tallinn university of technology quantum computer impact on public key cryptography n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Tallinn University of Technology Quantum computer impact on public key cryptography PowerPoint Presentation
Download Presentation
Tallinn University of Technology Quantum computer impact on public key cryptography

Loading in 2 Seconds...

play fullscreen
1 / 28

Tallinn University of Technology Quantum computer impact on public key cryptography - PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on

Tallinn University of Technology Quantum computer impact on public key cryptography. Roman Stepanenko. Agenda. Introduction Explanation of RSA Principles of quantum computers Shor’s factorization algorithm. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Tallinn University of Technology Quantum computer impact on public key cryptography' - tala


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
tallinn university of technology quantum computer impact on public key cryptography

Tallinn University of TechnologyQuantum computer impact on public key cryptography

Roman Stepanenko

agenda
Agenda
  • Introduction
  • Explanation of RSA
  • Principles of quantum computers
  • Shor’s factorization algorithm
introduction
Introduction
  • Most cryptography systems rely on the difficulty of factoring large numbers.
  • No known efficient algorithm for number factorization on classical computer. Available algorithms take exponential time in respect to input size. Factorization of hundreds digits long numbers is practically impossible.
introduction1
Introduction
  • But what if there is a fast way to factor large numbers…?
explanation of rsa
Explanation of RSA
  • To explain why big number factorization is so important to cryptography we need to analyze how RSA works.
  • After a brief explanation a short example will follow which I took from the all knowing Wikipedia.
  • It will be shown why RSA is vulnerable
explanation of rsa1
Explanation of RSA
  • RSA algorithm consists of three steps: key generation, encryption and decryption. RSA uses a public and a private key.
  • Let’s look at how this is done.
steps of rsa
Steps of RSA
  • randomly generate two distinct prime numbers p and q of similar length
  • compute n = pqwhich will be used as modulus for both private and public keys
  • totient* function φ(n) = (p – 1)(q – 1) needs to be computed

*Euler's totient of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.

steps of rsa1
Steps of RSA
  • choose an integer e so thatφ(n) and e are coprimeand 1 < e < φ(n), number e is the public key exponent
  • to get the private key exponent d it is necessary to calculate the multiplicative inverse of e mod φ(n):d = e-1 mod φ(n)
  • public key consists of the modulus n and the encryption exponent e, private key consists of the decryption exponent d
steps of rsa2
Steps of RSA
  • message needs to be converted to an integer m (padding scheme is used)
  • ciphertextc = me(mod n) is computed
  • m= cd(mod n) to decrypt
  • from m we recover the original message
example of rsa encryption taken from http en wikipedia org wiki rsa a working example
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
  • Choose two distinct prime numbers, such as p = 61 and q = 53.
  • Compute n = pq giving n = 61 · 53 = 3233.
  • Compute the totient of the product as ϕ(n) = (p − 1)(q − 1) giving ϕ(3233) = (61 − 1)(53 − 1) = 3120.
example of rsa encryption taken from http en wikipedia org wiki rsa a working example1
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
  • Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e = 17.
  • Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding d = 2753 (solved for example using the extended Euclidean algorithm*).

*http://www.ahuwanya.net/blog/post/The-Extended-Euclidean-Algorithm.aspx

example of rsa encryption taken from http en wikipedia org wiki rsa a working example2
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
  • The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is m17 (mod 3233).
  • The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is c2753 (mod 3233).
example of rsa encryption taken from http en wikipedia org wiki rsa a working example3
Example of RSA encryptiontaken from http://en.wikipedia.org/wiki/RSA#A_working_example
  • For instance, in order to encrypt m = 65, we calculatec = 6517 (mod 3233) = 2790.
  • To decrypt c = 2790, we calculatem = 27902753 (mod 3233) = 65.

Both of these calculations can be computed efficiently using the square-and-multiply algorithm for modular exponentiation.

factorization attack
Factorization attack
  • If it was possible to efficiently factor the integer n, which is stored in the public key, it would be possible to find the totient φ(n) = (p – 1)(q – 1). Knowing that and the public exponent e, it is possible to compute the private exponent using the equality d = e-1 mod φ(n).
brief introduction into quantum computing
Brief introduction into Quantum Computing
  • Base of the classical memory register is the bit.
  • Base of the quantum memory register is the qbit.
  • Ideas how to implement a qbit: using a quantum particle’s spin value, using hydrogen atom’s electron state and so on.
brief introduction into quantum computing1
Brief introduction into Quantum Computing
  • Bit can be either in 0 or 1 state
  • Qbit exists in a superposition of 0 and 1 base states, it can be represented as a linear combination:

where αandβ are probability amplitudes and are complex numbers.

brief introduction into quantum computing2
Brief introduction into Quantum Computing
  • What do the αandβcoefficients actually mean?
    • If measured a qbit will be either 0 with probability |α|2 or 1 with probability |β|2.
    • |α|2 + |β|2 = 1
    • A qbit while left alone exists in a combination of 0 and 1 states, however when measured it becomes strictly 0 or 1 with certain probability.
brief introduction into quantum computing3
Brief introduction into Quantum Computing
  • We are not limited to one qbit systems.
  • A quantum system composed of mqbits requires 2mcomplex numbers to describe.
  • A classical register with n bits requires only n integers to describe.
  • Theoretically a quantum register can store exponentially greater amount of information than a classical register with the same amount of bits.
  • A quantum register exists in the superposition of base states. From this quality something called quantum parallelism arises.
  • Each component of the superposition may be considered as an argument to a function, so a function performed on the superposition of states is in turn performed on each component of the superposition.
  • The larger the number of possible states is, however, the smaller the probability that you will measure any particular state becomes.
shor s algorithm
Shor’s algorithm
  • In 1994 Peter Shor who was working as a scientist in Bell Labs devised a polynomial time quantum algorithm for big integer factorization. This became a great driving force for quantum computer research.
shor s algorithm1
Shor’s algorithm
  • F(a) = xamod n is a periodical function with some period r.
  • It is clear that x0mod n = 1, thereforexrmod n = 1, x2rmod n = 1 and so on.
shor s algorithm2
Shor’s algorithm

xrmod n = 1,

xr≡ 1 mod n,

(xr/2)2 ≡ 1 mod n,

(xr/2)2 – 1 ≡ 0 mod n,

and if r is an even number

(xr/2– 1) (xr/2+ 1) ≡ 0 mod n.

From the last identity it can be seen that (xr/2– 1) (xr/2+ 1) is an integer multiple of n. If |xr/2| ≠ 1, then at least one of (xr/2– 1), (xr/2+ 1) will have a non-trivial factor in common with n. Then by computing the gcd(xr/2– 1, n) and gcd(xr/2+ 1, n), we will obtain a factor of n. We can use the Euclidean algorithm for that.

shor s algorithm3
Shor’s algorithm
  • Shor‘s algorithm is designed to find r.
  • A quantum memory register with two parts has to be created.
  • A number q is chosen so that n2 ≤ q <2n2 and q is the power of two.
  • The first part of the memory register is loaded with a superposition of the integers which are to be a‘s in the xamod n function. The a‘s are chosen to be integers 0 through q­ – 1.
shor s algorithm4
Shor’s algorithm
  • The algorithm calculates xamod n with the superposition of the states a placed in the first part of the memory register, and places the result in the second part of the register.
  • If measured the state of the second part of the register will collapse into some value k.
shor s algorithm5
Shor’s algorithm
  • The first part of the quantum register will collapse into a superposition of the base states consistent with the value observed in the second part. It will contain values c, c + r, c + 2r... and so on, where c is the lowest value that would produce xcmod n = k.
  • In the next step a discrete quantum Fourier transform is performed on the contents of the first part of the register.
shor s algorithm6
Shor’s algorithm
  • It peaks the probability amplitudes of the first part of the register at integer multiples of the quantity q/r.
shor s algorithm7
Shor’s algorithm
  • Measuring the first part of the register will yield an integer multiple of the inverse of the period with high probability.
  • Analysis of this number is done on a classical computer to get the period r.
conclusion
Conclusion
  • Based on the ideas stated before it can be said that the invention of a quantum computer will put public key cryptography systems that rely on difficulty to factor large numbers (RSA, DSA, ECDSA) in danger.
conclusion1
Conclusion
  • There are many important classes of cryptographic systems beyond RSA and DSA and ECDSA:
    • Hash-based cryptography
    • Code-based cryptography
    • Lattice-based cryptography
    • Multivariate-quadratic-equations cryptography
    • Secret-key cryptography
  • All of these systems are believed to resist classical computers and quantum computers.