commit b9a377ccc7efc48542987697b8c147e2e172f216 Author: jaseg Date: Tue May 28 14:52:49 2024 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9412982 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +*.log +*.aux +*.run.xml +*.bcf +*.blg +*.mtc +*.mtc[0-9]* +*.maf +*.out +*.toc diff --git a/chapter-qkd/Makefile b/chapter-qkd/Makefile new file mode 100644 index 0000000..8ab30b2 --- /dev/null +++ b/chapter-qkd/Makefile @@ -0,0 +1,29 @@ + +SHELL := bash +.ONESHELL: +.SHELLFLAGS := -eu -o pipefail -c +.DELETE_ON_ERROR: +MAKEFLAGS += --warn-undefined-variables +MAKEFLAGS += --no-builtin-rules + +VERSION_STRING := $(shell git describe --tags --long --dirty) + +all: chapter.pdf + +%.pdf: %.tex %.bib version.tex + pdflatex -shell-escape $< + biber $* + pdflatex -shell-escape $< + +.PHONY: preview +preview: + pdflatex -shell-escape chapter.tex + +version.tex: chapter.tex + echo "${VERSION_STRING}" > $@ + +.PHONY: clean +clean: + rm -f **.aux **.bbl **.bcf **.log **.blg + rm -f **.out **.run.xml **/texput.log + diff --git a/chapter-qkd/chapter.pdf b/chapter-qkd/chapter.pdf new file mode 100644 index 0000000..622826b Binary files /dev/null and b/chapter-qkd/chapter.pdf differ diff --git a/chapter-qkd/chapter.tex b/chapter-qkd/chapter.tex new file mode 100644 index 0000000..3d83310 --- /dev/null +++ b/chapter-qkd/chapter.tex @@ -0,0 +1,177 @@ +\documentclass[12pt,a4paper,notitlepage]{report} +\usepackage[ngerman, english]{babel} +\usepackage[utf8]{inputenc} +\usepackage[a4paper, top=2cm, bottom=3.5cm, left=3cm, right=4cm]{geometry} +% Matti remarkable tablet special size +%\usepackage[paperwidth=15cm, paperheight=244mm, top=1cm, bottom=1cm, left=5mm, right=5mm]{geometry} +\usepackage[T1]{fontenc} +\usepackage[ + backend=biber, + style=numeric, + natbib=true, + url=false, + doi=true, + eprint=false + ]{biblatex} +\addbibresource{chapter.bib} +\usepackage{amssymb,amsmath} +\usepackage{listings} +\usepackage{eurosym} +\usepackage{wasysym} +\usepackage{extdash} +\usepackage{amsthm} +\usepackage{tabularx} +\usepackage{multirow} +\usepackage{multicol} +\usepackage{tikz} +\usepackage{mathtools} +\DeclarePairedDelimiter{\ceil}{\lceil}{\rceil} +\DeclarePairedDelimiter{\paren}{(}{)} + +\usetikzlibrary{arrows} +\usetikzlibrary{chains} +\usetikzlibrary{backgrounds} +\usetikzlibrary{calc} +\usetikzlibrary{decorations.markings} +\usetikzlibrary{decorations.pathreplacing} +\usetikzlibrary{fit} +\usetikzlibrary{patterns} +\usetikzlibrary{positioning} +\usetikzlibrary{shapes} + +\usepackage[binary-units]{siunitx} +\DeclareSIUnit{\baud}{Bd} +\usepackage{hyperref} +\usepackage{tabularx} +\usepackage{commath} +\usepackage{graphicx,color} +\usepackage{ccicons} +\usepackage{subcaption} +\usepackage{float} +\usepackage{footmisc} +\usepackage{array} +\usepackage[underline=false]{pgf-umlsd} +\usetikzlibrary{calc} +%\usepackage[pdftex]{graphicx,color} +\usepackage{epstopdf} +\usepackage{pdfpages} +\usepackage{minitoc} +\usepackage{minted} % pygmentized source code + +\newcommand{\degree}{\ensuremath{^\circ}} +\newcolumntype{P}[1]{>{\centering\arraybackslash}p{#1}} + +\begin{document} +\dominitoc + +\chapter{Physical Security in Quantum Key Distribution} +\minitoc +\newpage + +\section{Cryptography in the Age of Quantum Computers} + +For a decade or two now, Quantum Computing has been creating a buzz that nobody in Computer Science and adjacent fields +could evade. Originating in the 1980ies as a highly academic fusion applying concepts from Computer Science in Quantum Physics, +% FIXME citation +its concepts have long found their way into popular science articles. Quantum Computing encompasses a model of +computation that is fundamentally different from the \emph{classical}\footnote{ + In Quantum Computing, the term \emph{classical} is used as the complement of \emph{quantum}, and refers to the + digital computers we know and (maybe) love. This terminology stems from the distinction between classical and + quantum physics.} +digital circuits that underly all of modern computing. While at first this might seem like a step backwards into the era +of early 1900s analog computing, +% FIXME citation +the capabilites of a future quantum computer promise to far outpace those of contemporary classical computers. Key to +this improved processing capability is a property called \emph{Quantum Parallelism}. What this refers to is the fact +that a quantum computer's internal state can simultaneously represent a multitude of states of a classical, digital +computer, and the quantum computer can operate on all those states at once using a single quantum operation. + +Applying Quantum Parallelism to practical problems is far more complicated than, e.g., translating a digital circuit +solving some equation to a quantum circuit, but for certain problems we already know \emph{quantum algorithms} that +for large inputs solve these problems much faster than any classical computer ever could. Two of these algorithms, one +by Shor % FIXME citation +and one by Grover % FIXME citation +are what caused most of the buzz around the field of quantum computing, because they spell trouble for a large part of +modern cryptography. + +Besides the computational speed-up promised by Quantum Parallelism, there is one more interesting aspect of Quantum +Computing where it radically deviates from classical computing. The reason modern cryptography exists is that when we +transmit (or store!) classical information through some channel (or storage!) that we do not control, there is nothing +we can do to prevent an attacker from reading this information. Even with cryptography we cannot prevent this, but +cryptography gives us tools to very effectively make whatever information the attacker is able to read useless to them. + +A basic principle of Quantum Physics is the \emph{No-Cloning Theorem}, which states that it is impossible to create an +identical, independent copy of an arbitrary, unknown quantum state. % FIXME citation +An implication of this theorem is that when we encode classical information into quantum states in just the right way, +we can make it so that an attacker atttempting to eavesdrop on our quantum information can only actually read this +information by destroying it in the process. This property can be exploited to replace a number of classical asymmetric +primitives in interactive settings, % FIXME citation, check if interactive only +the most popular application of which is replacing an asymmetric Diffie-Hellman key exchange % FIXME citation +with a quantum process called Quantum Key Distribution that yields much of the same properties. + +In the past decades, the field of cryptography has been fundamentally shaped by the development of Quantum Computing and +Quantum Key Distribution. However, the popular conception that all of today's cryptography will be broken and that we +have to start from scratch is not accurate. Quantum Computing poses an unique threat to modern cryptography, and Quantum +Key Distribution is a promising new tool, but the practical implications of both are much more subtle than how they may +be portrayed. In the remainder of this chapter, we will look into the practical implications of these quantum +technologies, and we will come to two major conclusions: First, that while the underlying cryptographic primitives will +change, apart from some minor engineering issues cryptography as a whole will remain largely the same. Second, that +while Quantum Key Distribution is hailed as a revolution for network security, its practical advantages will remain far +short of how it is usually conceptualized, and hardware security will assume a pivotal role in the practical security of +Quantum Key Distribution systems that is a stark departure from its relative irrelevance in today's applied +cryptography. + +Building on these conclusions, we will end this chapter with a study of a use case that illustrates a practical design +for a secure network employing Quantum Key Distribution. Relying on both established classical and quantum primitives +with known security properties we will elaborate how one can construct a large-scale network from those primitives +that provides practical security to its users that goes beyond the (surprisingly limited) extents of quantum security +proofs. + +\subsection{Computational Assumptions and Information\Hyphdash Theoretic Security} + +In the past paragraphs we have briefly mentioned that Quantum Computing provides a significant speed-up that can be +applied to solve many cryptographic problems fast enough for it to become a problem, but we have not elaborated on what +that means in practice. In this section, we will attempt to provide concrete numbers to quantify the threat that both +Shor's and Grover's algorithm pose to modern cryptography. + +Shor's algorithm allows for the factorization of large numbers in polynomial time on a quantum +computer, a problem whose hardness (or the hardness of variants of which) is the foundation for the vast majority of +today's asymmetric cryptography. + +While Shor's algorithm attacks the foundations of most modern asymmetric cryptography, Grover's algorithm can be applied +to hash functionss and symmetric cryptography. Fundamentally, Grover's algorithm is a search algorithm that allows a +quantum computer to find one target entry out of an \emph{unstructured} list of $N$ source entries in +$\mathcal{O}\left(\sqrt{N}\right)$ time instead of the $\mathcal{O}\left(N\right)$ time that a classical computer would +require for an exhaustive search. Applied to cryptography, we model the key space of a symmetric cipher as the +unstructured list that is input to the algorithm, and set it to search for the key that results in the successful +decryption of a given ciphtertext. + +An important nuance applying these algorithms to cryptography is that while both provide significant speed-ups over +classical computers, the speed-up of Shor's algorithm is exponential and effectively breaks most modern asymmetric +cryptography as it erases the asymmetric nature of the underlying mathematical problem. That is, for an asymmetric +cryptosystem susceptible to Shor's algorithm, there is no set of parameters that is large enough to be safe. + +In contrast to this, while Grover's algorithm radically speeds up the breaking of a symmetric cryptosystem, this +speed-up is only quadratic. In practice this means that it halves the security level % FIXME definition, citation of sec. lvl +of a given symmetric cipher. While this is bad news for applications that parameterize these symmetric primitives to a +security level at the lower end of what is considered secure today, the advantage provided by Grover's algorithm can +easily be compensated by doubling key size. Longer key sizes require more storage or bandwidth for the additional bits +and result in slightly slower operation of the cipher, but this additional cost is easily manageable even without any +improvement in today's hardware. + +\section{The Physics of Quantum Computing} + +\section{Quantum Key Distribution} + +\section{Quantum Networking} + +\section{Securing QKD Networks with Inertial HSMs} + +\section{Outlook} + +\newpage +\printbibliography[heading=bibintoc] + +\appendix + +\end{document}