From 2a368239ef529633a874d251975b778ed3270311 Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 2 Sep 2024 15:38:41 +0200 Subject: [PATCH] QKD section WIP --- chapter-qkd/chapter.tex | 76 +++++++++++++------------ chapter-qkd/figures/ihsm-secondary-mesh | 2 +- 2 files changed, 41 insertions(+), 37 deletions(-) diff --git a/chapter-qkd/chapter.tex b/chapter-qkd/chapter.tex index 7621e0f..b3e291b 100644 --- a/chapter-qkd/chapter.tex +++ b/chapter-qkd/chapter.tex @@ -175,23 +175,28 @@ \section{Cryptography in the Age of Quantum Computers} For a decade or two now, Quantum Computing has been creating a buzz that nobody in Computer Science and adjacent fields -could evade. Originating in the 1980ies as a highly academic fusion applying concepts from Computer Science in Quantum -Physics, \todo{Add citation on QKD origins} its concepts have long found their way into popular science articles. -Quantum Computing encompasses a model of computation that is fundamentally different from the \emph{classical}\footnote{ - In Quantum Computing, the term \emph{classical} is used as the complement of \emph{quantum}, and refers to the - digital computers we know and (sometimes) love. This terminology stems from the distinction between classical and - quantum physics.} digital circuits that underly all of modern computing. While at first this might seem like a step -backwards into the era of early 1900s analog computing,\todo{Add citation on early analog computing} -the capabilites of a future quantum computer promise to far outpace those of contemporary classical computers. Key to -this improved processing capability is a property called \emph{Quantum Parallelism}. What this refers to is the fact -that a quantum computer's internal state can simultaneously represent a multitude of states of a classical, digital -computer, and the quantum computer can operate on all those states at once using a single quantum operation. +could evade. Originating in the 1980ies as a highly academic thought experiment applying ideas from Computer Science in +Quantum Physics, \todo{Add citation on QKD origins} its concepts have long found their way into popular science +articles. Quantum Computing encompasses a model of computation that is fundamentally different from the +\emph{classical}\footnote{ In Quantum Computing, the term \emph{classical} is used as the complement of \emph{quantum}, +and refers to the digital computers we know and (sometimes) love. This terminology stems from the distinction between +classical and quantum physics.} digital circuits that underly all of modern computing. While at first this might seem +like a step backwards into the era of early 1900s analog computing,\todo{Add citation on early analog computing} the +capabilites of a future quantum computer promise to outpace those of any possible classical computer. Key to this +improved processing capability is a property called \emph{Quantum Parallelism}, referring to the fact that inside of a +quantum computer, a single \emph{quantum state} can simultaneously represent a multitude of states of a classical, +digital computer, encoded into a quantum \emph{superposition}. Furthermore, the quantum computer can operate on all +those states at once using a single \emph{quantum gate}. -Applying Quantum Parallelism to practical problems is far more complicated than, e.g., translating a digital circuit -solving some equation to a quantum circuit, but for certain problems we already know \emph{quantum algorithms} that -for large inputs solve these problems much faster than any classical computer ever could. Two of these algorithms, one -by Shor and one by Grover \todo{Add citations on Shor's and Grover's algorithm} are what caused most of the buzz around -the field of quantum computing, because they spell trouble for a large part of modern cryptography. +The quantum gates of a quantum computer do not correspond directly to classical, digital logic. Applying Quantum +Parallelism to practical problems is more complicated than, simply translating a digital circuit that computes a +solution to a quantum circuit. Nevertheless, for certain problems \emph{quantum algorithms} have already been developed +that for large inputs promise to solve these problems much faster than any classical computer ever could. Two of these +algorithms, one by Shor and one by Grover \todo{Add citations on Shor's and Grover's algorithm} are what caused most of +the buzz around the field of quantum computing because they spell trouble for a large part of modern cryptography. +While neither is a threat under the current state of the art in quantum computing, assuming a sufficiently advanced +quantum computer both algorithms provide solutions to problems that are classically assumed to be \emph{hard} with +vastly improved asymptotical time complexity. Besides the computational speed-up promised by Quantum Parallelism, there is one more interesting aspect of Quantum Computing where it radically deviates from classical computing. The reason modern cryptography exists is that when we @@ -202,41 +207,40 @@ cryptography gives us tools to very effectively make whatever information the at A basic principle of Quantum Physics is the \emph{No-Cloning Theorem}, which states that it is impossible to create an identical, independent copy of an arbitrary, unknown quantum state. \todo{Add citation on No-Cloning Theorem} An implication of this theorem is that when we encode classical information into quantum states in just the right way, -we can make it so that an attacker atttempting to eavesdrop on our quantum information can only actually read this -information by destroying it in the process. This property can be exploited to replace a number of classical asymmetric -primitives in interactive settings, \todo{Add citation on substitution, check if interactive only} the most popular -application of which is replacing an asymmetric Diffie-Hellman key exchange \todo{Add citation on DH-Kex} with a quantum -process called Quantum Key Distribution that yields much of the same properties. +we can make it so that an attacker attempting to eavesdrop on our quantum information can only decode this information +by destroying the underlying quantum states it in the process, which can be detected statistically. This property can be +exploited to replace a number of classical asymmetric primitives in interactive settings, \todo{Add citation on +substitution, check if interactive only} the most popular application of which is replacing an asymmetric Diffie-Hellman +key exchange \todo{Add citation on DH-Kex} with a quantum process called Quantum Key Distribution (QKD) that yields much +of the same properties. In the past decades, the field of cryptography has been fundamentally shaped by the development of Quantum Computing and Quantum Key Distribution. However, the popular conception that all of today's cryptography will be broken and that we have to start from scratch is not accurate. Quantum Computing poses an unique threat to modern cryptography, and Quantum -Key Distribution is a promising new tool, but the practical implications of both are much more subtle than how they may -be portrayed. In the remainder of this chapter, we will look into the practical implications of these quantum +Key Distribution is a promising new tool, but the practical implications of both are much more subtle than how they are +often portrayed. In the remainder of this chapter, we will look into the practical implications of these quantum technologies, and we will come to two major conclusions: First, that while the underlying cryptographic primitives will -change, apart from some minor engineering issues cryptography as a whole will remain largely the same. Second, that -while Quantum Key Distribution is hailed as a revolution for network security, its practical advantages will remain far -short of how it is usually conceptualized, and hardware security will assume a pivotal role in the practical security of -Quantum Key Distribution systems that is a stark departure from its relative irrelevance in today's applied -cryptography. +change, apart from some engineering issues cryptography as a whole will remain largely the same. Second, that while +Quantum Key Distribution is hailed as a revolution for network security, its practical advantages will remain far short +of how it is usually conceptualized, and hardware security will assume a pivotal role in the practical security of +Quantum Key Distribution systems. The central role of hardware security in Quantum Key Distribution is a stark departure +from its relative irrelevance in today's applied cryptography. Building on these conclusions, we will end this chapter with a study of a use case that illustrates a practical design for a secure network employing Quantum Key Distribution. Relying on both established classical and quantum primitives with known security properties we will elaborate how one can construct a large-scale network from those primitives -that provides practical security to its users that goes beyond the (surprisingly limited) extents of quantum security -proofs. +that uses IHSMs to provide practical security beyond the---surprisingly limited---extent of quantum security proofs. \subsection{Computational Assumptions and Information\Hyphdash Theoretic Security} \label{qc_comp_assum} -In the past paragraphs we have briefly mentioned that Quantum Computing provides a significant speed-up that can be +We have briefly mentioned that Quantum Computing promises to eventually provide a significant speed-up that can be applied to solve many cryptographic problems fast enough for it to become a problem, but we have not elaborated on what -that means in practice. In this section, we will attempt to provide concrete numbers to quantify the threat that both -Shor's and Grover's algorithm pose to modern cryptography. +that means in practice. In this section, we will attempt convey a more concrete intuition of the magnitude of the threat +that both Shor's and Grover's algorithm and variants pose to modern cryptography. -Shor's algorithm allows for the factorization of large numbers in polynomial time on a quantum -computer, a problem whose hardness (or the hardness of variants of which) is the foundation for the vast majority of -today's asymmetric cryptography. +Shor's algorithm allows for the factorization of large numbers in polynomial time on a quantum computer, a problem whose +hardness (or the hardness of variants of which) is the foundation for the majority of today's asymmetric cryptography. While Shor's algorithm attacks the foundations of most modern asymmetric cryptography, Grover's algorithm can be applied to hash functionss and symmetric cryptography. Fundamentally, Grover's algorithm is a search algorithm that allows a diff --git a/chapter-qkd/figures/ihsm-secondary-mesh b/chapter-qkd/figures/ihsm-secondary-mesh index 6011599..3a7edbd 160000 --- a/chapter-qkd/figures/ihsm-secondary-mesh +++ b/chapter-qkd/figures/ihsm-secondary-mesh @@ -1 +1 @@ -Subproject commit 601159904f4269366e29d85c2e90cbf000157f4f +Subproject commit 3a7edbd1127cacc8f4c90376595b894105f3d479