QKD WIP

2024-07-31 19:06:32 +02:00 · 2024-07-31 19:06:32 +02:00 · 26bbd76ae0
commit 26bbd76ae0
parent 92f461e568
3 changed files with 86 additions and 1 deletions
--- a/chapter-qkd/chapter.pdf
+++ b/chapter-qkd/chapter.pdf
--- a/chapter-qkd/chapter.tex
+++ b/chapter-qkd/chapter.tex
@ -119,6 +119,8 @@
    }
 }

+\hyphenation{a-me-na-ble}
+
 \begin{document}
 \dominitoc
 \faketableofcontents
@ -244,7 +246,7 @@ interesting spin on the original Minicrypt scenario that recently has garnered s
 name Mini\textbf{Q}Crypt\cite{griloObliviousTransferMiniQCrypt2021, barootiPublicKeyEncryptionQuantum2023}. In
 MiniQCrypt, on one hand, conventional public key cryptography falls before quantum computers, but the key observation is
 that on the other hand, we can then use those quantum computers to do \emph{quantum} cryptography, re-gaining some of
-what we lost. The (im)possibility results for MiniQCrypt are nuanced, and provide something between the intact
+what we have lost. The (im)possibility results for MiniQCrypt are nuanced, and provide something between the intact
 conventional public-key cryptography in Cryptomania, and the total absence of it in classical Minicrypt.

 In the discourse on quantum computing and its application to cryptography, it is important to be mindful of which
@ -254,6 +256,23 @@ symmetric cryptography. In this framework, secret key rate becomes paramount bec
 used with an information-theoretically secure encryption scheme, requiring a never-ending secret key stream. Key
 expansion functions are based on one-way-functions, which are unavailable here.

+While in academic sources Pessiland assumptions are common, commercial systems usually are based on Minicrypt
+assumptions. That is, commercial systems propose QKD as an alternative to classical asymmetric cryptography for
+cryptographic key exchange, but then continue to use classical symmetric cryptography for purposes such as key
+derivation and secret-key encryption. Using a computationally secure key derivation function such as Argon 2, a small,
+fixed amount of precious QKD secret key bits can be expanded into a key of almost unbounded length\footnote{Key
+derivation functions have limited output size}. Similarly, a
+computationally secure symmetric cipher such as AES can be used to encrypt almost arbitrary amounts of data using a
+single, short key\footnote{
+    We write that the amount of data that can be encrypted with a computationally secure block cipher is only
+    \emph{almost} unbounded because the cipher operates on blocks of a fixed, short size and depending on the cipher
+    mode, in most applications, collisions of two such blocks enable stochastic \emph{Birthday
+    Attacks}\cite{giraultGeneralizedBirthdayAttack1988}. Usually, for a primitive of block size $n\;\unit{\bit}$, an
+    amount of $2^\frac{n}{2}$ extracted blocks is used as an upper bound for safe usage. For a cipher using the
+    currently common block size of \qty{128}{\bit}, this bound lies at \qty{256}{\exa\byte} of
+    data\cite{bhargavanPracticalSecurity64bit2016,}.
+}.
+
 \section{The Practical Security Implications of Quantum Computing}
 \label{qc-practical-implications}

--- a/main.bib
+++ b/main.bib
@ -172,6 +172,16 @@
  isbn = {978-1-4503-7590-0}
 }

+@book{barakIntensiveIntroductionCryptography,
+  title = {An Intensive Introduction to Cryptography: {{Computational}} Security},
+  shorttitle = {An Intensive Introduction to Cryptography},
+  author = {Barak, Boaz},
+  url = {https://intensecrypto.org/},
+  urldate = {2024-07-31},
+  abstract = {Lecture notes on Cryptography by Boaz Barak},
+  langid = {english}
+}
+
@inproceedings{barnettSecuringQuantumKey2011,
  title = {Securing a Quantum Key Distribution Relay Network Using Secret Sharing},
  booktitle = {2011 {{IEEE GCC Conference}} and {{Exhibition}} ({{GCC}})},
@ -327,6 +337,25 @@
  langid = {english}
 }

+@inproceedings{bhargavanPracticalSecurity64bit2016,
+  title = {On the {{Practical}} ({{In-}}){{Security}} of 64-Bit {{Block Ciphers}}: {{Collision Attacks}} on {{HTTP}} over {{TLS}} and {{OpenVPN}}},
+  shorttitle = {On the {{Practical}} ({{In-}}){{Security}} of 64-Bit {{Block Ciphers}}},
+  booktitle = {Proceedings of the 2016 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
+  author = {Bhargavan, Karthikeyan and Leurent, Gaëtan},
+  date = {2016-10-24},
+  pages = {456--467},
+  publisher = {ACM},
+  location = {Vienna Austria},
+  doi = {10.1145/2976749.2978423},
+  url = {https://dl.acm.org/doi/10.1145/2976749.2978423},
+  urldate = {2024-07-31},
+  abstract = {While modern block ciphers, such as AES, have a block size of at least 128 bits, there are many 64-bit block ciphers, such as 3DES and Blowfish, that are still widely supported in Internet security protocols such as TLS, SSH, and IPsec. When used in CBC mode, these ciphers are known to be susceptible to collision attacks when they are used to encrypt around 232 blocks of data (the so-called birthday bound). This threat has traditionally been dismissed as impractical since it requires some prior knowledge of the plaintext and even then, it only leaks a few secret bits per gigabyte. Indeed, practical collision attacks have never been demonstrated against any mainstream security protocol, leading to the continued use of 64-bit ciphers on the Internet.},
+  eventtitle = {{{CCS}}'16: 2016 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
+  isbn = {978-1-4503-4139-4},
+  langid = {english},
+  file = {/home/jaseg/Zotero/storage/SAF7LRDH/Bhargavan and Leurent - 2016 - On the Practical (In-)Security of 64-bit Block Cip.pdf}
+}
+
@article{bibakQuantumKeyDistribution2021,
  title = {Quantum Key Distribution with {{PRF}}({{Hash}}, {{Nonce}}) Achieves Everlasting Security},
  author = {Bibak, Khodakhast and Ritchie, Robert},
@ -1072,6 +1101,25 @@
  keywords = {Audio steganalysis,Audio steganography,Human auditory system,Mel frequency cepstrum coefficients,Universal steganalysis}
 }

+@incollection{giraultGeneralizedBirthdayAttack1988,
+  title = {A {{Generalized Birthday Attack}}},
+  booktitle = {Advances in {{Cryptology}} — {{EUROCRYPT}} ’88},
+  author = {Girault, Marc and Cohen, Robert and Campana, 2)Mireille},
+  editor = {Barstow, D. and Brauer, W. and Brinch Hansen, P. and Gries, D. and Luckham, D. and Moler, C. and Pnueli, A. and Seegmüller, G. and Stoer, J. and Wirth, N. and Günther, Christoph G.},
+  date = {1988},
+  volume = {330},
+  pages = {129--156},
+  publisher = {Springer Berlin Heidelberg},
+  location = {Berlin, Heidelberg},
+  doi = {10.1007/3-540-45961-8_12},
+  url = {http://link.springer.com/10.1007/3-540-45961-8_12},
+  urldate = {2024-07-31},
+  abstract = {We generalize the birthday attack presented by Coppersmith at Crypto'8S which defrauded a Davies-Price message authentication scheme. We first study the birthday paradox and a variant f o r which some convergence results and related bounds are provided. Secondly, we generalize the Davies-Price scheme and show how the Coppersmith attack can be extended to this case. AS a consequence, the case p=4 with DES (important when RSA with a 512-bit modulus is used €or signature) appears not to be secure enough.},
+  isbn = {978-3-540-50251-7},
+  langid = {english},
+  file = {/home/jaseg/Zotero/storage/IUACRFKT/Girault et al. - 1988 - A Generalized Birthday Attack.pdf}
+}
+
@inproceedings{goldbergPlanarFabricationMesoscale2014,
  title = {Planar Fabrication of a Mesoscale Voice Coil Actuator},
  booktitle = {2014 {{IEEE International Conference}} on {{Robotics}} and {{Automation}} ({{ICRA}})},
@ -1562,6 +1610,24 @@
  file = {/home/jaseg/Zotero/storage/4NYR9495/Koblah et al. - 2022 - Hardware Moving Target Defenses against Physical A.pdf}
 }

+@inproceedings{kodwaniSecurityKeyDerivation2021,
+  title = {On {{Security}} of {{Key Derivation Functions}} in {{Password-based Cryptography}}},
+  booktitle = {2021 {{IEEE International Conference}} on {{Cyber Security}} and {{Resilience}} ({{CSR}})},
+  author = {Kodwani, Gaurav and Arora, Shashank and Atrey, Pradeep K.},
+  date = {2021-07-26},
+  pages = {109--114},
+  publisher = {IEEE},
+  location = {Rhodes, Greece},
+  doi = {10.1109/CSR51186.2021.9527961},
+  url = {https://ieeexplore.ieee.org/document/9527961/},
+  urldate = {2024-07-31},
+  abstract = {Most common user authentication methods use some form of password or a combination of passwords. However, encryption schemes are generally not directly compatible with user passwords and thus, Password-Based Key Derivation Functions (PBKDFs) are used to convert user passwords into cryptographic keys. In this paper, we analyze the theoretical security of PBKDF2 and present two vulnerabilities, γ-collision and δ-collision. Using AES-128 as our exemplar, we show that due to γ-collision, text encrypted with one user password can be decrypted with γ − 1 different passwords. We also provide a proof that finding a collision in the derived key for AES-128 requires δ lesser calls to PBKDF2 than the known Birthday attack. Due to this, it is possible to break password-based AES-128 in O(264) calls, which is equivalent to brute-forcing DES.},
+  eventtitle = {2021 {{IEEE International Conference}} on {{Cyber Security}} and {{Resilience}} ({{CSR}})},
+  isbn = {978-1-66540-285-9},
+  langid = {english},
+  file = {/home/jaseg/Zotero/storage/LZAAUT5E/Kodwani et al. - 2021 - On Security of Key Derivation Functions in Passwor.pdf}
+}
+
@article{koehler-sidkiSecuritySelfDifferencingAvalanche2020,
  title = {The {{Security}} of {{Self-Differencing Avalanche Photodiodes}} for {{Quantum Key Distribution}}},
  author = {Koehler-Sidki, Alexander Mark},