The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht,...
Transcript of The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht,...
![Page 1: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/1.jpg)
The H2020 PQCRYPTO project, an update
Andreas Hulsing, TU/e
20 September 2016
4th ETSI/IQC Workshop on Quantum-Safe Cryptography
![Page 2: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/2.jpg)
Post-Quantum Cryptography for Long-term Security
I Project funded by EU in Horizon 2020.
I Starting date 1 March 2015, runs for 3 years.
I 11 partners from academia and industry, TU/e is coordinator
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 2
![Page 3: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/3.jpg)
What does PQCRYPTO mean for you?
I Expert recommendations for post-quantum securecryptosystems.
I Recommended systems will get faster/smaller as result ofPQCRYPTO research.
I More benchmarking to compare cryptosystems.
I Cryptographic libraries will be made freely available for severalcomputer architectures.
I Find more information online at http://pqcrypto.eu.org/.
I Soon many deliverables.
I Follow us on twitter https://twitter.com/pqc_eu.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 3
![Page 4: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/4.jpg)
Initial recommendations (September 2015)
I Symmetric encryption Thoroughly analyzed, 256-bit keys:I AES-256I Salsa20 with a 256-bit key
Evaluating: Serpent-256, . . .
I Symmetric authentication Information-theoretic MACs:I GCM using a 96-bit nonce and a 128-bit authenticatorI Poly1305
I Public-key encryption McEliece with binary Goppa codes:I length n = 6960, dimension k = 5413, t = 119 errors
Evaluating: QC-MDPC, Stehle-Steinfeld NTRU, . . .
I Public-key signatures Hash-based (minimal assumptions):I XMSS with any of the parameters specified in CFRG draftI SPHINCS-256
Evaluating: HFEv-, . . .
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 4
![Page 5: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/5.jpg)
What happened since then?
I > 52 publications
I 1 Internet Draft
I > 44 presentations
I 1 Workshop
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 5
![Page 6: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/6.jpg)
Selected highlights
(only minimally subjective)
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 6
![Page 7: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/7.jpg)
Hash-based signatures
Stateful
I Internet Draft XMSS: Extended Hash-Based Signatures.
I Accompanying paper with security reduction & analysis ofgeneric quantum attacks.
I Several reference implementations available.
Stateless
I ARMed SPHINCS: Implementation on ARM Cortex M3.I Short, fixed-size input hash functions:
I HarakaI Simpira
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 7
![Page 8: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/8.jpg)
Lattice-based key exchange
NewHope
I Lattice-based KEX.
I Better suited error distribution, improved error-reconciliationmechanism, quantum-secure parameters, constant-time highspeed implementation.
I Winner of the 2016 Internet Defense Prize (100,000 USD).
I Test deployment in Google Chrome.
More recent
I Frodo: Take off the ring!
I NewHope-Simple.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 8
![Page 9: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/9.jpg)
Code-based encryption
QcBits
I Fast, constant-time implementation of QC-MDPC encryption(but only 80-bit pre-quantum security).
I Asiacrypt2016 paper by Johansson, Stankovski, Guouses usesdecryption failures to break QC-MDPC encryption.
I For QCBits, decryption failures less frequent than 10−8
(but can be constructed).
I New theoretical result reducing error probability to 2−128.
McBits Single Message
I Fast, constant-time implementation of Niederreiter withbinary Goppa codes.
I not published yet.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 9
![Page 10: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/10.jpg)
MQ-based signatures
MQ-DSS
I First signature scheme with security reduction fromMQ-Problem (and hash function / PRF properties).
I Parameters for 128bit security against quantum attacks.
I High-speed constant-time implementation.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 10
![Page 11: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/11.jpg)
Of course there is more...
I Several works on cryptanalysis.
I Several works on implementations.
I Several works on quantum security.
I And of course several more works on constructions...
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 11
![Page 12: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/12.jpg)
PQCrypto 2017, June 26-28
I Conference location Utrecht,now looking for bigger venue ;-)
I Dates:I School: June 19-23,I Executive school: June 22-23,I Conference: June 26-28.
I AMS airport Schiphol is 30 min by train (4 × per hour)
I Other airports: Rotterdam, Eindhoven, Dusseldorf.
I Direct ICEs from FRA.
I School location will be Eindhoven.Travel time Eindhoven–Utrecht: 50 min.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 12
![Page 13: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/13.jpg)
Utrecht, the Netherlands
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 13
![Page 14: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/14.jpg)
Utrecht is easy to reach
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 14
![Page 15: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/15.jpg)
Utrecht, the Netherlands
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 15
![Page 16: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/16.jpg)
Utrecht is home to Miffy
Miffy is called Nijntje in the Netherlands.http://nijntjemuseum.nl is located inthe museums district of Utrecht.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 16
![Page 17: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/17.jpg)
Technische Universiteit Eindhoven
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 17
![Page 18: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/18.jpg)
Eindhoven, the Netherlands
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 18
![Page 19: The H2020 PQCRYPTO project, an update · PQCrypto 2017, June 26-28 I Conference location Utrecht, now looking for bigger venue ;-) I Dates: I School: June 19-23, I Executive school:](https://reader034.fdocuments.in/reader034/viewer/2022050421/5f8ff97c59e218210842f4b9/html5/thumbnails/19.jpg)
Thank you
I All papers can be found online athttp://pqcrypto.eu.org/papers.html.
I For previous works, author lists etc.pp. see papers.
I Find more information online at http://pqcrypto.eu.org/.
I Follow us on twitter https://twitter.com/pqc_eu.
Andreas Hulsing, TU/e https://pqcrypto.eu.org PQCRYPTO project 19