460 likes | 710 Views
Information Security. Methods and Practices in Classical and Quantum Regimes. Cryptography. What’s that mean? Kryptos : hidden, secret Gráphō : to write What does it do? Encryption: plaintext ciphertext Decryption: ciphertext plaintext Why would you want that? Confidentiality
E N D
Information Security Methods and Practices in Classical and Quantum Regimes
Cryptography • What’s that mean? • Kryptos: hidden, secret • Gráphō: to write • What does it do? • Encryption: plaintext ciphertext • Decryption: ciphertext plaintext • Why would you want that? • Confidentiality • Integrity, authentication, signing, interactive proofs, secure multi-party computation
Cryptology, Cryptanalysis, Cryptolinguistics • Frequency analysis • Brute force • Differential • Integral • Impossible differential • Boomerang • Mod n • Related key • Slide • Timing • XSL • Linear • Multiple linear • Davies’ attack • Improved Davies’ attack
Demands for resilient crypto • AugusteKerckhoff’s principle • Cipher practically indecipherable • Cipher and keys not required to be secret • Key communicable and retainable • Applicable to telegraphic communication • Portable and human effort efficient • Easy to use • Bruce Shneier • “Secrecy … is a prime cause of brittleness… Conversely, openness provides ductility.” • Eric Raymond • “Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source.” • Shannon’s maxim • “The enemy knows the system.”
Classical Regime Written language text
Transposition • Exchange the position of two symbols in the text • Like an anagram • Scytale E.g. text cipher Hello world! eHll oowlr!d
Substitution • Systematically exchange a symbol in the text with another symbol • Caesar cipher, EXCESS-3 E.g. text cipher Aabcd Ddefg
Poly-Alphabetic Substitution • Repeated and dynamic substitution(s) • Wehrmacht Enigma • Series of rotors
One Time Pad • Perfect secrecy • Coined by Shannon • H(M) = H(M|C) • Requirements • Perfect randomness • Secure key generation and exchange • Careful adherence to process
Classical Regime Binary bit sequence
Secret Key Crypto • Perfect secrecy • Coined by Shannon • H(M) = H(M|C) • Requirements • Perfect randomness • Secure key generation and exchange • Careful adherence to process
Symmetric Key Crypto • The same (or similar) key • For both encryption and decryption • Data Encryption Standard • 56 bit key • Feistel network • Broken in 1999 in 22 hours 15 minutes by Deep Crack • Triple-DES • 56 bit keys (3 unique) • en-de-en-crypt • Advanced Encryption Standard (Rijndael) • 128-192-256 bit keys • Substitution permutation network
Feistel Network • Expansion • Key mixing • Substitution • Permutation
Substitution Permutation Network • Substitution • 1/n input change 1/2 output change • confusion • Permutation • mix up inputs • diffusion • Round keys
Public Key Crypto • Asymmetric keys • public and private • No secret key • Multiple use • TLS, SSL, PGP, GPG, digital signatures
RSA • Ron Rivest, Adi Shamir, Leonard Adleman; 1978 • Key generation • Pick two distinct, large prime numbers: p, q • Compute their product: n = pq • Compute its totient: phi = (p-1)(q-1) • Pick a public key exponent: 1 < e < phi, e and phi coprime • Compute private key exponent: de = 1 (mod phi) • Encryption • Forward padding • Cipher = text ^ e (mod n) • Exponentiation by squaring • Decryption • Text = cipher ^ d (mod n) • = text ^ de (mod n) = text ^ (1+k*phi) (mod n) = text (mod n) • Reverse padding
Hybrid Crypto • Diffe-Hellman key exchange • Alice and Bob agree on a finite cyclic group G (Multiplicative group of integers mod p) • Period p, prime number • Base g, primitive root mod p • Alice picks a random natural number a and sends gamod p to Bob. • Bob picks a random natural number b and sends gbmod p to Alice. • Alice computes (gb mod p)a mod p • Bob computes (ga mod p)b mod p • Both know gab mod p = gba mod p
Quantum Regime Breaking classical crypto
Peter Shor’s Factorization Algorithm • Polynomial time in log N: O( (log N)3 ) • Polynomial gates in log N: O( (log N)2 ) • Complexity class Bounded-Error Quantum Polynomial (BQP) • Transform from to periodicity • Pick 1 < r < N: ar = 1 mod N • ar -1 = (ar/2 +1)(ar/2 -1) = 0 mod N • N = (ar/2 +1)(ar/2 -1) = pq • Quantum Fourier Transform • Map x-space to ω-space • Measure with 1/r2 probability
Factor 15 • In 2001 IBM demonstrated Shor’s Algorithm and factored 15 into 3 and 5 • NMR implementation with 7 qubits • pentafluorobutadienylcyclopentadienyldicarbonyl-iron complex (C11H5F5O2Fe)
DWave • Superconducting processors • Adiabatic quantum algorithms • Solving Quantum Unconstrained Binary Optimization problems (QUBO is in NP)
Quantum Regime Future proof cryptography
Quantum Key Distribution • Quantum communication channel • Single photon, entangled photon pair • Preparation • Alice prepares a state, sends to Bob, measures • Entanglement • Alice and Bob each receive half the pair, measure
Non-Orthogonal Bases • Complementary bases • Basis A: { |0>, |1> } • Basis B: { |+>, |-> } • Indistinguishable transmission states • |+> = 0.5 |0> + 0.5 |1> • |-> = 0.5 |0> - 0.5 |1> • Random choice of en-de-coding bases • Succeeds ~ p = 0.5
True Random Number Generation • Quantum mechanics at < atomic scale • Shot noise • Nuclear decay • Optics • Thermal noise • Resistor heat • Avalanche/Zener diode breakdown noise • Atmospheric noise
EPR • Einstein, Podolsky, Rosen (1935) • Entangled qubits • Violation of Bell Inequality
BB84 • Charles A Bennett, Gilles Brassard (1984) • Single photon source, polarization • One way, Alice prepares sends to Bob • Psi encoded as random bits a, random bases b • Bob measures • Decoded in random bases b’ • 50% successfully measured bits a’ = a • Measurement bases are shared publicly • Throw away a, a’ for b != b’
E91 • Artur Ekert (1991) • Entangled photon source • Perfect correlation, 100% a = a’ if b = b’ • Non-locality, > 50% a <--> a’ • Eve measurement reduces correlation
B92 • Charles A. Bennett (1992) • Dim signal pulse, bright reference pulse • Maintains phase with a single qubit transmitted • Bases: rectilinear, circular • P0 = 1 - |u1><u1| • P0 |u0> = 1 ; p= 1 - |< u0 | u1 >|2 > 0 • P0 |u1> = 0 • P1 = 1 - |u0><u0| • P1 |u0> = 0 • P1 |u1> = 1 ; p= 1 - |< u0 | u1 >|2 > 0 • Throw away measurements != 1
SARG04 • Scarani et. al. (2004) • Attenuated laser pulses
Information Reconciliation • 1992 Bennett, Bessette, Brassard, Salvail, Smolin • Cascade protocol, repititious • Compare block parity bits • Odd 1 count: parity = 1; even 1 count transmitted • Even 1 count: parity = 0; even 1 count transmitted • Two-out-of-five code • Every transmission has two 1s and three 0s • Hamming codes • Additional bits used to identify and correct errors
Privacy Amplification • Shortened key length • Universal hash function • Range r • Collision probability p < 1/r
Quantum Regime Attacks
Intercept and Resend • Eve measures the qubit in basis b’’ • 50% probability of correct measurement • Eve sends to a’’ Bob • 25% probability of correct measurement • Probability of detection • P = 1 – (0.75)n • 99% in n = 16 bits
Security Proofs • BB84 is proven unconditionally secure against unlimited resources, provided that: • Eve cannot access Alice and Bob's encoding and decoding devices • The random number generators used by Alice and Bob must be trusted and truly random • The classical communication channel must be authenticated using an unconditionally secure authentication scheme
Man in the Middle • Senders and recipients are indistinguishable on public channels • Eve could pose as Bob • Receiving some large portion of messages • Responding promptly, at least before Bob • Wegman-Carter authentication • Alice and Bob share a secret key
Photon Number Splitting • No true single photon sources • Attenuated laser pulses • Some small number of photons per pulse, i.e. 0.1 • If > 1 photon are present, splitting can occur without detection during reconciliation • A secure key is still possible, but requires additional privacy amplification
Hacking • Gain access to security equipment • Foil random number generation • Plant Trojan horse • Faked state attack • Eve - actively quenched detector module • Phase remapping attack • Move from { |0>, |1>, |+>, |-> } to { |0>, |δ/2>, |δ>, |3δ/2> } • Time-shift attack • Demonstrated to have ~ 4% mutual information gathered from the idQuantique ID-500 QKD
Denial of Service • Stop Alice and Bob from communicating • Via Classical channel(s) • Via Quantum channel(s) • Physically block transmissions • Introduce large volume of errors
Quantum Regime Commercially available devices
MagiQ – QPN 8505 • “Any sufficiently advanced technology is indistinguishable from magic.” –Arthur C Clarke • Transmits qubit polarization over optical fiber • 256 bit AES; 1,000 keys per second • 140 km range, more with repeaters
idQuantique – Cerberis, Centauris • Transmits qubit phase over optical fiber • High speed layer 2 encryption • 256 bit AES; 12 key-devices per minute, 100 km range
SmartQuantum – KeyGen, Defender • Generate and distribute secret keys over quantum channel • Use classical encryption and communication
Quintessence Labs • G2 QKD • Continuous variable brightness laser beams • Cheaper than SPS • Dense wavelength division multiplexing • Erbium doped fiber amplifiers ~ 1550 nm
BBN Technologies • DARPA QNet • Fully operational October 23, 2003 • Harvard University • Boston University • BBN Technologies • QKD • Weak coherence • 5 MHz pulse rate • 0.1 mean photons/pulse
John Krah University of Washington Physics Department