Blind Reconciliation

Information reconciliation is a crucial procedure in the classical post-processing of quantum key distribution (QKD). Poor reconciliation efficiency, revealing more information than strictly needed, may compromise the maximum attainable distance, while poor performance of the algorithm limits the practical throughput in a QKD device. Historically, reconciliation has been mainly done using close to minimal information disclosure but heavily interactive procedures, like Cascade, or using less efficient but also less interactive -just one message is exchanged- procedures, like the ones based in low-density parity-check (LDPC) codes. The price to pay in the LDPC case is that good efficiency is only attained for very long codes and in a very narrow range centered around the quantum bit error rate (QBER) that the code was designed to reconcile, thus forcing to have several codes if a broad range of QBER needs to be catered for. Real world implementations of these methods are thus very demanding, either on computational or communication resources or both, to the extent that the last generation of GHz clocked QKD systems are finding a bottleneck in the classical part. In order to produce compact, high performance and reliable QKD systems it would be highly desirable to remove these problems. Here we analyse the use of short-length LDPC codes in the information reconciliation context using a low interactivity, blind, protocol that avoids an a priori error rate estimation. We demonstrate that 2x10^3 bits length LDPC codes are suitable for blind reconciliation. Such codes are of high interest in practice, since they can be used for hardware implementations with very high throughput.Comment: 22 pages, 8 figure

The Engineering of Software-Defined Quantum Key Distribution Networks

Quantum computers will change the cryptographic panorama. A technology once believed to lay far away into the future is increasingly closer to real world applications. Quantum computers will break the algorithms used in our public key infrastructure and in our key exchange protocols, forcing a complete retooling of the cryptography as we know it. Quantum Key distribution is a physical layer technology immune to quantum or classical computational threats. However, it requires a physical substrate, and optical fiber has been the usual choice. Most of the time used just as a point to point link for the exclusive transport of the delicate quantum signals. Its integration in a real-world shared network has not been attempted so far. Here we show how the new programmable software network architectures, together with specially designed quantum systems can be used to produce a network that integrates classical and quantum communications, including management, in a single, production-level infrastructure. The network can also incorporate new quantum-safe algorithms and use the existing security protocols, thus bridging the gap between today's network security and the quantum-safe network of the future. This can be done in an evolutionary way, without zero-day migrations and the corresponding upfront costs. We also present how the technologies have been deployed in practice using a production network.Comment: 7 pages, 4 figures, Accepted for publication in the IEEE Communications Magazine, Future Internet: Architectures and Protocols issu

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Algorithms on Ideal over Complex Multiplication order

We show in this paper that the Gentry-Szydlo algorithm for cyclotomic orders, previously revisited by Lenstra-Silverberg, can be extended to complex-multiplication (CM) orders, and even to a more general structure. This algorithm allows to test equality over the polarized ideal class group, and finds a generator of the polarized ideal in polynomial time. Also, the algorithm allows to solve the norm equation over CM orders and the recent reduction of principal ideals to the real suborder can also be performed in polynomial time. Furthermore, we can also compute in polynomial time a unit of an order of any number field given a (not very precise) approximation of it. Our description of the Gentry-Szydlo algorithm is different from the original and Lenstra- Silverberg's variant and we hope the simplifications made will allow a deeper understanding. Finally, we show that the well-known speed-up for enumeration and sieve algorithms for ideal lattices over power of two cyclotomics can be generalized to any number field with many roots of unity.Comment: Full version of a paper submitted to ANT

A Lightweight Implementation of NTRUEncrypt for 8-bit AVR Microcontrollers

Introduced in 1996, NTRUEncrypt is not only one of the earliest but also one of the most scrutinized lattice-based cryptosystems and a serious contender in NIST’s ongoing Post-Quantum Cryptography (PQC) standardization project. An important criterion for the assessment of candidates is their computational cost in various hardware and software environments. This paper contributes to the evaluation of NTRUEncrypt on the ATmega class of AVR microcontrollers, which belongs to the most popular 8-bit platforms in the embedded domain. More concretely, we present AvrNtru, a carefully-optimized implementation of NTRUEncrypt that we developed from scratch with the goal of achieving high performance and resistance to timing attacks. AvrNtru complies with version 3.3 of the EESS#1 specification and supports recent product-form parameter sets like ees443ep1, ees587ep1, and ees743ep1. A full encryption operation (including mask generation and blinding- polynomial generation) using the ees443ep1 parameters takes 834,272 clock cycles on an ATmega1281 microcontroller; the decryption is slightly more costly and has an execution time of 1,061,683 cycles. When choosing the ees743ep1 parameters to achieve a 256-bit security level, 1,539,829 clock cycles are cost for encryption and 2,103,228 clock cycles for decryption. We achieved these results thanks to a novel hybrid technique for multiplication in truncated polynomial rings where one of the operands is a sparse ternary polynomial in product form. Our hybrid technique is inspired by Gura et al’s hybrid method for multiple-precision integer multiplication (CHES 2004) and takes advantage of the large register file of the AVR architecture to minimize the number of load instructions. A constant-time multiplication in the ring specified by the ees443ep1 parameters requires only 210,827 cycles, which sets a new speed record for the arithmetic component of a lattice-based cryptosystem on an 8-bit microcontroller

The second quantum revolution: designing a teaching-learning activity on the quantum manifesto to futurize science education

Questa tesi è la conclusione di un lavoro all’interno di I SEE (Inclusive STEM Education to Enhance the capacity to aspire and imagine future careers), un progetto europeo Erasmus+ coordinato dall’Università di Bologna e che coinvolge altri sei partner (http://iseeproject.eu). Il mio lavoro ha portato allo sviluppo di un’attività didattica intitolata “Applicazioni e implicazioni dei computer quantistici nella società” che è parte di un modulo I SEE sui computer quantistici. Progetto e attività mirano a contribuite a due dibattiti nella ricerca sull’educazione scientifica: quello sulla didattica STEM e sulla sua posizione in contesti di ricerca, istituzionali e didattici; quello sulla percezione del futuro da parte dei giovani in questo mondo in accelerazione. Il primo capitolo riguarda lo stato dell’arte del dibattito sulla didattica STEM, da un punto di vista sia di ricerca che istituzionale, come modo di affrontare temi chiave che riguardano il rapporto problematico tra scienza e società. Nel secondo capitolo, viene presentato il progetto I SEE e collocato all’interno della ricerca nella didattica STEM. È fornita una descrizione di come tale progetto contribuisce a promuovere lo sviluppo delle cosiddette future-scaffolding skills e a disegnare un approccio STEM integrato, con una descrizione dei moduli finlandese e italiano sulle tecnologie quantistiche. Il terzo capitolo include la descrizione dell’attività che ho contribuito a sviluppare. Essa è stata costruita per raggiungere diversi obiettivi tra cui guidare gli studenti di scuola secondaria a familiarizzare con la terminologia, le prospettive e i contenuti di documenti istituzionali come il Quantum Manifesto, e rendersi conto delle tante dimensioni coinvolte, riconoscendo dove e come le tecnologie quantistiche potranno essere d’impatto nella vita del singolo. Infine, si discutono i risultati dell’implementazione dell’attività avvenuta a Bologna nel febbraio 2019 con 25 studenti di scuola secondaria

Secure quantum communication technologies and systems: From labs to markets

We provide a broad overview of current quantum communication by analyzing the recent discoveries on the topic and by identifying the potential bottlenecks requiring further investigation. The analysis follows an industrial perspective, first identifying the state or the art in terms of protocols, systems, and devices for quantum communication. Next, we classify the applicative fields where short- and medium-term impact is expected by emphasizing the potential and challenges of different approaches. The direction and the methodology with which the scientific community is proceeding are discussed. Finally, with reference to the European guidelines within the Quantum Flagship initiative, we suggest a roadmap to match the effort community-wise, with the objective of maximizing the impact that quantum communication may have on our society

European Quantum Strategy – global and local consequences

Europe has to face strong competitive challenges in the field of QIT from other regions of the world. The tools for the effective implementation of the challenges related to the start, we hope, of building a quantum civilization are both common and individual in particulari European countries. Joint projects in the field of QIT, usually narrowly focused, are announced by large European Agencies and are related to their activities. Large-scale collaborative projects are of course the domain of the EC. National projects depend heavily on the capabilities of individual countries and vary greatly in size. The most technologically advanced European countries invest hundreds of millions of Euros in national QIT projects annually. The largest European FET class project currently being implemented is the Quantum Flagship. Although the EQF is basically just one of the elements of a large and complicated European scene of development of quantum technologies, it becomes the most important element and, in a sense, a dominant one, also supported from the political level. There are complex connections and feedbacks between the elements of this quantum scene. National projects try to link to the EQF. Here we are interested in such connections and their impact on the effectiveness of QIT development in Europe, and especially in Poland

Blind reconiliation

Information reconciliation is a crucial procedure in the classical post-processing of quantum key distribution (QKD). Poor reconciliation e?ciency, revealing more information than strictly needed, may compromise the maximum attainable distance, while poor performance of the algorithm limits the practical throughput in a QKD device. Historically, reconciliation has been mainly done using close to minimal information disclosure but heavily interactive procedures, like Cascade, or using less e?cient but also less interactive ?just one message is exchanged? procedures, like the ones based in low-density parity-check (LDPC) codes. The price to pay in the LDPC case is that good e?ciency is only attained for very long codes and in a very narrow range centered around the quantum bit error rate (QBER) that the code was designed to reconcile, thus forcing to have several codes if a broad range of QBER needs to be catered for. Real world implementations of these methods are thus very demanding, either on computational or communication resources or both, to the extent that the last generation of GHz clocked QKD systems are ?nding a bottleneck in the classical part. In order to produce compact, high performance and reliable QKD systems it would be highly desirable to remove these problems. Here we analyse the use of short-length LDPC codes in the information reconciliation context using a low interactivity, blind, protocol that avoids an a priori error rate estimation. We demonstrate that 2×103 bits length LDPC codes are suitable for blind reconciliation. Such codes are of high interest in practice, since they can be used for hardware implementations with very high throughput