Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Verification of Quantum Cryptography Dominique Unruh University of Tartu.

Published byJuliet Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "Formal Verification of Quantum Cryptography Dominique Unruh University of Tartu."— Presentation transcript:

1 Formal Verification of Quantum Cryptography Dominique Unruh University of Tartu

2 Outline Quantum crypto: – What and why? – Challenges. Verification of quantum crypto – Motivation and challenges – Current work Dominique Unruh Verification of Quantum Crypto2

3 What is quantum cryptography? Dominique Unruh Verification of Quantum Crypto3 Cryptography involving quantum mechanics Security against quantum computers Using quantum mechanics in crypto protocols

4 What is quantum mechanics? Classical world Everything is in a well-defined state You can observe the state of a system Quantum world Things can be in “superposition” of several classical states Observation make the system jump into one possibility. Dominique Unruh Verification of Quantum Crypto4 ON OFF left right x=5 x=6 15% OFF + 85% ON x=5 but also a bit 6 What is x? Aha, 5. Where is my sock? Aha. Left foot. What is x? Aha, 5 Aha, 6

5 QM and computers Quantum mechanics used routinely in technology – Transistors are based on quantum effects But “hidden” from the user – A transistor implements a “classical” on/off switch – Programs can treat all variables as having definite values at any time Dominique Unruh Verification of Quantum Crypto5

6 Quantum computers Computer is in many states: “Quantum parallelism” Can be exploited – Under very specific conditions! We can: – Compute discrete logarithms (breaks ElGamal etc.) – Factor large integers (breaks RSA etc.) – Reduce the time for brute force attacks to the square root Dominique Unruh Verification of Quantum Crypto6

7 If quantum computers were here… Dominique Unruh Verification of Quantum Crypto7 ElGamal, RSA, elliptic curve crypto Lattice-based crypto, McEliece etc. Common symmetric crypto (AES etc.) All commonly used public key crypto: BROKEN Candidates for replacements: Exist, but not as well-studied Symmetric crypto: Double the key length! If quantum computers were available today… … we would be screwed.

8 The threat today Quantum computers do not exist Unclear when If we don’t start research now, major disaster when they come Research & awareness: now! Dominique Unruh Verification of Quantum Crypto8 “Post-quantum cryptography” (classical crypto, quantum-secure)

9 Quantum Protocols Use quantum communication to make impossible tasks feasible Best known example: Unconditionally secure key distribution Possible today! (No quantum computer needed.) (Not the main focus of this talk.) Dominique Unruh Verification of Quantum Crypto9

10 Post-quantum cryptography What must be done? 1.Identify assumptions that are not quantum- broken (e.g., lattice-based crypto, not RSA) 2.Build cryptosystems based on those 3.Prove security Dominique Unruh Verification of Quantum Crypto10 Needs quantum know-how/techniques Possible without “quantum literacy”?

11 The post-quantum fallacy Dominique Unruh Verification of Quantum Crypto11

12 Why is the fallacy wrong? Dominique Unruh Verification of Quantum Crypto12

13 Summary (so far) Post-quantum crypto: – Security of classical protocols against quantum attacks Finding quantum hard assumptions: Not enough Need quantum proof techniques  “Normal” cryptographers cannot verify their own schemes! Dominique Unruh Verification of Quantum Crypto13

14 Quantum Crypto & Verification Dominique Unruh Verification of Quantum Crypto14 Formal methods & security Symbolic models For classical protocols For quantum protocols Computational crypto Post-quantum crypto “Classical” proofs “Quantum” proofs Quantum protocols Nothing to do (?) ??? Existing tools? New languages and logics

15 Post-quantum crypto verification (computational / classical proto / quantum adv) Tools exist for computational verification CertiCrypt (relational Hoare) EasyCrypt (relational Hoare, higher level) CryptoVerif (rewriting, automated) Could those be quantum-sound? Dominique Unruh Verification of Quantum Crypto15

16 Quantum soundness of EasyCrypt Dominique Unruh Verification of Quantum Crypto16

17 Why EasyCrypt fails… Dominique Unruh Verification of Quantum Crypto17

18 “QuEasyCrypt” (work in progress…) Quantum language for crypto games – Follows EasyCrypt, no surprises Quantum Hoare Logic Quantum Relational Hoare Logic – Same intuition as probabilistic RHL – But semantics are quantum  rules must be refined Dominique Unruh Verification of Quantum Crypto18

19 Quantum Hoare Logic Dominique Unruh Verification of Quantum Crypto19

20 Classical Relational Hoare Logic Dominique Unruh Verification of Quantum Crypto20

21 Classical Relational Hoare Logic Dominique Unruh Verification of Quantum Crypto21 project to first project to second

22 Quantum Relational Hoare Logic? Dominique Unruh Verification of Quantum Crypto22

23 Quantum Relational Hoare Logic? Dominique Unruh Verification of Quantum Crypto23 project to first project to second project to first project to second

24 QuEasyCrypt – the future If you can use EasyCrypt, you can use QuEasyCrypt – Get post-quantum verification for free (when classical proof is quantum-sound) Verification of quantum protocols: – Should be possible – Time will show Dominique Unruh Verification of Quantum Crypto24

25 Summary Dominique Unruh Verification of Quantum Crypto25 Formal methods & security Symbolic models For classical protocols For quantum protocols Computational crypto Post-quantum crypto “Classical” proofs “Quantum” proofs Quantum protocols Nothing to do (?) ??? Existing tools? New languages and logics QuEasyCrypt?

26 Dominique Unruh Verification of Quantum Crypto26 Q? uestions? (Or catch me for offline discussion…)

27 I thank for your attention This research was supported by European Social Fund’s Doctoral Studies and Internationalisation Programme DoRa Logo soup

Download ppt "Formal Verification of Quantum Cryptography Dominique Unruh University of Tartu."

Similar presentations

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)

Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Cryptography and Network Security

Cryptography and Network Security
Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.

Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.
Week three!.  8 groups of 2  6 rounds  Ancient cryptosystems  Newer cryptosystems  Modern cryptosystems  Encryption and decryptions  Math  Security.

Week three!.  8 groups of 2  6 rounds  Ancient cryptosystems  Newer cryptosystems  Modern cryptosystems  Encryption and decryptions  Math  Security.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Announcements: 1. Congrats on reaching the halfway point once again! 2. Reminder: HW5 due tomorrow, HW6 due Tuesday after break 3. Term project groups.

Announcements: 1. Congrats on reaching the halfway point once again! 2. Reminder: HW5 due tomorrow, HW6 due Tuesday after break 3. Term project groups.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Matthew Guidry. The Fundamentals of Cryptography  One of the fundamentals of cryptography is that keys selected for various protocols that are computationally.

Matthew Guidry. The Fundamentals of Cryptography  One of the fundamentals of cryptography is that keys selected for various protocols that are computationally.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.

CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Dominique Unruh 3 September 2012 Quantum Cryptography Dominique Unruh.

Dominique Unruh 3 September 2012 Quantum Cryptography Dominique Unruh.

Similar presentations

Ads by Google