Tallinn University of Technology Quantum computer impact on public key cryptography

1 / 28

# Tallinn University of Technology Quantum computer impact on public key cryptography - PowerPoint PPT Presentation

Tallinn University of Technology Quantum computer impact on public key cryptography. Roman Stepanenko. Agenda. Introduction Explanation of RSA Principles of quantum computers Shor’s factorization algorithm. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Tallinn University of Technology Quantum computer impact on public key cryptography' - tala

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Tallinn University of TechnologyQuantum computer impact on public key cryptography

Roman Stepanenko

Agenda
• Introduction
• Explanation of RSA
• Principles of quantum computers
• Shor’s factorization algorithm
Introduction
• Most cryptography systems rely on the difficulty of factoring large numbers.
• No known efficient algorithm for number factorization on classical computer. Available algorithms take exponential time in respect to input size. Factorization of hundreds digits long numbers is practically impossible.
Introduction
• But what if there is a fast way to factor large numbers…?
Explanation of RSA
• To explain why big number factorization is so important to cryptography we need to analyze how RSA works.
• After a brief explanation a short example will follow which I took from the all knowing Wikipedia.
• It will be shown why RSA is vulnerable
Explanation of RSA
• RSA algorithm consists of three steps: key generation, encryption and decryption. RSA uses a public and a private key.
• Let’s look at how this is done.
Steps of RSA
• randomly generate two distinct prime numbers p and q of similar length
• compute n = pqwhich will be used as modulus for both private and public keys
• totient* function φ(n) = (p – 1)(q – 1) needs to be computed

*Euler's totient of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.

Steps of RSA
• choose an integer e so thatφ(n) and e are coprimeand 1 < e < φ(n), number e is the public key exponent
• to get the private key exponent d it is necessary to calculate the multiplicative inverse of e mod φ(n):d = e-1 mod φ(n)
• public key consists of the modulus n and the encryption exponent e, private key consists of the decryption exponent d
Steps of RSA
• message needs to be converted to an integer m (padding scheme is used)
• ciphertextc = me(mod n) is computed
• m= cd(mod n) to decrypt
• from m we recover the original message
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
• Choose two distinct prime numbers, such as p = 61 and q = 53.
• Compute n = pq giving n = 61 · 53 = 3233.
• Compute the totient of the product as ϕ(n) = (p − 1)(q − 1) giving ϕ(3233) = (61 − 1)(53 − 1) = 3120.
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
• Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e = 17.
• Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding d = 2753 (solved for example using the extended Euclidean algorithm*).

*http://www.ahuwanya.net/blog/post/The-Extended-Euclidean-Algorithm.aspx

Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
• The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is m17 (mod 3233).
• The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is c2753 (mod 3233).
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
• For instance, in order to encrypt m = 65, we calculatec = 6517 (mod 3233) = 2790.
• To decrypt c = 2790, we calculatem = 27902753 (mod 3233) = 65.

Both of these calculations can be computed efficiently using the square-and-multiply algorithm for modular exponentiation.

Factorization attack
• If it was possible to efficiently factor the integer n, which is stored in the public key, it would be possible to find the totient φ(n) = (p – 1)(q – 1). Knowing that and the public exponent e, it is possible to compute the private exponent using the equality d = e-1 mod φ(n).
Brief introduction into Quantum Computing
• Base of the classical memory register is the bit.
• Base of the quantum memory register is the qbit.
• Ideas how to implement a qbit: using a quantum particle’s spin value, using hydrogen atom’s electron state and so on.
Brief introduction into Quantum Computing
• Bit can be either in 0 or 1 state
• Qbit exists in a superposition of 0 and 1 base states, it can be represented as a linear combination:

where αandβ are probability amplitudes and are complex numbers.

Brief introduction into Quantum Computing
• What do the αandβcoefficients actually mean?
• If measured a qbit will be either 0 with probability |α|2 or 1 with probability |β|2.
• |α|2 + |β|2 = 1
• A qbit while left alone exists in a combination of 0 and 1 states, however when measured it becomes strictly 0 or 1 with certain probability.
Brief introduction into Quantum Computing
• We are not limited to one qbit systems.
• A quantum system composed of mqbits requires 2mcomplex numbers to describe.
• A classical register with n bits requires only n integers to describe.
• Theoretically a quantum register can store exponentially greater amount of information than a classical register with the same amount of bits.
• A quantum register exists in the superposition of base states. From this quality something called quantum parallelism arises.
• Each component of the superposition may be considered as an argument to a function, so a function performed on the superposition of states is in turn performed on each component of the superposition.
• The larger the number of possible states is, however, the smaller the probability that you will measure any particular state becomes.
Shor’s algorithm
• In 1994 Peter Shor who was working as a scientist in Bell Labs devised a polynomial time quantum algorithm for big integer factorization. This became a great driving force for quantum computer research.
Shor’s algorithm
• F(a) = xamod n is a periodical function with some period r.
• It is clear that x0mod n = 1, thereforexrmod n = 1, x2rmod n = 1 and so on.
Shor’s algorithm

xrmod n = 1,

xr≡ 1 mod n,

(xr/2)2 ≡ 1 mod n,

(xr/2)2 – 1 ≡ 0 mod n,

and if r is an even number

(xr/2– 1) (xr/2+ 1) ≡ 0 mod n.

From the last identity it can be seen that (xr/2– 1) (xr/2+ 1) is an integer multiple of n. If |xr/2| ≠ 1, then at least one of (xr/2– 1), (xr/2+ 1) will have a non-trivial factor in common with n. Then by computing the gcd(xr/2– 1, n) and gcd(xr/2+ 1, n), we will obtain a factor of n. We can use the Euclidean algorithm for that.

Shor’s algorithm
• Shor‘s algorithm is designed to find r.
• A quantum memory register with two parts has to be created.
• A number q is chosen so that n2 ≤ q <2n2 and q is the power of two.
• The first part of the memory register is loaded with a superposition of the integers which are to be a‘s in the xamod n function. The a‘s are chosen to be integers 0 through q­ – 1.
Shor’s algorithm
• The algorithm calculates xamod n with the superposition of the states a placed in the first part of the memory register, and places the result in the second part of the register.
• If measured the state of the second part of the register will collapse into some value k.
Shor’s algorithm
• The first part of the quantum register will collapse into a superposition of the base states consistent with the value observed in the second part. It will contain values c, c + r, c + 2r... and so on, where c is the lowest value that would produce xcmod n = k.
• In the next step a discrete quantum Fourier transform is performed on the contents of the first part of the register.
Shor’s algorithm
• It peaks the probability amplitudes of the first part of the register at integer multiples of the quantity q/r.
Shor’s algorithm
• Measuring the first part of the register will yield an integer multiple of the inverse of the period with high probability.
• Analysis of this number is done on a classical computer to get the period r.
Conclusion
• Based on the ideas stated before it can be said that the invention of a quantum computer will put public key cryptography systems that rely on difficulty to factor large numbers (RSA, DSA, ECDSA) in danger.
Conclusion
• There are many important classes of cryptographic systems beyond RSA and DSA and ECDSA:
• Hash-based cryptography
• Code-based cryptography
• Lattice-based cryptography