PostQuantum Cryptography: prime questions = primary questions
Formal Metadata
Title 
PostQuantum Cryptography: prime questions = primary questions

Alternative Title 
Postkvantumkriptográfia: prím kérdések = príma kérdések

Title of Series  
Part Number 
12

Number of Parts 
29

Author 

License 
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. 
Identifiers 

Publisher 

Release Date 
2015

Language 
English

Content Metadata
Subject Area  
Abstract 
Edward Snowden szivárogtatásai, illetve a DWave Systems és a Lockheed Martin vagy a Google közös ügyletei miatt az utóbbi idoben elotérbe került a kvantumszámítógép és a postquantum cryptography (pqcrypto) témája, már a szabványosítók körében is: IETF RFC draft dokumentumok, ETSI jelentések születtek a különbözo pqcrypto lehetoségekrol, a Shor algoritmusról, illetve a jelenleg még használható RSA paraméterezés követelményei is szigorodtak a BSI útmutatóiban. Azt tudjuk, hogy léteznek olyan kriptográfiai algoritmusok és mögöttes matematikai problémák, amelyek a kvantumszámítógépet használva is erosnek bizonyulnak, azonban ezek felhasználásáról a jelenlegi X.509alapú, CAhierarchiákhoz szokott világban (amelyet az eIDAS EU regulation jogszabály is eloír) még kevés tapasztalat van. Az eloadásban az egyik hashalapú aláíró algoritmus (LDWM, pqcrypto) tulajdonságait, felhasználhatóságát mutatom be X.509es adatstruktúrákat használó környezetben.

Related Material
00:00
Group action
Prime ideal
Model theory
Quantum
00:33
Server (computing)
Mobile app
Service (economics)
Random number generation
Multiplication sign
Real number
Plotter
Execution unit
Maxima and minima
Set (mathematics)
Solid geometry
Mereology
Public key certificate
Order of magnitude
Computer
Web 2.0
Sign (mathematics)
Entropie <Informationstheorie>
Selectivity (electronic)
Quantum
Information security
Position operator
Metropolitan area network
Algorithm
Key (cryptography)
Weight
Software developer
Model theory
Data storage device
Computer
Variance
Bit
Cryptography
Prime ideal
Hash function
Personal digital assistant
Quantum
Codec
Summierbarkeit
Collision
Local ring
Library (computing)
PlayStation
05:53
Implementation
Link (knot theory)
Random number generation
Open source
Software developer
Codierung <Programmierung>
Cellular automaton
Source code
Inverse element
Semantics (computer science)
Prime ideal
Energy level
Object (grammar)
Quantum
Implementation
Table (information)
Condition number
Vulnerability (computing)
Library (computing)
07:46
Superposition principle
Group action
Multiplication sign
List of unsolved problems in mathematics
Set (mathematics)
Client (computing)
Computer
Web 2.0
Order (biology)
Velocity
Hash function
Encryption
Symmetrickey algorithm
Office suite
Descriptive statistics
Area
Metropolitan area network
Algorithm
Real number
Fitness function
Computer
Sound effect
Port scanner
Measurement
Sequence
Message passing
Arithmetic mean
Prime ideal
System programming
Quantum
Energy level
Quicksort
Classical physics
Server (computing)
Student's ttest
Theory
Operator (mathematics)
Data mining
Medizinische Informatik
Software testing
Quantum
Form (programming)
Matching (graph theory)
Quantum state
Model theory
Cryptography
Symbol table
Elliptic curve
Universe (mathematics)
Quantum computer
14:10
Receiver operating characteristic
Standard deviation
Group action
Multiplication sign
Direction (geometry)
Orientation (vector space)
List of unsolved problems in mathematics
Set (mathematics)
Information privacy
Mereology
Computer
Componentbased software engineering
Bernstein polynomial
Hash function
Encryption
Quantum computer
Lattice (group)
Metropolitan area network
Algorithm
Software developer
Electronic mailing list
Computer
Bit
Lattice (order)
Port scanner
Control flow
Electronic signature
Prime ideal
Quantum
Energy level
Reading (process)
Functional (mathematics)
Vorwärtsfehlerkorrektur
Random number generation
Codierung <Programmierung>
Maxima and minima
Event horizon
Theory
Field (computer science)
Valueadded network
Number
Element (mathematics)
Frequency
Latent heat
Centralizer and normalizer
Energy level
Utility software
Nichtlineares Gleichungssystem
Quantum
Message passing
Standard deviation
Suite (music)
Prime factor
Model theory
Basis <Mathematik>
Density of states
Uniform resource locator
Word
Integrated development environment
Musical ensemble
Table (information)
Superposition principle
Quantum computer
Library (computing)
21:41
Group action
Length
Multiplication sign
Sheaf (mathematics)
Set (mathematics)
Parameter (computer programming)
Disk readandwrite head
Semantics (computer science)
Arm
Medical imaging
Estimator
Componentbased software engineering
Bernstein polynomial
Different (Kate Ryan album)
Hash function
Set (mathematics)
Data compression
Physical system
Metropolitan area network
Algorithm
Theory of relativity
Information systems
Interior (topology)
Electronic mailing list
Data storage device
Physicalism
Parameter (computer programming)
Numbering scheme
Control flow
Port scanner
Publickey cryptography
RotheVerfahren
Electronic signature
Type theory
Arithmetic mean
Prime ideal
Befehlsprozessor
Process (computing)
Hash function
Vector space
Order (biology)
System programming
Functional (mathematics)
Random number generation
Identifiability
Link (knot theory)
Similarity (geometry)
Drop (liquid)
Number
Element (mathematics)
Prime ideal
Revision control
Energy level
Software testing
Selectivity (electronic)
Data structure
Quantum
Message passing
Task (computing)
Key (cryptography)
Grand Unified Theory
Cryptography
Performance appraisal
Personal digital assistant
Fiber bundle
29:34
Greatest element
Multiplication sign
System administrator
Mehrplatzsystem
Execution unit
1 (number)
Set (mathematics)
Parameter (computer programming)
Mereology
Public key certificate
Computer programming
Dimensional analysis
Web 2.0
Mathematics
Computer configuration
Singleprecision floatingpoint format
Hash function
Formal verification
Identity management
Physical system
Metropolitan area network
Algorithm
Electric generator
Gradient
Constructor (objectoriented programming)
Electronic mailing list
Parameter (computer programming)
Bit
Port scanner
Publickey cryptography
Electronic signature
Connected space
Prime ideal
Befehlsprozessor
Hash function
Order (biology)
Quantum
Web page
Server (computing)
Implementation
Functional (mathematics)
Identifiability
Momentum
Transport Layer Security
Maxima and minima
Product (business)
Number
Internetworking
Term (mathematics)
Natural number
Operator (mathematics)
Authorization
Energy level
Data structure
Quantum
output
Multiplication
Matching (graph theory)
Key (cryptography)
Quantum state
Model theory
Mathematical analysis
Line (geometry)
Binary file
Personal digital assistant
Network topology
Password
Universe (mathematics)
Object (grammar)
Family
Window
00:01
but in the fact that the symphony connected for the latter model group that although some truth about that is the name and then expect then all the supergraph comfortable through the use of let them because the living apart yeah ladder model your best for but I do want the most money at the end of the annular couldn't forget that there is this there less than a political matter but monolog yet and then should that irreverent than off of full
00:33
left with the to the poor people with but you know it you're hash or local unido from each vendor continue on and the magnitude of the following it at all model of the happen at the that the at yeah of the all Michael new additional the thing isn't there had been in some ways Physikalische thing what part of which are the uh my problem and it's time to move on is that a unified approach new hectare that off
01:05
the plot of the there is so in summary our talk about the issues that you to pay attention to if you're developing security it related apps so I'll also talk about the mathematical background a bit here in the post quantum got a few algorithms you shouldn't forget is that in the past in the years we have seen a lot happening in the classical cryptography you shouldn't forget the ND 5 collusion collision published about by the province 11 and the 1st countermeasures to reach the only happened in 2 of 2012 and it was in their induced by the appearance of laying weights to utilize every 5 collisions to move and generated mainly because of this he and the scientific get rich people can be used useful signing certificate could be used to assign modified of this of the ways of immediately to the 2 of the 5 signed the stores usually forget what happened in the In this position the institutes involved in the derivatization supply and by the for random number generation this is cyclic the the topic of kleptocracy which you would hear about today by the presented and we should not forget about the fact that it is very easy to downgrade algorithms simply by decreasing the entropy of the random number generators just think about the fact that in 2006 there was a modification the open itself which affected it's random number generator and it only became public knowledge to use later when I have to say that I cannot go back so deep in time even in a in a year ago and to it was found to have a similar vulnerability and in a situation where with the random number generation is of the essence of all also we need to be you ever have parties agree that it should be you standing a textbook example for this is that was provided by the available to all you know using a solid base station would be to do use this the reason for signing to developers of all by using a duty user developer problems all the background libraries and then again the value of the retained the random number was the real number random numbers so they could actually like food selection here and as the sum of service settings where the question is to what is worse if we knew the ensure good quality of the random number generation and interviews DiffieHellman unit variance the checking or if the that is that we have a set of policies based the replacement of this and 1 and so if the but in this case if the web server itself is the compromise on the keys access the all of the traffic will be again then we have intermediate we also shouldn't we didn't know how important qualities are received with examples for that today that increasingly the most of the all of the I there before there was of hormones criteria are required for developers so do that if you do it at the party validating based on that of the latest such audit was made on true create the last 2 years we had with the most severe problems with 2 clear but it's not a simple story because it may take years untill and really audited cost can be marketed because it takes a In
05:55
those of getting back to log log data and the open source solutions and that in the region back to the problems of the poor condition of a shows is open source for use it to use the as a commodity interfaces world can be used a lot of things by the people that we mistakenly often believe that somebody else has suddenly audited this or at sourcecode level but the opposite that was approved by the random number generation problem that the was in the course 1 I have for years and you also remember the heart of the story that vulnerability was in the in the source code to read 1 of them will have
06:47
no fear what about and is something that is related to that will be inverse Snowden's story various companies and came up to with various solutions that problem out of solution is to use this and will increase and a of this and got to the object so it's already but if you look at these obligations we often solve all um you still calling the semantics of the API on the table with the cell library or have acceded them all they use the same about implementation also in reality the back of the neck and everybody built on the same for all of us for the foundations that to they tended to
07:46
solve the problem with if we look at what we have seen you with the new things appearing on these various cryptography and algorithms based on their behavior also are also different from classical other fit between testing quantum well with what we see is that the companies that advertise themselves as having some sort of want to what the true computer so that is able to modeling we also see a really that it's probably to run the signal and all of but we also see that Lockheed Martin since 12 2011 has been closely cooperating with the company so we still do not know what that will do the real situation is bad we see 1 thing we need to learn about this and we need to know what to do therefore for but we can see nothing more that we can be sure of what they put exist and if they
08:46
don't you will see realistically death if there will be granted that went on the computer and how it will of the be the form of the Q tip toward the published a vary the description of policies that be a dead elliptic curves are dead if united with him dead so what do we have instead of passion is algorithms silver clearly extremely symmetric cryptography will still that and there are other mathematical problems which again based algorithms on that will work on all of why do we say that the current due to algorithms that that and work on the use of experimentation shoreside with useful private reservation and perform it in polynomial time and also the really mentioned in this in this respect for the first one OK all of these things exist but what do we do with that think about it we can say that I am I signed data the all the this is are not really in danger of the dignity of the citizens the danger of of the velocity minute and the 2nd we can I put a new layer and around them so that they know that we consider to be further protect the data and we can use them assigned data is so the data that can be used to check to control even in the quantum theory was but if the encryption was a problem I don't know how many of you have put up increasing the data for challenges you then it will be is with to the general public but you must know that in both quantum theory was only clean up their TV absolutely symmetrical proposal will be the only thing that will also be considered safe by quantum students in more however just to get places office documents on the GP operation some of the previous year's city group a message centre exist by whatever you're given his instructions you see that they you something similar to SSL handshake but they used to go to the hybrid manner what does that mean means that encryption uses the symmetric and that was associated with a university about this symmetric key In this sense using it with asymmetric you priority through the channel were deposited in a similar way to encryption what 5 so if used for 1 of these and wait a couple years and then you will buy more than you would the beginning the was stored value in that you know what do you do and horrors of effective areas you can then be the crypted and then using this can be decrease the provided data that is common for all I have to the concept here learning as a set of serving visit prefer forward secrecy of all this concept is about and the fact that the area of the web server is compromised so when are Rijke because public knowledge course then what happens the the the the the data can be it to make it more difficult for all black and it will to make this is the the DiffieHellman based making matching is recommended where the client side the arousal also generates sequence data we should protect against this symbol at the post quantum theory may have to be willing fault and where the extended because we need a quantum state perfect forward secrecy which would be a lot of tell us what I want to use stored data and whether the user groups will be good in the quantum theory or not and so when we will be willing to think about this already today especially if you want to publish included sensitive data and you want to make it protected not only for 10 years but also for 90 years because the season measures in the issue would I mentioned the shore algorithms and the this should be a little Matt's now official algorithm
14:13
what about all the modified sure that is able in a quantum environment to utilize superposition and federalism to perform a certain new things not in x y short in polynomial time the things related to searches the short with these 2 parts part 1 the 1st flight superior to of a function of the 2nd part finds the largest common divided government the let's say the of the that's we have an analyzed modulus is always equal to 50 and let's say this is a model would like to factorize this we need to select the the random numbers for all of this what users this make 7 and if a on the part of X and we we let's say this reflects follow through the density of that we see the remaining in the values of people inside and we see that the period starts meeting after the 5th step so the year period lost it and we all want to same to the obviously it's for then you take the algorithm and the and you see the function that we need to do this is to to check for for largest component divided this is 48 and 54 this wand and 50 that is the min respectively for the 2 attributed directions see that and actually doing this you the group 3 yet you equal to to 5 which of the 2 prime factors of 15 so this is the idea that that's about the world Ronald faster and they want to so this is why the Odyssey algorithm is dangerous if was going to what was quantum computers will be available as you guys right with them I have for a short period in the table from the documentation of the the words in the reading with this is to be associated with using something that you that library because we must the be aware that the environments and the strength of these algorithms will be roughly half so as on wall and traditional tradition to distributed as the level was too the that the old above 32 and now we can this will be the used to of a 128 in the economy but now that we see you the reasons are for our already exists and look at what we can choose for the future people on the postage that improve told or has a good summary of the of is also show that there always mathematical problems like in the of space so that that will still be functioning the was the possible to Europe unidirectional functions of 1 example of past these algorithms this is what will have a look at the elements of allowed 1 of them is also assumed that group but they do have a disadvantage of what is is that you don't use them with the signature of so you can't use them for any orientation of the other will all that you get use of any arbitrary number of times once for up to the the location of the great based on the lowest side of the lattice based solutions and also the role of the Liberian names like you know at the beginning of the 1st day and last allows to the users of the and here you can use to this optional and signatures we that is the shortest path set problems as the basis of new algorithm the year into algorithm is data protection it's a bit that would have unless there are also other mathematical problems like that very equations based problems and you will get on primarily used for creating that signatures also called based algorithms errorcorrecting codes and these will probably be preferred Macau and that there make be a list of the new writer algorithm can be used both for signatures and for encryption and don't get that the you got a few little piece work as the use of it in the bag of
19:42
problems and the algorithms that are based on them can be found in scientific publications and by the they are not easily accessible to a developer as yet so and for us what is important is I'm going to have them embodied in some the technical standard and we have to look at what standards are already in the field of facts the goal of the centralization work or whatever so that's something to do with it or not the shows that this started around 20 13 14 2005 there was a standardization attempted and true by the died event in the band committee 14 so IDF and ROC drafts appeared that you got married dealt with patchbased signature algorithms the specified these rhythms and I think 1 of these things and what I'd like to mention is that it's the the European standardization body also set up the quantum theory but if you were a group although they primarily only issued a set of guidelines they did not specify any algorithm yet and what needs also to be mentioned is widely applicable guidelines is that there is a current this team who on the 1 hand they separated in agree with specification and at EU level very or about 2 issues also recommendations for development of this is a very new documentation if you look at it it's totally current it was published in the summer of September this more at the end and then
21:46
all of of a sudden mentioned thank you I'm actually selected and going to understand a not to be honest and actually more of it for the money and how international emphasizes the the fastest I wasn't a huge advantage that is simple and so on we know the saying Keep it Simple Stupid which limits means that we have lesser personality parameters it has this algorithm hashes OK then we have the problem In other cases we have other complicates its contributions to the work performed at a all of what it turns out that you can do reason why this became census was not hashing itself if something is simple as it should be good in cryptography plays monopoly on that system has a sufficiently examined data held the WM land going into the SmartKom 100 of them of course it was perhaps I ships surely an important task to the selection of the test vectors and the drop them on the quality of coal which was used to the use the would it would require in order to use such knowledge signature which uses hash based essentially what the all we have to select a group of parameters which we have to provide that the semantic agent relations in this example as 256 human and 1 has to that of the name if we go along the parameters the means are the same as in the head of the Irish Sea Surface released usage the original all of are about to capture the values the passage of the physics of the problem and what we see here that I'm going to come types that we and time signatures are composed of a set length for this you have we also held assume estimate of the number of and links these that that's supplies for the time being and parallel parameter provides the length of w all of this this set my character of the problem a few kind of research as the you honest probably uses these parameters is quite useful of different values sets however in this case the value on it was a sense here that went on this parameter w as that's how we want to think about with the cost of the CPU and the cost of this tool which we have a small amount of actions Evaluation and when 2 minutes for the keys answers to initialize fixable storage and the smaller 1 in the case of a larger movement in the parameter that I'm ordered traditions Stuart says it has a higher CPU to which is what about the thing is with parameters and the length of the list the check for yourself and that we had this is kind of the Prime Minister rest world the being the other than the number of the and length data which are features of the of the WM signature understand that was also reported the so these are the parameters that some of the process some almost useless and of them section 2 science and what and this was the 1st of we generates and how to apply the in the case of planetary science mentioned that we have the number and length of data comes from the compression function so I have to come up with random numbers and that components each 256 In this example we have the check number we have the 265 such hashes and so this constitutes the primary key I also want you to have access to the most against manage and that's all of the assigned to them is also me and with the economy is a private keys water sources that he has been generated applies here and we have applied it the data we have to make sure that this is the tendency and because they use it as a signature for a different set of in because in some cases that will make it easier to produce the distinction of private keys these are onetime keys most of the
28:18
images 1 of the supply the consists of the following 2 sets of parameters that grows together which is provided by the end of each of the center the contagion fixed 590 similar data structure will be potential users presented a version of this algorithm actually came up with the level of similar structure if you have seen in different so or some similar case that a bundle of dependency and the different because owner would be in the key to the DNA in the case prior here the only difference here is the 1st element is have parameters identifier of and I'm going to expand and 1 of this has 1 quarter and this is followed by the
29:35
notion we have the private key and let's say we generate the public key generation of the public key In this work and is hashing determined by the quantum Instruments what we want parameters of the AIDS issue of hash every single keeping to the 5 times more come up with the public key pieces I was actually thinking about this is that this has a higher CPU demand we think of that's in in in in in general the password has a 5 thousand and solutions this isn't all that I think I that a mind immunostains here is that there are 2 key pieces will become hashed try to keep this is because of the personal the private key pieces will be cached problem in this is this is not the publication of this article history together and there is only bit a single and the set of parameters I think that if we look at this this level this thank you so we have a public key this is the support that is what you see how a certificate authority can actually be pleased that used to be 1 of the the fact that we they have addressed in here you can see the bottom of the page has that and we have the parameter idea and the hatch on which is a public key but apart from that we require that identifies which is an object of you would I know you have to put the part of systems have intermediate solution born from a hunch that university which is a 1 time you think singleuse land time it can be used to 1 time usage and going signature whatever it is and I have to I have made this algorithm sets that assignment but this is my certificate and accepted by the Ministry of windows of relational systems and this of and that the what we see the central actually dimension so widely I was around analyzes of Windows and does not mean that the structure of this has put together until this implementation is these can be managed with the simplest the kitchen and quantum state mood you can create signatures we have the private key in this to begin with the public key and we want to select data to decide and nothing extraordinary here that is to be assigned can be anything thing we have to alignment with that so matter what creates a signature we that is so we have the power private key aren't the idea of something similar happens here as in the case of generating a public we have to send the use of the island of Kili pieces in terms hash creation not as many times as well as in the case of the public the key science astronomy of this that depends on the bits of data to be assigned and this is where the connection is made between the data to be signed and it didn't signature because primary key because of momentum 1 this is a list presented with Internet say it's really have to it so it's an iterative i essentially public key and is essentially the only 6 or 7 times this is what will be incorporated into the signature value the making of the people have to add to this system that is check number of years of which also has to be connected to the impression that and With this private key his passion private use executed in each of our and the signature structure looks the same as in the case of the private construction but now we have the hash keys chunks of that provide the identifier in the system parameters and the evidence see them on the number of all the 265 impressions which was calculated from the private key 1 of depending on the nature of the beast but this is the interesting part of and validate you we then In the case of 1 equal aids would have to have 2 interpreted by others but in this case we have 6 times the question is how many times do we have to match the data datachunk in order to receive the public here this feature the certificates and we can also no would then also all the all the signature and assigned to the left and the ones we will have to continue for as many times the public key was hashed during the creation of the fact that we are successful in this situation in his work correctly so that the current research and you signed in data under executed on signatures chunks on the other line with the what's signature verification program in the world all of us see a match between the key and the impression it was the and and that's all there to that you this have this current user went on this 1 so that this was a single institution and production also sports activities in the case of winter and leads you to see that and that of the sexual changes going to see how to better understand the nature going through the public key signature value and randomly the hatched creation in the of data and here practically have to compare the public use of something something that war and this was the operation of the of Italy and Hungary and analysis sometimes users and there's a lot of this recaps the chance of and the definition of a half percentage that solution to like the general we have a very good friend of the original data that we have a good performance because the number of of motions and so on so it's useful in the case of my family but and that important aspect is that this can only be used to once of the used the out of that algorithms where there an abortion from multiple use of the key is the combined model trees and so that would be a more serious than but a more serious key management this is a fixed single use of the algorithm and this is also good for the end user key here is to be established in here 3 years 10 times in the case of 1 single signature assigned once and then we have to delete the key of this here on wall on the other hand I mustn't forget this region right there is no other mathematics in the background just 2 simple functions and of usage is very easy and simple and secure simpletouse actually if we do not introduce American trade economies and what was most important of that is the largest I was just a single unit cannot be used in case of web server but it's absolutely grades human usage thank you use of the Boston and systems of public administration and that's all I wish to share with you and as far as I can tell my time is up to them what there is a cold war the screenshots option is independent of the future you have to