QKD WIP
This commit is contained in:
jaseg
parent
0b2bac425e
commit
713d515801
2 changed files with 41 additions and 4 deletions
Binary file not shown.
|
|
@ -1,7 +1,7 @@
|
|||
\documentclass[12pt,a4paper,notitlepage]{report}
|
||||
\documentclass[12pt,a4paper,notitlepage,twoside]{report}
|
||||
\usepackage[ngerman, english]{babel}
|
||||
\usepackage[utf8]{inputenc}
|
||||
\usepackage[a4paper, top=2cm, bottom=3.5cm, left=3.5cm, right=5cm]{geometry}
|
||||
\usepackage[a4paper, top=2cm, bottom=3.5cm, inner=3.5cm, outer=5cm]{geometry}
|
||||
% Matti remarkable tablet special size
|
||||
%\usepackage[paperwidth=15cm, paperheight=244mm, top=1cm, bottom=1cm, left=5mm, right=5mm]{geometry}
|
||||
\usepackage[T1]{fontenc}
|
||||
|
|
@ -182,6 +182,44 @@ algorithm can easily be compensated by doubling key size. Longer key sizes requi
|
|||
additional bits and result in slightly slower operation of the cipher, but this additional cost is easily manageable
|
||||
even without any improvement in today's hardware.
|
||||
|
||||
\textcite{impagliazzoPersonalViewAveragecase1995} provided a colloquial but useful analysis characterizing the
|
||||
implications of which kinds of hard problems are solvable in practice, based on the observation that the fact that an
|
||||
\emph{average} problem out of a class like $NP$ is solvable does not mean that most, or even many \emph{practical}
|
||||
problems are solvable. \textcite{impagliazzoPersonalViewAveragecase1995} was published after Shor's algorithm was
|
||||
discovered, and before Grover's algorithm was published. Impagliazzo foresaw that fast quantum algorithms could threaten
|
||||
public-key security, and their analysis remains relevant facing the outlook of quantum computing today.
|
||||
|
||||
Impagliazzo proposes a set of five scenarios that provide increasingly extensive computational hardness properies,
|
||||
dubbed \emph{Algorithmica}, \emph{Heuristica}, \emph{Pessiland}, \emph{Minicrypt}, and \emph{Cryptomania}. In
|
||||
Algorithmica, $P = NP$. In Heuristica, $P \ne NP$, but $NP$ problems are only intractable in the worst case, and
|
||||
tractable on average. In Pessiland, problems exist that are hard on average, but there are no one-way functions and thus
|
||||
there is no way to efficiently sample solved instances of hard problems.
|
||||
|
||||
The next scenario, Minicrypt is frequently cited in cryptographic works. In it, one-way functions exist, but there is no
|
||||
public key cryptography. Minicrypt aligns well with a world in which fast quantum algorithms exist that solve the
|
||||
computational problems underlying public-key cryptosystems. Impagliazzo's last scenario is Cryptomania, which extends
|
||||
Minicrypt with public-key cryptography and aligns with the world view that is commonly assumed in cryptography today.
|
||||
|
||||
In Mincrypt, we assume that all computational problems that are amenable to public key cryptography fall. However, it is
|
||||
not specified \emph{how} specifically this fall will happen---whether it will be classically, or by quantum
|
||||
algorithms---leading to two sub-variants of the Minicrypt scenario. The pessimistic sub-variant is one where classical
|
||||
algorithms solving all those problems are discovered. This scenario leads to identical conclusions to those Impagliazzo
|
||||
drew. However, if we base our Minicrypt assumption instead on the availability of \emph{quantum } algorithms for these
|
||||
problems, and thus on quantum computers being both powerful enough and generally available, we end up with an
|
||||
interesting spin on the original Minicrypt scenario that recently has garnered some academic attention, receiving the
|
||||
name Mini\textbf{Q}Crypt\cite{griloObliviousTransferMiniQCrypt2021, barootiPublicKeyEncryptionQuantum2023}. In
|
||||
MiniQCrypt, on one hand, conventional public key cryptography falls before quantum computers, but the key observation is
|
||||
that on the other hand, we can then use those quantum computers to do \emph{quantum} cryptography, re-gaining some of
|
||||
what we lost. The (im)possibility results for MiniQCrypt are nuanced, and provide something between the intact
|
||||
conventional public-key cryptography in Cryptomania, and the total absence of it in classical Minicrypt.
|
||||
|
||||
In the discourse on quantum computing and its application to cryptography, it is important to be mindful of which
|
||||
security notion the authors of some source, or the implementors of some device base their work on. Especially in
|
||||
academic work, Pessiland assumptions are often implicitly made. In this model, we can use neither public-key nor
|
||||
symmetric cryptography. In this framework, secret key rate becomes paramount because it is assumed that QKD keys will be
|
||||
used with an information-theoretically secure encryption scheme, requiring a never-ending secret key stream. Key
|
||||
expansion functions are based on one-way-functions, which are unavailable here.
|
||||
|
||||
\section{The Practical Security Implications of Quantum Computing}
|
||||
\label{qc-practical-implications}
|
||||
|
||||
|
|
@ -273,8 +311,7 @@ disadvantage of doing that is that it consumes a fraction of the system's precio
|
|||
this point there is ongoing research\todo{citations on ongoing research} on both systems based on symmetric MACs and
|
||||
systems using information-theoretically secure MACs, with commercial systems often choosing the
|
||||
latter\cite{bibakQuantumKeyDistribution2021} owing to the low secure key rates that are the state of the art.
|
||||
|
||||
% \textcite{impagliazzoPersonalViewAveragecase1995}
|
||||
\todo{Finish this section}
|
||||
|
||||
\subsection{The Technical Implementation of QKD}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue