Post-quantum cryptography

and crypto analysis

Case study
Content
Introduction to Quantum Cryptography
NIST PQC standardizations
Type of Pos-quantum algorithms
Implementing PQC Algorithm Challenges
A common misconception about quantum computing and
cryptography
 Definition

Post-quantum cryptography, also known as quantum-

proof, quantum-safe, or quantum-resistant cryptography,
addresses the challenge posed by quantum computers.
Quantum Computers and Cryptography

Quantum computers exploit the unique properties of quantum

mechanics to perform complex calculations much faster than
classical computers.
The threat they pose to current cryptographic
algorithms lies in their ability to efficiently solve certain
mathematical problems that underpin security.
Current Algorithms and Quantum Vulnerability
Popular cryptographic algorithms (especially public-key algorithms)
rely on hard mathematical problems like:
 Integer factorization (e.g., RSA)
 Discrete logarithm (e.g., Diffie-Hellman, DSA)
 Elliptic-curve discrete logarithm (e.g., ECC)
Quantum computers, particularly using Shor's algorithm, can
efficiently solve these problems, compromising the security of existing
systems.
 Shor's Algorithm:
• Shor's algorithm, a quantum algorithm, efficiently factors large
integers and computes discrete logarithms.
• Classical public-key cryptosystems (e.g., RSA, Diffie-Hellman) rely on these
hard problems for security.
• A sufficiently powerful quantum computer could break these classical
systems by solving these problems exponentially faster.
 Cont..
• Symmetric Cryptography and Quantum Resistance
• Most symmetric cryptographic algorithms and hash functions are considered
relatively secure against quantum attacks.
• While Grover's algorithm speeds up attacks against symmetric ciphers
• Grover’s algorithm, also known as the quantum search algorithm, is a
remarkable quantum algorithm for unstructured search. This Accelerate brute-
force search
• Grover’s algorithm can speed up various algorithms, especially those with
exhaustive search as a subroutine.
• Notably, it could brute-force a 128-bit symmetric cryptographic key in
roughly 2^64 iterations or a 256-bit key in roughly 2^128 iterations.
 Grover's algorithm
• Problem Statement:
• Imagine we have a set of N elements.
• Among these elements, there is a single marked element that we want to find.
• In classical computing, we would need to search through all N elements,
which takes time O(N).
Quantum Key Distribution (QKD):
• QKD promises secure key exchange based on quantum principles
• However, it doesn't directly threaten classical cryptography; it
complements it.
• QKD ensures secure key distribution but relies on classical
encryption for actual communication.
Post-Quantum Cryptography Goals
• Goal:- To develop new cryptographic systems that remain secure
against both quantum and classical computers.
NIST PQC standardizations

Objective
• NIST aims to develop cryptographic systems secure against both quantum and
classical computers.
• These systems should interoperate with existing communication protocols and
networks.
Candidate Algorithms
• The process began in 2017 with 69 candidate algorithms that met acceptance
criteria.
• Algorithms were evaluated based on security, performance, and other
characteristics.
Cont..
• Feb 13 first PQC draft in IRTF’s CFRG
• “Crypto Forum Research Group.” It’s a collaborative effort within the Internet
Research Task Force (IRTF) that focuses on cryptographic research and standards
development.
• Sept 13 ETSI holds first PQC Workshop
• On April 15 NIST announced the transition to PQC
• Aug 15 NSA announces transition to PQC
• Feb 16 NIST announces first computation
• Dec 16 NIST opens call for proposal scheduled
• NOV 17 NIST submission deadline
• 2024 draft standards ready
Cont..
First Rounds
• The first round lasted until January 2019, during which candidate algorithms
were assessed.
• After three rounds of evaluation, NIST selected the first algorithms to be
standardized.
Selected Algorithms
• NIST will recommend two primary algorithms:
• CRYSTALS-KYBER (for key establishment)
• CRYSTALS-Dilithium (for digital signatures)
• Kyber-512: Security roughly equivalent to AES-128.
• Kyber-768: Security roughly equivalent to AES-192.
• Kyber-1024: Security roughly equivalent to AES-256
More usefully
• Design new and improve existing cryptosystems that we believe resist
quantum attack.
• Lattice-based, code-based, non-linear systems of equations, isogeny-based…
 Lattice-based Cryptography:
• This method uses mathematical structures called lattices for encryption. One of
the most secure PQC algorithm
• The shortest vector problem (SVP) is crucial. It asks us to find the minimal
Euclidean length of a non-zero lattice vector. SVP is believed to be hard to
solve efficiently, even with quantum computers.
• 3 scheme types
NTRU: Introduced in 1998, NTRU is a lattice-based public-key encryption scheme.
However, its hardness is not proven against worst-case lattice problems.
Learning with errors (LWE): Oded Regev’s 2005 scheme provides provable security
under worst-case hardness assumptions. Researchers have improved its efficiency over
time.
Fully homomorphic encryption (FHE): Craig Gentry’s 2009 FHE scheme is based on
a lattice problem. It allows computations on encrypted data without decryption.
Cont..

• Shortest Vector Problem (SVP) and Learning With Errors (LWE)

problems, are not efficiently solvable using quantum algorithms.
Why?
• The Shortest Vector Problem (SVP) and Learning With Errors (LWE)
problems are considered difficult for quantum algorithms due to several
key reasons:
• Exponential Time Complexity: the time required to find the shortest vector
using quantum algorithms still grows exponentially.
• No Significant Quantum Advantage: Unlike problems such as factoring large
integers or computing discrete logarithms, where quantum algorithms like Shor's
algorithm provide exponential speedups, quantum algorithms for SVP do not
offer a similar advantage.

• Note read operation of SVM and LWE

challenges of Implementing post-quantum algorithms
1. Performance Trade-offs:
• Many post-quantum algorithms have larger key sizes and slower computation
compared to classical counterparts.
• Balancing security with performance is crucial.
2. Standardization:
• Developing consensus on which algorithms to standardize is complex.
• Standardization ensures interoperability and widespread adoption.
3. Migration from Existing Systems:
• Transitioning from classical to post-quantum algorithms requires careful
planning.
• Legacy systems may need updates or replacements.
 Cont..
4. Algorithm Maturity:
• Some post-quantum algorithms are still in the research stages.
• Ensuring their robustness and security is essential.
5. Quantum-Safe Cryptography Libraries:
• Building efficient libraries for post-quantum algorithms is challenging.
• Optimizing for various platforms (hardware, software) is critical.
6. Quantum-Safe Protocols:
• Integrating post-quantum algorithms into existing protocols (TLS, SSH) is nontrivial.
• Ensuring secure key exchange and authentication is a challenge.
7. Education and Awareness:
• Developers, administrators, and users need education about post-quantum security.
• Awareness of the threat posed by quantum computers is essential.
Misconceptions
1. Quantum Computers Can Break All Cryptography Instantly:
• Misconception: Quantum computers can efficiently break any classical
cryptographic system.
• Reality: Quantum computers excel at specific tasks (e.g., factoring large
integers, and solving discrete logarithms), but not all algorithms. Post-
quantum cryptography aims to resist quantum attacks.
2. Quantum Computers Are Already Here:
• Misconception: Quantum computers are widespread and pose an immediate threat.
• Reality: Large-scale, fault-tolerant quantum computers are still in
development. Practical quantum attacks remain a future concern. Cloud as a
service may concern.
Cont..
3. Quantum Key Distribution (QKD) Is Perfectly Secure.
• Misconception: QKD provides unbreakable encryption.
• Reality: QKD ensures secure key exchange but relies on classical channels for
communication. Implementations face practical challenges.
4. Quantum Computers Will Render All Data Insecure:
• Misconception: Once quantum computers arrive, all existing data becomes
vulnerable.
• Reality: Transitioning to quantum-safe algorithms is gradual. Existing data
won't instantly become compromised.
Summery
Thank you