Quantum computers attack

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Quantum computers attack

Branislav Majerní[email protected]

18.5.2015 Oracle Security day Bratislava

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

TopicsCryptography today

Introduction to Quantum computing today

Post quantum cryptography

Q & A

1

2

3

4


Cryptography todayRSA, ElGamal, Elliptic curves systems, Lattice systems


Based on hard to compute problems(polynomial vs. exponential)

(N-1)!/2O(n) O(2n)

Search telephone number in DB

Traveling salesman problem


Hard to compute (polynomial vs. exponential)

n (amount of data)

Number of

Operations

O(2n)

O(1)

O(n log n)

O(log n)

O(n2)

O(n)


Hard to compute (sub)exponential IFP problem


Hard to compute (sub)exponential DLP problem


Is IFP and DLP same?

Given a group G, a subgroup H ≤ G, and a set X, we say a function f : G → X hides the subgroup H if for all g1, g2 G, f(g1) = f(g2) if and only if g1H = g2H for the cosets of H. Equivalently, the function f is constant on the ∈cosets of H, while it is different between the different cosets of H.Hidden subgroup problem: Let G be a group, X a finite set, and f : G → X a function that hides a subgroup H ≤ G. The function f is given via an oracle, which uses O(log |G|+log|X|) bits. Using information gained from evaluations of f via its oracle, determine a generating set for H.A special case is when X is a group and f is a group homomorphism in which case H corresponds to the kernel of f.

Both problems are special cases of the hidden subgroup problem over an abelian group.

http://www.eecs.berkeley.edu/Pubs/TechRpts/1984/CSD-84-186.pdf

Eric Bach: Discrete logarithms and factoring


ECDLP ? Hard to compute exponential

Public key, ABPrivate key, abA=aPB=bP

Message from B2AM= aB = abP = bA = baP

DL


http://www.design-reuse.com/articles/7409/ecc-holds-key-to-next-gen-cryptography.html

Underlying mathematical problem & run times of public-key systems


http://www.design-reuse.com/articles/7409/ecc-holds-key-to-next-gen-cryptography.html

Public-key sizes with equivalent security levels


Why Oracle ? :)

http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/CDHandDLP.pdf


Oracle cryptographics engine ECDH (SunEC)


Introduction to QC today


Future of computers (physical limits)


0,1 nm a0 is size of atom, QM rules

-

Exponential problems become polynomial


Quantum computing


Realization of Qubit – single electron transistor

University of New South Wales (UNSW)


Realization of Qubit – photon with semiconductor quantum dots

Joint Quantum Institute


Realization of Qubit - superconducting

IFN-CNR, Rome


Realization of Qubit – superconducting, quantum annealing???

http://www.wired.com/2013/06/d-wave-quantum-computer-usc/


Realization of Qubits – problems: decoherence, noise errors


Realization of Qubits – Topological QC


Realization of Qubits – Topological QC


Possible representations of Qubits – summary


Abelian hidden subgroup problem ( IFP, DLP...) solution

1. Transform problem to problem find a period of function – can be done on classical computer

Shor's algorithm


Abelian hidden subgroup problem ( IFP, DLP...) solution

2. Find period with quantum Fourier transformation - can be done on quantum computer

Shor's algorithm


Information set discovery problem (database search, inversion function, McEliece cryptography) solution

Via iteration find the eigenvalues = 1 for projection s to ω, f(ω) = 1

http://cr.yp.to/codes/grovercode-20091123.pdf

Grover's algorithm


Quantum cryptography


Secure distribution of secret key BB84 protocol


Private amplification


Secure distribution of secret key E91 protocol


Post scriptum

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Q & A

Quantum computers attack

Documents