Post-Quantum Crypto Challenges Prof. Audun Jøsang Universitetet i Oslo D N . n o , 1 D e c e m b e r 2 0 1 7 Audun Jøsang - 2018 PQ Crypto Challenges 2 A f t e n p o s t e n . n o , 1 0 M a y 2 0 1 8 Audun Jøsang - 2018 PQ Crypto Challenges 3 Principle for Quantum Computing • Quantum Computing (QC) uses quantum superpositions instead of binary bits to perform computations. • Quantum algorithms, i.e. algorithms for quantum computers, can solve certain problems much faster than classical algorithms. Audun Jøsang - 2018 PQ Crypto Challenges 4 Quantum Computers Audun Jøsang - 2018 PQ Crypto Challenges 5 QC Threat to Traditional Cryptography • Shor’s Quantum Algorithm (1994) can factor integers and compute discrete logarithms efficiently. It has also been extended to the crack ECC. Together, these attacks would be devastating to traditional public key crypto algorithms. • Grover’s Quantum Search Algorithm (1996) can be used to brute-force search for a k-bit secret key with an effort of only 2k = 2k/2 which effectively doubles the required key sizes for ciphers. • QC has been dismissed by most cryptographers until recent years. General purpose quantum computers do not currently exist, but are expected to be built in foreseeable future. Audun Jøsang - 2018 PQ Crypto Challenges 6 Cryptographic Security Services Symmetric Confidentiality encryption Authentcity / Integrity Hash- functions Non-repudiation PKI / key distribution Asymmetric T encryption & Confidentiality digital signature (Traditional) Quantum Threat Audun Jøsang - 2018 PQ Crypto Challenges 7 Cryptographic Security Services Symmetric Confidentiality encryption Authentcity / Integrity Hash- functions Non-repudiation PKI / key distribution Asymmetric PQ encryption & Confidentiality digital signature (Post-Quantum) PKIs can survive Audun Jøsang - 2018 PQ Crypto Challenges 8 Non-repudiation only possible with PKI The MAC was made with the secret key, Shared so I know that Alice Alice secret key Bob sent the message. But you have the Symmetric same secret key, authentication so maybe you sent the message. MAC Private key The message was Pulic key Alice Bob signed by Alice, so I know that she sent the message. Non-repudiatable authentication You are right, only Alice could have Digital signature signed the message. Audun Jøsang - 2018 PQ Crypto Challenges 9 SKI (Symmetric Key Infrastructure) as alternative to PKI Root-CA Master-node PKI SKI 2 3 Sub-CA Sub-node 1 4 Direct Client nodes A B 1 C A B 5 C Indirect CA certificate Pre-distributed shared secret keys Forklaring: Send encrypted secret session key Shared secret session key Audun Jøsang - 2018 PQ Crypto Challenges 10