Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Quantum computers attack

Branislav Majerník@oracle.com

18.5.2015 Oracle Security day Bratislava

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

TopicsCryptography today

Introduction to Quantum computing today

Post quantum cryptography

Q & A

1

2

3

4

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Cryptography todayRSA, ElGamal, Elliptic curves systems, Lattice systems

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Based on hard to compute problems(polynomial vs. exponential)

(N-1)!/2O(n) O(2n)

Search telephone number in DB

Traveling salesman problem

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Hard to compute (polynomial vs. exponential)

n (amount of data)

Number of

Operations

O(2n)

O(1)

O(n log n)

O(log n)

O(n2)

O(n)

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Hard to compute (sub)exponential IFP problem

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Hard to compute (sub)exponential DLP problem

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Is IFP and DLP same?

Given a group G, a subgroup H ≤ G, and a set X, we say a function f : G → X hides the subgroup H if for all g1, g2 G, f(g1) = f(g2) if and only if g1H = g2H for the cosets of H. Equivalently, the function f is constant on the ∈cosets of H, while it is different between the different cosets of H.Hidden subgroup problem: Let G be a group, X a finite set, and f : G → X a function that hides a subgroup H ≤ G. The function f is given via an oracle, which uses O(log |G|+log|X|) bits. Using information gained from evaluations of f via its oracle, determine a generating set for H.A special case is when X is a group and f is a group homomorphism in which case H corresponds to the kernel of f.

Both problems are special cases of the hidden subgroup problem over an abelian group.

http://www.eecs.berkeley.edu/Pubs/TechRpts/1984/CSD-84-186.pdf

Eric Bach: Discrete logarithms and factoring

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

ECDLP ? Hard to compute exponential

Public key, ABPrivate key, abA=aPB=bP

Message from B2AM= aB = abP = bA = baP

DL

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

http://www.design-reuse.com/articles/7409/ecc-holds-key-to-next-gen-cryptography.html

Underlying mathematical problem & run times of public-key systems

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

http://www.design-reuse.com/articles/7409/ecc-holds-key-to-next-gen-cryptography.html

Public-key sizes with equivalent security levels

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Why Oracle ? :)

http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/CDHandDLP.pdf

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Oracle cryptographics engine ECDH (SunEC)

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Introduction to QC today

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Future of computers (physical limits)

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

0,1 nm a0 is size of atom, QM rules

-

Exponential problems become polynomial

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Quantum computing

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubit – single electron transistor

University of New South Wales (UNSW)

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubit – photon with semiconductor quantum dots

Joint Quantum Institute

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubit - superconducting

IFN-CNR, Rome

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubit – superconducting, quantum annealing???

http://www.wired.com/2013/06/d-wave-quantum-computer-usc/

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubits – problems: decoherence, noise errors

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubits – Topological QC

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Realization of Qubits – Topological QC

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Possible representations of Qubits – summary

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Abelian hidden subgroup problem ( IFP, DLP...) solution

1. Transform problem to problem find a period of function – can be done on classical computer

Shor's algorithm

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Abelian hidden subgroup problem ( IFP, DLP...) solution

2. Find period with quantum Fourier transformation - can be done on quantum computer

Shor's algorithm

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Information set discovery problem (database search, inversion function, McEliece cryptography) solution

Via iteration find the eigenvalues = 1 for projection s to ω, f(ω) = 1

http://cr.yp.to/codes/grovercode-20091123.pdf

Grover's algorithm

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Quantum cryptography

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Secure distribution of secret key BB84 protocol

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Private amplification

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Secure distribution of secret key E91 protocol

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Post scriptum

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Q & A