Quantum-Computational Hybrid Cryptography based on the...
Transcript of Quantum-Computational Hybrid Cryptography based on the...
![Page 1: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/1.jpg)
Workshop Boolean Functions and Applications June 21, 2019
Quantum-Computational Hybrid Cryptography based on the
Boolean Hidden Matching Problem
Romain Alléaume
![Page 2: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/2.jpg)
Relation btw quantum cryptography and boolean functions ?
Quantumbit(Qbit)óSU(2)óPointontheBlockSphere
|0>,|1>:orthogonalvectorsofSU(2)
| i = cos(✓/2) |0i+ e
i�sin(✓/2)|1iv
v
![Page 3: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/3.jpg)
Relation btw quantum cryptography and boolean functions ?
HolevoTheorem(73):theclassicalcapacityofnqubitsisatmostnbits
Quantumbit(Qbit)óSU(2)óPointontheBlockSphere
|0>,|1>:orthogonalvectorsofSU(2)
| i = cos(✓/2) |0i+ e
i�sin(✓/2)|1iv
v
![Page 4: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/4.jpg)
Relation btw quantum cryptography and boolean functions ?
{|0>,|1>}óF2ó1classicalbit
v
v
v
v
v
v
BB84QKDencoding:{|0>,|1>,|+>,|->}
1bitmaxcapacityZero-erroreavesdroppingImpossible
=>(…)Security
HolevoTheorem(73):theclassicalcapacityofnqubitsisatmostnbits
Quantumbit(Qbit)óSU(2)óPointontheBlockSphere
|0>,|1>:orthogonalvectorsofSU(2)
| i = cos(✓/2) |0i+ e
i�sin(✓/2)|1iv
v
![Page 5: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/5.jpg)
‘‘Quantum’’ is a frontier for computational cryptography
“Whenelementaryquantumsystems…areusedtotransmitdigitalinformaZon,theuncertaintyprinciplegivesrisetonovelcryptographicphenomenaunachievablewithtradiZonaltransmissionmedia.”
CharlesH.Benne_etGillesBrassard(1984)
![Page 6: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/6.jpg)
‘‘Quantum’’ is a frontier for computational cryptography
“Whenelementaryquantumsystems…areusedtotransmitdigitalinformaZon,theuncertaintyprinciplegivesrisetonovelcryptographicphenomenaunachievablewithtradiZonaltransmissionmedia.”
CharlesH.Benne_etGillesBrassard(1984)
- KeyDistribuZon:QKD(BB94,E91,GG02,DI-QKD,MDI-QKD,etc..)- RandomnessGeneraZon:QRNG,DI-QRNG- SecuremulZ-partycomputaZon:Bitcommitment,OT,BlindQCCommonpoint:realizesomeexis1ngcryptographicfunc1onali1eswithoutcomputa1onalassump1on:
ITSsecurity=Uncondi1onalSecurity
![Page 7: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/7.jpg)
Quantum Key Distribution: large-scale deployment in view
FirstEuropeanQKDNetwork,Vienna(2008)Geneva-LausanneQKDlink(1998)
![Page 8: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/8.jpg)
Quantum Key Distribution: large-scale deployment in view
FirstEuropeanQKDNetwork,Vienna(2008)Geneva-LausanneQKDlink(1998)
QSatelliteMicius(2016)2000kmGroundQKDNetwork(2018)
EuropeanQuantumCommunicaZonInfrastructure:deploymentplannedby2030
![Page 9: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/9.jpg)
Challenge: fundamental rate-loss trade-off (PLOB bound)
Lines=Upperbounds
Points=Experimentalresults
![Page 10: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/10.jpg)
Challenge: fundamental rate-loss trade-off (PLOB bound)
Lines=Upperbounds
Points=Experimentalresults
Maximum Distance depends on conditions (i.e Dmax such that R(Dmax) ~1 bit/s)
400 km lab environment low-loss fiber supra-conducting detector
240 km lab environment dark fiber avalanche photodiode
150 km field deployment dark fiber avalanche photodiode
<100 km field deployment WDM avalanche photodiode
![Page 11: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/11.jpg)
Breaking the rate-loss fundamental barrier QuantumRepeaters
QuantumInternetAllianceproject
![Page 12: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/12.jpg)
Breaking the rate-loss fundamental barrier QuantumRepeaters
QuantumInternetAllianceproject
Thiswork:Quantum-Computa;onalHybridCryptographyUsecomputa,onalassump,onstoboostquantumcryptographyØ Implementablewithcurrenttechnology(noquantummemory,norepeaters)Ø Changeofsecuritymodel
• RelaxuncondiZonalsecurityrequirement• Keepcorecryptographicadvantage:everlasZngsecurity
![Page 13: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/13.jpg)
Assumption 1 : Short-term-secure encryption exists
Legitimate users can use a (computationally-secure) symmetric encryption
scheme indisguishable from a random function during a time at least τenc
Assumption 2 : Noisy Quantum Storage
Quantum memory decoheres within a time τcoh << τenc
Quantum Computational Hybrid (QCH) Security Model
![Page 14: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/14.jpg)
Assumption 1 : Short-term-secure encryption exists
Legitimate users can use a (computationally-secure) symmetric encryption
scheme indisguishable from a random function during a time at least τenc
Assumption 2 : Noisy Quantum Storage
Quantum memory decoheres within a time τcoh << τenc
Quantum Computational Hybrid (QCH) Security Model
~min 1 Day 25 years
![Page 15: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/15.jpg)
H1
How to design a KD protocol in the QCH model ?
Highdimensional(d>>1)quantumencodinge.gd=64(arZsZcview)
(H0,H1):parZZonintwod/2-dimensionalbooleansubspaces
H0
![Page 16: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/16.jpg)
H1
How to design a KD protocol in the QCH model ?
Highdimensional(d>>1)quantumencodinge.gd=64(arZsZcview)
(H0,H1):parZZonintwod/2-dimensionalbooleansubspaces
High-levelideaforqcryptographicprotocol:
• Encryptandsend(H0,H1)• Encode1bitbasaqstate|φx>thatbelongstoH0orH1
Ifoneknows(H0,H1)ècandecodeb(measurement(H0,H1))Ifdoesnotknow(H0,H1)ècannotguessb(whatmeasurement?)
H0
![Page 17: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/17.jpg)
,
Bob
Boolean Hidden Matching (BHM)
Alice
BinarymatchingM, ωMóParZZonof{1,n}inn/2pairs{(i1,j1),(i2,j2),…,(in,jn)}
guessb
x�{0,1}n
suchthatMx=ω +bn/2
cbits/qqubits
![Page 18: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/18.jpg)
,
Bob
Boolean Hidden Matching (BHM)
Alice
BinarymatchingM, ωMóParZZonof{1,n}inn/2pairs{(i1,j1),(i2,j2),…,(in,jn)}
guessb
x�{0,1}n
suchthatMx=ω +bn/2
cbits/qqubits
ClassicalOne-waycomputaZonalcomplexityofBHMO(√n) bits
QuantumOne-waycomputaZonalcomplexityofBHMlog(n)qubits• Alicesends|ψx> =Σi=1..n(-1)
xi|i>• BobmeasuresaccordingtomatchingM:projecZonsPk(±)on|ik>±|j1>
ReferenceDmitryGavinsky,JuliaKempe,IordanisKerenidis,RanRaz,andRonaldDeWolf.Exponen,alsepara,onsforone-wayquantumcommuncomplexity,withappl.tocryptography.ACMSymposiumonTheoryofCompuZng2007.
![Page 19: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/19.jpg)
New Q Crypto framework : Quantum Computational Timelock (QCT)
v
The;melockisaZmerdesignedtopreventtheopeningofavaultunZlitreachesapresetZme.Verystrongsecuritywhencombinedwithexternalsecuritymechanism(e.g.Sheriff)
Zme
Startopening(breaking)locks
Timelocked
PresetZme
![Page 20: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/20.jpg)
New Q Crypto framework : Quantum Computational Timelock (QCT)
v
The;melockisaZmerdesignedtopreventtheopeningofavaultunZlitreachesapresetZme.Verystrongsecuritywhencombinedwithexternalsecuritymechanism(e.g.Sheriff)
Zme
Startopening(breaking)locks
Timelocked
PresetZme
AverageSheriffResponseTime
![Page 21: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/21.jpg)
New Q Crypto framework : Quantum Computational Timelock (QCT)
v
The;melockisaZmerdesignedtopreventtheopeningofavaultunZlitreachesapresetZme.Verystrongsecuritywhencombinedwithexternalsecuritymechanism(e.g.Sheriff)
Zme
Startopening(breaking)locks
Timelocked
PresetZme
AverageSheriffResponseTime
ComputaZonalEncrypZon
τenc
Decoherence
τcoh
![Page 22: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/22.jpg)
TimelockedclassicalinformaZonAlice(K)
b∈R {0,1}
x ∈ {0,1}n
DKM,ωEK (M,ω)
QChannel
bBBinarymatchingM
Bob(K)
M,ω ∈R {0,1}O(n)
Λ
EK (S)
IdealQchannel
EveX NoinformaZonaboutS
A-B
Δt > tcomp
XTimelockencrypZonelapsed
Measurement
tcoh << tcomp
NoisyQuantumStorage
tcoh
X ClassicalDecoding
SbE
Zme
Zme
t
T+Δt
QCT leads to reduction (C/Q separation) to Hidden Matching
A-E
Alice(K)
b∈R {0,1}
x ∈ {0,1}n
S = (M,ω)∈R {0,1}O(n)
|ψx >
|ψx >
y
QCommunicaZonbtwAandB
ReducestoCcommunicaZonbtwAandE
![Page 23: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/23.jpg)
Performance of Hidden Matching - QCT protocol
Reduction to BHM:
Secure KD with O(√n) photons / ch use
è Longer reach è Higher rates
than QKD
0 50 100 150 200 250 300 350
-6
-4
-2
0
km
RateHdBL
QKD
105modes
102modes
108modes
Granted Patent EP15305017.4 WO2016110582 Romain Alléaume, Communications with everlasting security from short-term-secure encrypted communication
Implementable with coherent states, with high dimensional (n modes) encoding
![Page 24: Quantum-Computational Hybrid Cryptography based on the ...boolean.w.uib.no/files/2019/06/romain.pdf · preset Zme. Very strong security when combined with external security mechanism](https://reader034.fdocuments.in/reader034/viewer/2022042919/5f61b7bf0c03cd53c65340e5/html5/thumbnails/24.jpg)
Conclusion and perspectives
QCryptocanbeboostedbyephemeralcomputa;onalassump;ons
- Everlas1ngsecurityinnoisystoragemodel- Improvedperformances- ImprovedfuncZonaliZes:1toNKD;noneedtotrustBob
FutureworkandOpenques;ons
ExperimentalImplementaZon(ongoingwork,frequencyencoding)
IsabeSerscalingachievable?(e.g,ratescaleslike0(n))
èExplorealternaZveconstrucZonsandconnecZonswith:- CommunicaZoncomplexity- Locallydecodablecodes- Randomnessextractors
- Othertechniquesfromcryptographyandcoding?