Tallinn University of Technology Quantum computer impact on public key cryptography
description
Transcript of Tallinn University of Technology Quantum computer impact on public key cryptography
![Page 1: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/1.jpg)
Tallinn University of Technology
Quantum computer impact on public key cryptography
Roman Stepanenko
![Page 2: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/2.jpg)
AgendaIntroductionExplanation of RSAPrinciples of quantum computersShor’s factorization algorithm
![Page 3: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/3.jpg)
IntroductionMost cryptography systems rely
on the difficulty of factoring large numbers.
No known efficient algorithm for number factorization on classical computer. Available algorithms take exponential time in respect to input size. Factorization of hundreds digits long numbers is practically impossible.
![Page 4: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/4.jpg)
IntroductionBut what if there is a fast way to
factor large numbers…?
![Page 5: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/5.jpg)
Explanation of RSATo explain why big number
factorization is so important to cryptography we need to analyze how RSA works.
After a brief explanation a short example will follow which I took from the all knowing Wikipedia.
It will be shown why RSA is vulnerable
![Page 6: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/6.jpg)
Explanation of RSARSA algorithm consists of three
steps: key generation, encryption and decryption. RSA uses a public and a private key.
Let’s look at how this is done.
![Page 7: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/7.jpg)
Steps of RSArandomly generate two distinct prime
numbers p and q of similar lengthcompute n = pq which will be used as
modulus for both private and public keys
totient* function φ(n) = (p – 1)(q – 1) needs to be computed
*Euler's totient of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.
![Page 8: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/8.jpg)
Steps of RSAchoose an integer e so that φ(n) and e
are coprime and 1 < e < φ(n), number e is the public key exponent
to get the private key exponent d it is necessary to calculate the multiplicative inverse of e mod φ(n):d = e-1 mod φ(n)
public key consists of the modulus n and the encryption exponent e, private key consists of the decryption exponent d
![Page 9: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/9.jpg)
Steps of RSAmessage needs to be converted
to an integer m (padding scheme is used)
ciphertext c = me (mod n) is computed
m = cd(mod n) to decrypt from m we recover the original
message
![Page 10: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/10.jpg)
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
1. Choose two distinct prime numbers, such as p = 61 and q = 53.
2. Compute n = pq giving n = 61 · 53 = 3233.
3. Compute the totient of the product as ϕ(n) = (p − 1)(q − 1) giving ϕ(3233) = (61 − 1)(53 − 1) = 3120.
![Page 11: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/11.jpg)
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e = 17.
5. Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding d = 2753 (solved for example using the extended Euclidean algorithm*).
*http://www.ahuwanya.net/blog/post/The-Extended-Euclidean-Algorithm.aspx
![Page 12: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/12.jpg)
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is m17 (mod 3233).
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is c2753 (mod 3233).
![Page 13: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/13.jpg)
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
For instance, in order to encrypt m = 65, we calculatec = 6517 (mod 3233) = 2790.
To decrypt c = 2790, we calculatem = 27902753 (mod 3233) = 65.
Both of these calculations can be computed efficiently using the square-and-multiply algorithm for modular exponentiation.
![Page 14: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/14.jpg)
Factorization attackIf it was possible to efficiently
factor the integer n, which is stored in the public key, it would be possible to find the totient φ(n) = (p – 1)(q – 1). Knowing that and the public exponent e, it is possible to compute the private exponent using the equality d = e-1 mod φ(n).
![Page 15: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/15.jpg)
Brief introduction into Quantum ComputingBase of the classical memory
register is the bit.Base of the quantum memory
register is the qbit.Ideas how to implement a qbit:
using a quantum particle’s spin value, using hydrogen atom’s electron state and so on.
![Page 16: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/16.jpg)
Brief introduction into Quantum ComputingBit can be either in 0 or 1 stateQbit exists in a superposition of 0
and 1 base states, it can be represented as a linear combination:
where α and β are probability amplitudes and are complex numbers.
![Page 17: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/17.jpg)
Brief introduction into Quantum ComputingWhat do the α and β coefficients
actually mean? ◦If measured a qbit will be either 0
with probability |α|2 or 1 with probability |β|2.
◦ |α|2 + |β|2 = 1◦A qbit while left alone exists in a
combination of 0 and 1 states, however when measured it becomes strictly 0 or 1 with certain probability.
![Page 18: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/18.jpg)
Brief introduction into Quantum Computing We are not limited to one qbit systems. A quantum system composed of m qbits requires 2m complex
numbers to describe. A classical register with n bits requires only n integers to
describe. Theoretically a quantum register can store exponentially greater
amount of information than a classical register with the same amount of bits.
A quantum register exists in the superposition of base states. From this quality something called quantum parallelism arises.
Each component of the superposition may be considered as an argument to a function, so a function performed on the superposition of states is in turn performed on each component of the superposition.
The larger the number of possible states is, however, the smaller the probability that you will measure any particular state becomes.
![Page 19: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/19.jpg)
Shor’s algorithmIn 1994 Peter Shor who was
working as a scientist in Bell Labs devised a polynomial time quantum algorithm for big integer factorization. This became a great driving force for quantum computer research.
![Page 20: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/20.jpg)
Shor’s algorithmF(a) = xa mod n is a periodical
function with some period r. It is clear that x0 mod n = 1,
thereforexr mod n = 1, x2r mod n = 1 and so on.
![Page 21: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/21.jpg)
Shor’s algorithmxr mod n = 1,xr ≡ 1 mod n,(xr/2)2 ≡ 1 mod n,(xr/2)2 – 1 ≡ 0 mod n,and if r is an even number(xr/2 – 1) (xr/2 + 1) ≡ 0 mod n.
From the last identity it can be seen that (xr/2 – 1) (xr/2 + 1) is an integer multiple of n. If |xr/2| ≠ 1, then at least one of (xr/2 – 1), (xr/2 + 1) will have a non-trivial factor in common with n. Then by computing the gcd(xr/2 – 1, n) and gcd(xr/2 + 1, n), we will obtain a factor of n. We can use the Euclidean algorithm for that.
![Page 22: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/22.jpg)
Shor’s algorithmShor‘s algorithm is designed to find r. 1. A quantum memory register with two
parts has to be created.2. A number q is chosen so that
n2 ≤ q <2n2 and q is the power of two.3. The first part of the memory register
is loaded with a superposition of the integers which are to be a‘s in the xa mod n function. The a‘s are chosen to be integers 0 through q – 1.
![Page 23: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/23.jpg)
Shor’s algorithm4. The algorithm calculates xa mod
n with the superposition of the states a placed in the first part of the memory register, and places the result in the second part of the register.
5. If measured the state of the second part of the register will collapse into some value k.
![Page 24: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/24.jpg)
Shor’s algorithm6. The first part of the quantum register
will collapse into a superposition of the base states consistent with the value observed in the second part. It will contain values c, c + r, c + 2r... and so on, where c is the lowest value that would produce xc mod n = k.
7. In the next step a discrete quantum Fourier transform is performed on the contents of the first part of the register.
![Page 25: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/25.jpg)
Shor’s algorithm8. It peaks the probability
amplitudes of the first part of the register at integer multiples of the quantity q/r.
![Page 26: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/26.jpg)
Shor’s algorithm9. Measuring the first part of the
register will yield an integer multiple of the inverse of the period with high probability.
10.Analysis of this number is done on a classical computer to get the period r.
![Page 27: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/27.jpg)
ConclusionBased on the ideas stated before
it can be said that the invention of a quantum computer will put public key cryptography systems that rely on difficulty to factor large numbers (RSA, DSA, ECDSA) in danger.
![Page 28: Tallinn University of Technology Quantum computer impact on public key cryptography](https://reader035.fdocuments.in/reader035/viewer/2022062813/568164a6550346895dd698bf/html5/thumbnails/28.jpg)
ConclusionThere are many important classes of
cryptographic systems beyond RSA and DSA and ECDSA:◦ Hash-based cryptography◦ Code-based cryptography◦ Lattice-based cryptography◦ Multivariate-quadratic-equations cryptography◦ Secret-key cryptography
All of these systems are believed to resist classical computers and quantum computers.