QKD section WIP
This commit is contained in:
jaseg
parent
51bcb765e4
commit
2a368239ef
2 changed files with 41 additions and 37 deletions
|
|
@ -175,23 +175,28 @@
|
|||
\section{Cryptography in the Age of Quantum Computers}
|
||||
|
||||
For a decade or two now, Quantum Computing has been creating a buzz that nobody in Computer Science and adjacent fields
|
||||
could evade. Originating in the 1980ies as a highly academic fusion applying concepts from Computer Science in Quantum
|
||||
Physics, \todo{Add citation on QKD origins} its concepts have long found their way into popular science articles.
|
||||
Quantum Computing encompasses a model of computation that is fundamentally different from the \emph{classical}\footnote{
|
||||
In Quantum Computing, the term \emph{classical} is used as the complement of \emph{quantum}, and refers to the
|
||||
digital computers we know and (sometimes) love. This terminology stems from the distinction between classical and
|
||||
quantum physics.} digital circuits that underly all of modern computing. While at first this might seem like a step
|
||||
backwards into the era of early 1900s analog computing,\todo{Add citation on early analog computing}
|
||||
the capabilites of a future quantum computer promise to far outpace those of contemporary classical computers. Key to
|
||||
this improved processing capability is a property called \emph{Quantum Parallelism}. What this refers to is the fact
|
||||
that a quantum computer's internal state can simultaneously represent a multitude of states of a classical, digital
|
||||
computer, and the quantum computer can operate on all those states at once using a single quantum operation.
|
||||
could evade. Originating in the 1980ies as a highly academic thought experiment applying ideas from Computer Science in
|
||||
Quantum Physics, \todo{Add citation on QKD origins} its concepts have long found their way into popular science
|
||||
articles. Quantum Computing encompasses a model of computation that is fundamentally different from the
|
||||
\emph{classical}\footnote{ In Quantum Computing, the term \emph{classical} is used as the complement of \emph{quantum},
|
||||
and refers to the digital computers we know and (sometimes) love. This terminology stems from the distinction between
|
||||
classical and quantum physics.} digital circuits that underly all of modern computing. While at first this might seem
|
||||
like a step backwards into the era of early 1900s analog computing,\todo{Add citation on early analog computing} the
|
||||
capabilites of a future quantum computer promise to outpace those of any possible classical computer. Key to this
|
||||
improved processing capability is a property called \emph{Quantum Parallelism}, referring to the fact that inside of a
|
||||
quantum computer, a single \emph{quantum state} can simultaneously represent a multitude of states of a classical,
|
||||
digital computer, encoded into a quantum \emph{superposition}. Furthermore, the quantum computer can operate on all
|
||||
those states at once using a single \emph{quantum gate}.
|
||||
|
||||
Applying Quantum Parallelism to practical problems is far more complicated than, e.g., translating a digital circuit
|
||||
solving some equation to a quantum circuit, but for certain problems we already know \emph{quantum algorithms} that
|
||||
for large inputs solve these problems much faster than any classical computer ever could. Two of these algorithms, one
|
||||
by Shor and one by Grover \todo{Add citations on Shor's and Grover's algorithm} are what caused most of the buzz around
|
||||
the field of quantum computing, because they spell trouble for a large part of modern cryptography.
|
||||
The quantum gates of a quantum computer do not correspond directly to classical, digital logic. Applying Quantum
|
||||
Parallelism to practical problems is more complicated than, simply translating a digital circuit that computes a
|
||||
solution to a quantum circuit. Nevertheless, for certain problems \emph{quantum algorithms} have already been developed
|
||||
that for large inputs promise to solve these problems much faster than any classical computer ever could. Two of these
|
||||
algorithms, one by Shor and one by Grover \todo{Add citations on Shor's and Grover's algorithm} are what caused most of
|
||||
the buzz around the field of quantum computing because they spell trouble for a large part of modern cryptography.
|
||||
While neither is a threat under the current state of the art in quantum computing, assuming a sufficiently advanced
|
||||
quantum computer both algorithms provide solutions to problems that are classically assumed to be \emph{hard} with
|
||||
vastly improved asymptotical time complexity.
|
||||
|
||||
Besides the computational speed-up promised by Quantum Parallelism, there is one more interesting aspect of Quantum
|
||||
Computing where it radically deviates from classical computing. The reason modern cryptography exists is that when we
|
||||
|
|
@ -202,41 +207,40 @@ cryptography gives us tools to very effectively make whatever information the at
|
|||
A basic principle of Quantum Physics is the \emph{No-Cloning Theorem}, which states that it is impossible to create an
|
||||
identical, independent copy of an arbitrary, unknown quantum state. \todo{Add citation on No-Cloning Theorem}
|
||||
An implication of this theorem is that when we encode classical information into quantum states in just the right way,
|
||||
we can make it so that an attacker atttempting to eavesdrop on our quantum information can only actually read this
|
||||
information by destroying it in the process. This property can be exploited to replace a number of classical asymmetric
|
||||
primitives in interactive settings, \todo{Add citation on substitution, check if interactive only} the most popular
|
||||
application of which is replacing an asymmetric Diffie-Hellman key exchange \todo{Add citation on DH-Kex} with a quantum
|
||||
process called Quantum Key Distribution that yields much of the same properties.
|
||||
we can make it so that an attacker attempting to eavesdrop on our quantum information can only decode this information
|
||||
by destroying the underlying quantum states it in the process, which can be detected statistically. This property can be
|
||||
exploited to replace a number of classical asymmetric primitives in interactive settings, \todo{Add citation on
|
||||
substitution, check if interactive only} the most popular application of which is replacing an asymmetric Diffie-Hellman
|
||||
key exchange \todo{Add citation on DH-Kex} with a quantum process called Quantum Key Distribution (QKD) that yields much
|
||||
of the same properties.
|
||||
|
||||
In the past decades, the field of cryptography has been fundamentally shaped by the development of Quantum Computing and
|
||||
Quantum Key Distribution. However, the popular conception that all of today's cryptography will be broken and that we
|
||||
have to start from scratch is not accurate. Quantum Computing poses an unique threat to modern cryptography, and Quantum
|
||||
Key Distribution is a promising new tool, but the practical implications of both are much more subtle than how they may
|
||||
be portrayed. In the remainder of this chapter, we will look into the practical implications of these quantum
|
||||
Key Distribution is a promising new tool, but the practical implications of both are much more subtle than how they are
|
||||
often portrayed. In the remainder of this chapter, we will look into the practical implications of these quantum
|
||||
technologies, and we will come to two major conclusions: First, that while the underlying cryptographic primitives will
|
||||
change, apart from some minor engineering issues cryptography as a whole will remain largely the same. Second, that
|
||||
while Quantum Key Distribution is hailed as a revolution for network security, its practical advantages will remain far
|
||||
short of how it is usually conceptualized, and hardware security will assume a pivotal role in the practical security of
|
||||
Quantum Key Distribution systems that is a stark departure from its relative irrelevance in today's applied
|
||||
cryptography.
|
||||
change, apart from some engineering issues cryptography as a whole will remain largely the same. Second, that while
|
||||
Quantum Key Distribution is hailed as a revolution for network security, its practical advantages will remain far short
|
||||
of how it is usually conceptualized, and hardware security will assume a pivotal role in the practical security of
|
||||
Quantum Key Distribution systems. The central role of hardware security in Quantum Key Distribution is a stark departure
|
||||
from its relative irrelevance in today's applied cryptography.
|
||||
|
||||
Building on these conclusions, we will end this chapter with a study of a use case that illustrates a practical design
|
||||
for a secure network employing Quantum Key Distribution. Relying on both established classical and quantum primitives
|
||||
with known security properties we will elaborate how one can construct a large-scale network from those primitives
|
||||
that provides practical security to its users that goes beyond the (surprisingly limited) extents of quantum security
|
||||
proofs.
|
||||
that uses IHSMs to provide practical security beyond the---surprisingly limited---extent of quantum security proofs.
|
||||
|
||||
\subsection{Computational Assumptions and Information\Hyphdash Theoretic Security}
|
||||
\label{qc_comp_assum}
|
||||
|
||||
In the past paragraphs we have briefly mentioned that Quantum Computing provides a significant speed-up that can be
|
||||
We have briefly mentioned that Quantum Computing promises to eventually provide a significant speed-up that can be
|
||||
applied to solve many cryptographic problems fast enough for it to become a problem, but we have not elaborated on what
|
||||
that means in practice. In this section, we will attempt to provide concrete numbers to quantify the threat that both
|
||||
Shor's and Grover's algorithm pose to modern cryptography.
|
||||
that means in practice. In this section, we will attempt convey a more concrete intuition of the magnitude of the threat
|
||||
that both Shor's and Grover's algorithm and variants pose to modern cryptography.
|
||||
|
||||
Shor's algorithm allows for the factorization of large numbers in polynomial time on a quantum
|
||||
computer, a problem whose hardness (or the hardness of variants of which) is the foundation for the vast majority of
|
||||
today's asymmetric cryptography.
|
||||
Shor's algorithm allows for the factorization of large numbers in polynomial time on a quantum computer, a problem whose
|
||||
hardness (or the hardness of variants of which) is the foundation for the majority of today's asymmetric cryptography.
|
||||
|
||||
While Shor's algorithm attacks the foundations of most modern asymmetric cryptography, Grover's algorithm can be applied
|
||||
to hash functionss and symmetric cryptography. Fundamentally, Grover's algorithm is a search algorithm that allows a
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 601159904f4269366e29d85c2e90cbf000157f4f
|
||||
Subproject commit 3a7edbd1127cacc8f4c90376595b894105f3d479
|
||||
Loading…
Add table
Add a link
Reference in a new issue