QKD WIP
This commit is contained in:
jaseg
parent
92f461e568
commit
26bbd76ae0
3 changed files with 86 additions and 1 deletions
Binary file not shown.
|
|
@ -119,6 +119,8 @@
|
|||
}
|
||||
}
|
||||
|
||||
\hyphenation{a-me-na-ble}
|
||||
|
||||
\begin{document}
|
||||
\dominitoc
|
||||
\faketableofcontents
|
||||
|
|
@ -244,7 +246,7 @@ interesting spin on the original Minicrypt scenario that recently has garnered s
|
|||
name Mini\textbf{Q}Crypt\cite{griloObliviousTransferMiniQCrypt2021, barootiPublicKeyEncryptionQuantum2023}. In
|
||||
MiniQCrypt, on one hand, conventional public key cryptography falls before quantum computers, but the key observation is
|
||||
that on the other hand, we can then use those quantum computers to do \emph{quantum} cryptography, re-gaining some of
|
||||
what we lost. The (im)possibility results for MiniQCrypt are nuanced, and provide something between the intact
|
||||
what we have lost. The (im)possibility results for MiniQCrypt are nuanced, and provide something between the intact
|
||||
conventional public-key cryptography in Cryptomania, and the total absence of it in classical Minicrypt.
|
||||
|
||||
In the discourse on quantum computing and its application to cryptography, it is important to be mindful of which
|
||||
|
|
@ -254,6 +256,23 @@ symmetric cryptography. In this framework, secret key rate becomes paramount bec
|
|||
used with an information-theoretically secure encryption scheme, requiring a never-ending secret key stream. Key
|
||||
expansion functions are based on one-way-functions, which are unavailable here.
|
||||
|
||||
While in academic sources Pessiland assumptions are common, commercial systems usually are based on Minicrypt
|
||||
assumptions. That is, commercial systems propose QKD as an alternative to classical asymmetric cryptography for
|
||||
cryptographic key exchange, but then continue to use classical symmetric cryptography for purposes such as key
|
||||
derivation and secret-key encryption. Using a computationally secure key derivation function such as Argon 2, a small,
|
||||
fixed amount of precious QKD secret key bits can be expanded into a key of almost unbounded length\footnote{Key
|
||||
derivation functions have limited output size}. Similarly, a
|
||||
computationally secure symmetric cipher such as AES can be used to encrypt almost arbitrary amounts of data using a
|
||||
single, short key\footnote{
|
||||
We write that the amount of data that can be encrypted with a computationally secure block cipher is only
|
||||
\emph{almost} unbounded because the cipher operates on blocks of a fixed, short size and depending on the cipher
|
||||
mode, in most applications, collisions of two such blocks enable stochastic \emph{Birthday
|
||||
Attacks}\cite{giraultGeneralizedBirthdayAttack1988}. Usually, for a primitive of block size $n\;\unit{\bit}$, an
|
||||
amount of $2^\frac{n}{2}$ extracted blocks is used as an upper bound for safe usage. For a cipher using the
|
||||
currently common block size of \qty{128}{\bit}, this bound lies at \qty{256}{\exa\byte} of
|
||||
data\cite{bhargavanPracticalSecurity64bit2016,}.
|
||||
}.
|
||||
|
||||
\section{The Practical Security Implications of Quantum Computing}
|
||||
\label{qc-practical-implications}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue