits can be in “superposition states”: ability of
quantum system to be in multiples states at the same
time
> à Massive parallelization potential to vastly
increase computational power beyond classical
computing limit
– Computational problems that are infeasible for classical
computers may become easy for quantum computers
– à Can have huge impact on cryptography!
4. Quantum-Safe Crypto Overview
Nature of Qubits
A classical computer performs operations using classical bits, which can be
either zero or one.
In contrast, the quantum computer uses quantum bits (Qubits), which can
be zero, one, or both zero and one at the same time. For example the
outermost electron of a phosphorus atom can be used as qubit.
sdsd
5. Quantum-Safe Crypto Overview
Nature of Qubits
Electron can exist in quantum superposition
Measurement outcome either one or zero with
the indicated probabilities.
64% 36%
sdsd
6. Quantum-Safe Crypto Overview
The POWER OF QUANTUM
COMPUTATION
For 2 qubits:
- 1 of 4 possible measured outcomes for 2 qubits
- before measurement: all 4 possible outcomes can have
non-zero weights in a superposition state!
25%
25%
25%
25%
For n qubits:
- after measurement: 1 of 2n possible outcomes
- before measurement: superposition of 2n outcomes!
The potential power of quantum computers:
Quantum computations can be performed in
parallel on all these 2$ possible outcomes!!
sdsd
7. Quantum-Safe Crypto Overview
THE LIMITATION OF QUANTUM
COMPUTERS
Quantum computations can be performed in parallel on all
these 2$
possible superposed outcomes of n qubits!!
BUT, once we measure the quantum system the state
collapses to just one of those 2$
possible outcomes.
1%
2%
96%
1%
àWe can only exploit the parallelism of quantum
computation for certain types of computation problems:
Those problems for which the quantum computation
can concentrate most of the probability on the solution
to our computational problem
à Measurement of final state will give the solution
outcome with high probability
measure
Collapsed measurement result
(solution to the computation prob.)
sdsd
8. Quantum-Safe Crypto Overview
Quantum Computing Threat to Cryptography
• Shor’s quantum algorithms – exponential speedup
of QCs for breaking classical Public Key Crypto
– 1994: Peter Shor (IBM Research): efficient
quantum computer algorithms for:
> Integer Factorisation Problem (IFP)
– à Breaks RSA public-key encryption in polynomial
time in length of the modulus n
> Discrete Logarithm Problem (DLP)
– Breaks Diffie-Hellman key exchange protocol in
polynomial time length of modulus p
> Later extended also to break ECDLP in poly time
• Implication: large scale QC à RSA and Diffie-
Hellman public-key systems become insecure!
9. Quantum-Safe Crypto Overview
• 1996: Grover’s Algorithm -- polynomial speedup of
QCs for breaking Symmetric-Key Crypto
– Preimage finding (one-wayness): Given y = H(x), for
random n-bit x, find x.
– Brute-force classical algorithm: ~ O(2n) time
– Grover’s quantum algorithm: ~ O( 2$) = 𝑂(2
-
.) time
Quantum Computing Threat to Cryptography
11. Quantum-Safe Crypto Overview
Quantum Computing Threat to Cryptography
– How Far Away?
• Concrete estimates for ECDL implementation of
Shor’s algorithm [HJN20]:
– ~2124 qubits
– ~2.3 x 109 quantum gates
12. Quantum-Safe Crypto Overview
Quantum Computing Threat to Cryptography
– How Far Away?
• Technological Improvements in QC:
– 1980-82: idea proposed by Benioff / Feynman
– 1998: first 2-qubit quantum computer realized
– 2000: 7-qubit quantum computer
– 2006: 12-qubits
– 2017: 49/50-qubits (IBM/Intel)
– 2018: 72-qubits (Google)
– 2019: 53 qubits (IBM), Google’s successful quantum
supremacy experiment published
– 2021: IBM `Eagle’ - 127 qubits
– 2023 (IBM Roadmap): 1000+ qubits??
13. Quantum-Safe Crypto Overview
Quantum Computing Threat to
Cryptography: Why Worry now?
• Quantum-insecure Public Key Crypto is everywhere:
– Web security (SSL/TLS)
– VPNs (IPSec)
– IoTs, blockchains, .....
• Collect ciphertexts now and decrypt in the QC
future…
Time to upgrade infrastructure crypto to quantum-safe
alternatives (standards, implementation, deployment)
+ Time for future data security required
< ?? Time to Practical Large scale QC
14. Quantum-Safe Crypto Overview
Resisting QC Attacks on Public-Key Crypto
• Two main countermeasure approaches
investigated:
– Quantum-Safe Cryptography
> Aka Post-Quantum Cryptography (PQC)
> Public key cryptosystems based on computational problems
resistant even to quantum computer attacks
> legitimate parties use only classical computers
– “plug-in” replacement to quantum-insecure public key
crypto.
> Active research topic in cryptography for > 20 years
> Several approaches known (later in this talk)
15. Quantum-Safe Crypto Overview
Resisting QC Attacks on Public-Key Crypto
• Two main countermeasure approaches
investigated (cont):
– Quantum Cryptography
> Aka Quantum Key Distribution (QKD)
> Key exchange protocol resistant even to quantum
computer attacks
> legitimate parties use quantum communication/
computation computers (not plug-in replacement for
quantum-insecure public-key crypto, need special
quantum hardware).
> Requires quantum-safe classical authentication
> Will not discuss further in this talk
16. Quantum-Safe Crypto Overview
The future of Public-Key Cryptography:
Quantum-Safe Public-Key Cryptosystems
• Quantum-Safe (aka Post-Quantum) Cryptography
– Goal: Public-key cryptosystems based on computational
problems resistant to quantum computers
– A delicate balance: need
> Enough math structure to support the functionality
– Encrypt with public key, decrypt with private key
> Not enough math structure to allow quantum attacks
– But several candidate approaches exist:
> Linear equations with Errors: Lattice & Coding problems
> Multivariate non-linear equations
> Isogenies on elliptic curves
> Symmetric-key approaches (digital signatures only)
17. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Lattices & Codes
• Linear Equations with errors – Codes & Lattices
– Idea inspired by Error Correction Codes
– Add `small’ errors to a linear equation to make it hard
to solve: y = A*x + e
– Encode a message x by an expanding linear
transformation (add redundancy)
– Can decode if noise e is sufficiently `small’
> Easy to decode for special codes (wireless communication)
> Computationally hard to decode for “random-looking” linear
codes in high dimension
• Codes & Lattices: different ways to measure `small’
18. Quantum-Safe Crypto Overview
Lattice-based Cryptography: Idea (1)
Ron Steinfeld sdsd
• Lattice = periodic grid of points in space
• Generated by some set of basis vectors
• E.g. (right) lattice in 2-D (green points = lattice,
basis in blue)
• Can be easily defined mathematically in any
dimension n
• hard to visualise/draw for n > 3!
• Fact: geometric problems in lattices seem
to be computationally infeasible (run time
exponential in n) for large dimension n
• Even against quantum computers!
• Lattice-based crypto: design pub-key encryption so
breaking it requires solving a hard geometric lattice
problem!
19. Quantum-Safe Crypto Overview
Lattice-Based Cryptography: Idea (2)
• Hard geometric lattice Problem:
Bounded-Distance Decoding (BDD)
• Given a basis B of a (high-dim.) lattice and a
point c close to a lattice point m, compute m
• Idea of Public-key encryption:
• Pub key pk: basis B for lattice
• Private key sk: decoding trapdoor for lattice
• Encrypt(m): to encrypt a message m (lattice
point):
• choose random short error vector e
• Compute c = m + e
• Ciphertext = c
• Decrypt(c, sk): use sk to compute closest
lattice point m to c.
• Security: hard to solve BDD without sk!
m
c
e
20. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Lattices & Codes
Brief History of Lattice-Based Cryptography
• 1978: Merkle-Hellman Knapsack PKC.
• 1982: LLL Lattice Reduction algorithm –
– Poly-time secret recovery attack (Shamir).
• 1980s:
for(i = 1; i < N; i++)
repair;
attack;
– Problem with Heuristic Designs:
> shortcut attacks (avoid hard lattice problem)
21. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Lattices & Codes
Brief History of Lattice-Based Cryptography (cont)
• 1996: Lattice One-Way Hash Function with worst case to average
case security proof (Ajtai/Ajtai-Dwork) - SIS problem.
• 1996: NTRUEncrypt: Practical structured lattice PKC, but heuristic
security (Hoffstein Pipher Silverman.)
• 2002: Efficient structured lattice-based one-way hash function with
security proof (Micciancio).
• 2005: PKC with security proof – LWE Problem (Regev)
• 2008: Trapdoor signatures with security proof (Gentry et al.)
• 2009: Efficient Schnorr-type structured lattice signatures
(Lyubashevsky)
• 2009/10: Efficient structured lattice PKC with sec proof –
PLWE/RLWE problems (Stehle-Steinfeld-Tanaka-Xagawa,
Lyubashevsky-Peikert-Regev)
22. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Lattices & Codes
Brief History of Lattice-Based Cryptography (cont)
• 1996: Lattice One-Way Hash Function with worst case to average case
security proof (Ajtai/Ajtai-Dwork) - SIS problem.
• 1996: NTRUEncrypt: Practical structured lattice PKC, but heuristic security
(Hoffstein Pipher Silverman.)
• 2002: Efficient structured lattice-based one-way hash function with security
proof (Micciancio).
• 2005: PKC with security proof – LWE Problem (Regev)
• 2008: Trapdoor signatures with security proof (Gentry et al.)
• 2009: Efficient Schnorr-type structured lattice signatures (Lyubashevsky)
• 2009/10: Efficient structured lattice PKC with sec proof – PLWE/RLWE
problems (Stehle-Steinfeld-Tanaka-Xagawa, Lyubashevsky-Peikert-Regev)
• 2009: Fully Homomorphic Encryption (Gentry)
• 2011: First security proof for variant of NTRU (Stehle-Steinfeld)
• 2010-Present: Improved Efficiency and More functionalities (ID-Based
Encryption, Attribute Based,…)
23. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Lattices & Codes
• Two types of Lattices used in PQC:
• Unstructured (LWE Problem): e.g. FrodoKEM
– Advantage: Low Security Risk – no lattice structure,
relation to worst-case lattices (e.g. FrodoKEM)
– Drawback: large keys/ciphertexts, slow computation
• Structured (Polynomial LWE/Ring LWE/Module LWE)
– E.g. Kyber, Saber, NTRU, …
– Lattice defined with algebraic (polynomial) structure
(matrices with cyclic structure)
– Advantage: short keys/ciphertexts, fast algorithms
– Drawback: higher potential security risk (but OK > 25yr)
24. Quantum-Safe Crypto Overview
• Lattices: Performance and Security
– Security:
> best known attack time ~ 2O(k) for key length k
> But exponent constant is quite small à moderately large
key/ciphertext/signature lengths
> Studied in math & comp sci. since 1980s
– Performance: With practical structured lattices
(MLWE/RLWE/NTRU problems):
> fast algorithms (~ ECC or faster) and
> moderately short keys/ctxts (~10x-40x ECC length)
Quantum-Safe Crypto: Approaches –
Lattices & Codes
25. Quantum-Safe Crypto Overview
• Codes: Performance and Security
– Security:
> best known attack time ~ 2O(k) for key length k
> But exponent constant is quite small à moderately large
key/ciphertext/signature lengths
> Studied in math & comp sci. since 1950s
> McEliece PKC (1977) – based on Goppa codes
– Performance: With original McEliece
> Moderately fast algorithms
> very short ctxts (~128 bytes)
> Very long keys (> 100kB)
> Structured codes can improve performance
– Difficult to implement signatures!
Quantum-Safe Crypto: Approaches –
Lattices & Codes
26. Quantum-Safe Crypto Overview
Quantum-Safe Crypto: Approaches –
Multivariate Non-linear equations
• Multivariate Non-linear equations
– Originated in the 1980s,
– Hide a message in a system of polynomial equations
in many variables.
– Decryption trapdoor transforms system into an easy to
solve linear system
– Security: not very well understood
> recent practical attack against NIST Round 3 candidate
Rainbow signature.
– Peformance:
> Moderately long keys but short signatures
> Fast algorithms
27. Quantum-Safe Crypto Overview
• Idea (e.g. SIKE):
– classical ECC is quantum-insecure due to
commutativity of the EC group operation
– Isogenies are mappings between curves with a non-
commutative structure à resist Shor’s quantum
algorithms
– Use a Diffie-Hellman-like non-commutative protocol
• Security: not so well understood (only studied last ~10-
20 years)
• Performance:
> short keys and ciphertexts
> Slow algorithms
Quantum-Safe Crypto: Approaches –
Isogenies on Elliptic Curves
28. Quantum-Safe Crypto Overview
• Idea (e.g. SPHINCS+ / Picnic):
– Use well established symmetric-key algorithms
– Approach 1 (e.g. SPHINCS+):
> Public key = Merkle tree hash of many one-time signature
keys (short)
> Signature = one-time signature (reveal sk) + Merkle auth path
– long signature!
– Approach 2 (e.g. Picnic):
> Public key = one-way hash of secret key
> Signature = Zero-knowledge proof of knowledge of secret key
– long signature!
Quantum-Safe Crypto: Approaches – Symmetric-
key approaches (digital signatures only)
29. Quantum-Safe Crypto Overview
• Security: well understood (depending on
symmetric key crypto algorithm used)
• Performance:
> short public key
> Long signature and slow algorithms
Quantum-Safe Crypto: Approaches – Symmetric-
key approaches (digital signatures only)
30. Quantum-Safe Crypto Overview
The future of Public-Key Cryptography:
“Post-Quantum” Public-Key Cryptosystems
• NIST (US) PQC standardization process: solicit, evaluate an
standardise quantum-resistant public-key cryptosystems:
– Nov. 2017: PQC algorithm submissions deadline
> 69 algorithms submitted (public key encryption and signatures)
> Initiate ~ 4-5 year analysis/evaluation phase
– Apr. 2018: First NIST PQC conference
– Jan. 2019: Second round algorithms selected (26)
– Aug. 2019: Second NIST PQC conference
– Jul. 2020: Third round algorithms selected (7)
– ~ 2022-23: New PQC standards developed
– Goal: ready for PQC deployment in by ~ 2024-27
39. Quantum-Safe Crypto Overview
Comparison Table: NIST 3rd Round PQC
Finalist PKE (KEM) Candidates
Algorithm Type Dec time
(cycles,
AVX2)
|pk| (bytes) |ctxt| (bytes)
Crystals-Kyber512 Structured
Lattice
34.5𝑘 800 768
LightSaber Structured
Lattice
63𝑘 672 736
NTRUhrss710 Structured
Lattice
62𝑘 1138 1138
Classic
McEliece348864f
Code 134𝑘 𝟐𝟔𝟏𝑘 128
All at NIST level 1 (107 bit quantum sec.)
40. Quantum-Safe Crypto Overview
Comparison Table: NIST 3rd Round PQC
Finalist Signature Candidates
Algorithm Type Sign time
(cycles,
AVX2)
|pk| (bytes) |sig| (bytes)
Crystals-Dilithium2 Structured
Lattice
333𝑘 1312 2420
Falcon512 Structured
Lattice
387𝑘 897 666
Rainbow Multivariate 67𝑘 158𝑘 66
All at NIST level 1 (107 bit quantum sec.)
41. Quantum-Safe Crypto Overview
NIST PQC Process: Current Status
• Latest News/Remarks:
– NIST to announce standards any day now
> One of structured lattices for enc and sign
> Rainbow/GeMSS Multivariates unlikely to survive? (both
suffered improved attacks in round 3)
– Recent Matzov cryptanalysis:
> Optimizations for lattice-based attacks against lattice
candidates (~5-10 bits of security impact)
– But not a major new idea, unlikely to affect big picture
– NIST likely to call for additional efficient PQ
signature proposals not based on structured lattices
42. Quantum-Safe Crypto Overview
Other PQC standardisation efforts: ETSI
• European Telecommunications Standards
Institute (ETSI)
– Quantum-Safe Cryptography (QSC) working
group.
– Assess and make recommendations for
quantum-safe cryptographic primitives protocols
and implementation considerations
– Besides encryption and signature, also other
functionalities:
> Latte – Lattice Based Hierarchical Identity-Based
Encryption (HIBE)
43. Quantum-Safe Crypto Overview
Implementation Issues
• Quantum-Safe Crypto Implementation
– Need careful (even more than non-qsafe)
implementation to achieve
> High performance
> Security against side-channel attacks (e.g. timing)
– Some central implementation techniques:
> Structured lattices: fast polynomial arithmetic
– Work in polynomial rings, typically Zq[X]/(Xd+1)
– Use Fast Fourier Transform (FFT variants): NTT using
special q
– Modulus q typically quite small ~10-20 bits (unlike RSA)
44. Quantum-Safe Crypto Overview
Implementation Issues
• Quantum-Safe Crypto Implementation (cont)
– Some central implementation techniques:
> Lattice/coding schemes need efficient & constant time `small’
noise sampling
> E.g. Discrete-Gaussian distribution over integers/lattices
> Significant research into practical algs. (e.g.FACCT [ZSS19])
45. Quantum-Safe Crypto Overview
Deployment in Software Libraries
Several libraries implementing NIST PQC algorithms
already available for various platforms, e.g
• Open Quantum Safe (OQS) project
– Q-safe crypto library: liboqs
– Q-safe forks of OpenSSH and OpenSSL
• PQClean library
• Pqm4 library
– Q-safe library optimized for embedded ARM Cortex-M4
– Test integrations and evaluation in WolfSSL [T+21]
• Bouncy Castle library (NIST Q-safe in development)
46. Quantum-Safe Crypto Overview
Post-Quantum Cryptography:
Current Research Areas
• Quantum Security Foundations
– Are lattice-based cryptosystems and other PQC
candidates really secure against quantum attacks?
How secure are they?
• Secure and Efficient Implementation
– How to implement PQC cryptosystems in hardware
& software to ensure security and high
performance?
• Advanced Protocols
– How to design efficient advanced post-quantum
public-key crypto protocols?
> E.g. privacy-preserving blockchain systems and credentials
47. Quantum-Safe Crypto Overview
Making Lattice-Based Hierarchical ID-Based
Encryption (HIBE) practical
• LATTE - ETSI proposed recommendation for
Hierarchical ID-Based Encryption (HIBE)
– Allows for hierarchical key delegation
– Considered by UK govt for emergency LTE
communication network
– Advanced (slow) lattice trapdoor sampling used
> Estimated in order of mins in ETSI proposal doc
– Long key/ctxt lengths
48. Quantum-Safe Crypto Overview
Making Lattice-Based Hierarchical ID-Based
Encryption (HIBE) practical
• Our results ([ZMSSO22]):
– Improved LATTE
> Design optimisations:
– Reduce dimension of lattices à
» cut time & key/ctxt lengths
> Implementation optimisations:
– Fast FACCT/COSAC discrete Gaussian sampling
– Faster lattice Fourier sampling algorithm
– Precision security analysis: support up to 244 delegations/extractions
> Performance Results:
– Our Delegation time ~ 0.4s-1s (vs minutes for ETSI estimate)
– Shorter decryption keys by 2x-3x
– Shorter ctxt length by 33%
52. Quantum-Safe Crypto Overview
RingCT: Ring Confidential Transactions
[Noe15]
Spender Verifier
Accept/Reject
Check:
1) Correct signature?
2) Input accounts unspent?
3) Balance is preserved?
Acc1: (pk1, $2)
Acc2: (pk2, $3)
Hom. Commitment
Stealth addresses
(in Monero)
Ring Signature
a ZK proof Π
{I send $(2+3) to Bob}signed_Alice
53. Quantum-Safe Crypto Overview
Our Lattice-Based Ring CT Protocols
• MatRiCT: the first practical “post-quantum” RingCT protocol
[E+19]
– Efficient ring signature and balance proof building on our ZKP
techniques
– Much smaller proofs, public keys and system modulus than
prior protocols
– Based on standard lattice assumptions: M-LWE and M-SIS
– Efficient implementation in C/C++
– Bonus feature: auditability (optional)
• MatRiCT+: Shorter & Faster proofs [E+21]
– CRT-packed balance proof
– Shorter modulus /proof (improved soundness analysis)
– Aggregated ring signature for multiple payer accounts
56. Quantum-Safe Crypto Overview
Further Reading
• Galbraith S. et al. 2021. The Quantum Threat to Cybersecurity: Looking
Through the Prism of Post-Quantum Cryptography. CSIRO: Canberra,
Australia. Available at https://data61.csiro.au/en/Our-Research/Our-
Work/The-quantum-secure-cryptography-of-tomorrow
• US White House. National Security Memorandum on Promoting United
States Leadership in Quantum Computing While Mitigating Risks to
Vulnerable Cryptographic Systems (May 4 2022)
• NIST Post-Quantum Cryptography Standardisation Process:
https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-
cryptography-standardization
• [HJN20] Thomas H¨aner, Samuel Jaques, Michael Naehrig, Martin
Roetteler and Mathias Soeken. Improved Quantum Circuits for Elliptic
Curve Discrete Logarithms. PQCrypto 2020.
• Chris Peikert. A Decade of Lattice Cryptography. Available at
https://eprint.iacr.org/2015/939.pdf [Lattice Based Cryptography survey]
Further Reading
57. Quantum-Safe Crypto Overview
Further Reading
• [ZSS20] Raymond K. Zhao, Ron Steinfeld, Amin Sakzad. FACCT:
FAst, Compact, and Constant-Time Discrete Gaussian Sampler
over Integers. IEEE Trans. Computers 69(1): 126-137 (2020).
Available at https://eprint.iacr.org/2018/1234
• [ZMSSO22] Raymond K. Zhao, Sarah McCarthy, Ron Steinfeld, Amin
Sakzad, Máire O’Neill. Quantum-safe HIBE: does it cost a Latte?
Available at https://eprint.iacr.org/2021/222
• [Noe15] Shen Noether, Adam Mackenzie, the Monero Research Lab.
Ring Confidential Transactions. Ledger 2016.34.
• [ESS21] Muhammed F. Esgin and Ron Steinfeld and Raymond K.
Zhao. MatRiCT+: More Efficient Post-Quantum Private Blockchain
Payments. IEEE Symposium on Security and Privacy (S&P) 2022.
Available at https://eprint.iacr.org/2021/545
Further Reading