Quantum Safe Security Workgroup Presentation

Battelle / ID Quantique / QuantumCTek

CSA EMEA Congress, Rome

19 November 2014

Services

Photon

Counters

Quantum

Random

Number

Generators

Quantum Safe

Crypto

Technology

Swiss company, founded 2001, based in Geneva

Spin-off of University of Geneva, Group of Applied Physics

Quantum Safe cryptography:

• High performance network encryption up to 100Gbps

• Quantum Key Distribution

• Quantum key Generation

ID Quantique

Battelle – Solving What Matters Most™

Serving a Broad Range of Clients

With a Long History of Innovation

3-layers of quantum-safe security implementation

© Cloud Security Alliance, 2014.

Chinese company, founded 2009, based in Hefei

Spin-off of University of Science and Technology of China (USTC)

Provides of quantum multi-protocol network security products and services

Forges quantum industry

Service Platforms

Applications

Infrastructures:

Wide Area Quantum Communication Network

Quantum

Security

Service

• http://www.etsi.org/news-events/events/770-etsi-crypto-workshop-2014

• Some problems that are considered difficult or impossible to solve using conventional computation platforms become fairly trivial for a quantum computer. Any information that has been encrypted, or will be encrypted using many of the industry’s state-of-the-art cryptosystems based on computational hardness is now under threat of both eavesdropping and attack by future adversaries who have access to quantum computation.

• Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure.

© Cloud Security Alliance, 2014.

ETSI Quantum Safe White Paper

The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0

HACKING IS EASY (and everyone is

doing it)

• Optical fiber bending & coupling

• Buy an optical tap legally online • http://www.fods.com/optic_clip_on_coupler.html

Optical Tapping for under €500

Emitter

Receiver

Eavesdropper

Social Engineering

A telecom company outsources the

laying of new optical fibers for a

bank to a maintenance team who

do not understand the security

issues. The naked optical fiber is

accessible….

….and the detailed layout of the

fiber network & the name of the

bank is clearly visible for future

hacking attempts

THE THREAT is to Public-Key

CRYPTOGRAPHY

Public Key Cryptography: Threats

Message

Public Key

ScrambledMessage

Message

Private Key

Different Keys

Alice Bob

What are the 2 prime factors of :

5313043722633707

Hint : http://primes.utm.edu/lists/small/

Public Key Cryptography: Threats

Message

Public Key

ScrambledMessage

Message

Private Key

Different Keys

Alice Bob

5313043722633707

=

86030827 * 61757441

Public Key Cryptography: Threats

• Use mathematical « one-way » functions

Message

Public Key

ScrambledMessage

Message

Private Key

Different Keys

Alice Bob

2’357 x 4’201 = ? A x B = 9’901’757 Theoretical Progress

Increase in Computing Power

Vulnerable to…

Quantum Computers

All of the following will render Public Key Cryptography vulnerable

• America is building a quantum computer for cryptanalysis

• http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

• According to Snowden this is a major NSA initiative called “Penetrating Hard Targets”

• China Prepares for Quantum Age

• Source: http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/

• “The importance of building a quantum computer is such that the Chinese government funded 90 quantum related projects last year through the National Natural Science Foundation of China.”

• Lazaridis (RIM cofounder) has invested $250 million+ into quantum computing at Waterloo – Quantum Valley

• D-Wave raised funds from Jeff Bezos (Amazon), InQTel (NSA investment arm) and sells to Lockheed Martin, NASA

• Google is building a quantum computer

• http://www.technologyreview.com/news/530516/google-launches-effort-to-build-its-own-quantum-computer/

• IBM investing $3 billion in quantum computing

• http://www.fastcompany.com/3032872/fast-feed/ibms-3-billion-investment-in-synthetic-brains-and-quantum-computing

Quantum Computing in Research

Comparison of conventional and quantum security levels of some popular ciphers

Algorithm Key Length Effective Key Strength / Security Level

Conventional Computing Quantum Computing

RSA-1024 1024 bits 80 bits 0 bits

RSA-2048 2048 bits 112 bits 0 bits

ECC-256 256 bits 128 bits 0 bits

ECC-384 384 bits 256 bits 0 bits

AES-128 128 bits 128 bits 64 bits

AES-256 256 bits 256 bits 128 bits

• When sufficiently powerful quantum computers are

available, then all data protected with keys passed over the internet will be vulnerable

© Cloud Security Alliance, 2014.

The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0

Practical considerations – how urgent?

© Cloud Security Alliance, 2014.

• It depends on the category of information and how long it needs to be protected

• x: how many years we need our encryption to be secure

• y: how many years it will take us to make our IT infrastructure quantum-safe

• z: how many years before a large-scale quantum computer will be built

• The value of x must be carefully considered: • What are the practical consequences of a certain category of information becoming

public knowledge after x number of years?

• The goal of the Quantum Safe Security Working Group is to shorten the time before our networks are safe

Y X

Z Secrets Divulged

Time

THE SOLUTION:

Quantum-safe Cryptography

© Cloud Security Alliance, 2014.

The Solution: Quantum-Safe Cryptographic Infrastructure

• « Post-quantum » Cryptography

• Classical codes deployable without quantum technologies

• Believed/hoped to be secure against quantum computer attacks of the future

• Quantum Key Distribution

• Quantum codes requiring some quantum technologies currently available

• Typically no computational assumptions and thus known to be secure against quantum attacks

+

Both sets of cryptographic tools can work together to form a quantum-safe

cryptographic infrastructure

First SOLUTION: Post-quantum Cryptography

• Public-key cryptographic systems based upon problems with no quantum algorithm known to break these systems more efficiently than classical computer architectures

• Approaches go back to the 1970s and 1980s

• Digital signatures based on One-Way Hash functions (e.g. XMSS)

• Digital signatures based on Multivariate Polynomial Equations (Rainbow signature scheme)

• Encryption and signature schemes based on Error Correcting Coding (e.g. McEliece’78, CFS’01)

• Encryption and signature schemes based on Lattices (e.g. NTRU’98, BLISS’13)

• Performance

• Most of these systems are comparably fast or even faster than conventional crypto systems

• Larger key sizes and/or larger cypher texts and signatures required

© Cloud Security Alliance, 2014.

Post-Quantum Cryptography

Security

(bits)

Decryption/

Signing Time

Encryption/

Verification Time

Public-Key

Size (bits)

Secret-Key

Size (bits)

Cypher/ Signature

Size (bits)

RSA-3072 128 1.00 0.01 3,072 24,578 3,072

NTRU 128 0.05 0.05 4,939 1,398 4,939

McEliece 128 0.50 0.01 1,537,000 64,861 2,860

Rainbow 128 0.02 0.02 842,400 561,352 264

BLISS 128 0.02 0.01 7,000 2,000 5,600

The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0

Second SOLUTION: Quantum Mechanics for Secure Encryption Keys

Change in Paradigm

Network Encryption

High speed

cryptosystem

implementation

(typically AES)

Key Management

Cry

pto

Key L

ifecycle

THE SOLUTION (2A): Quantum Random

Number Generation (QRNG)

• Physical Random Number Generator exploiting a phenomenon described by quantum physics

• Truly random

Quantum Randomness

Advantages

• Speed

• Simple process that can be modeled influence of environment can be ruled out

• Live monitoring of elementary components possible

Source of photons

Photons

Detectors

Semi-transparent

Mirror

Quantum Random Number Generator

THE SOLUTION (2B): Quantum Key

Distribution (QKD)

Quantum Cryptography

Fragile ! "0"

"1" "1" "0"

Message

Secret Key

Scrambled Message

Message

Secret Key

Alice

Bob

Symmetric

Cryptography

Identical keys Key Exchange ?!?

Quantum-Enabled Network Encryption

• Transparent Layer 2 Encryption

• AES-256 in CFC and CTR modes

• Up to 100Gbps

• Multiprotocol (Ethernet, Fibre Channel)

• Provably secure key distribution: QKD

• Distilled key distribution rate: 1000 bps over 25km/6dB

• Range: 100km

xWDM

Quantum Channel

– Dark Fiber

Local

Area Network Local

Area Network

+

Today’s Depoyments of QKD

(WAN)

MAN/SAN

Hybrid solutions: • Conventional encryption on

wide area network

• QKD on DRC and backbone

links

Classical Encryption Device

Quantum Encryption Solution

Conclusions Call To Actions

© Cloud Security Alliance, 2014.

•Join the QSS working group • Attend or contribute to the work we will do

• White papers • Webminars • Conferences

•Spread the word •Come talk to us tomorrow morning

• Table in Breakfast Area

STAY CALM and QUANTUM SAFE ENCRYPT

© Cloud Security Alliance, 2014.

Next Steps

It’s There !

© Cloud Security Alliance, 2014.