10 research outputs found
Factoring Safe Semiprimes with a Single Quantum Query
Shor's factoring algorithm (SFA), by its ability to efficiently factor large
numbers, has the potential to undermine contemporary encryption. At its heart
is a process called order finding, which quantum mechanics lets us perform
efficiently. SFA thus consists of a \emph{quantum order finding algorithm}
(QOFA), bookended by classical routines which, given the order, return the
factors. But, with probability up to , these classical routines fail, and
QOFA must be rerun. We modify these routines using elementary results in number
theory, improving the likelihood that they return the factors.
The resulting quantum factoring algorithm is better than SFA at factoring
safe semiprimes, an important class of numbers used in cryptography. With just
one call to QOFA, our algorithm almost always factors safe semiprimes. As well
as a speed-up, improving efficiency gives our algorithm other, practical
advantages: unlike SFA, it does not need a randomly picked input, making it
simpler to construct in the lab; and in the (unlikely) case of failure, the
same circuit can be rerun, without modification.
We consider generalizing this result to other cases, although we do not find
a simple extension, and conclude that SFA is still the best algorithm for
general numbers (non safe semiprimes, in other words). Even so, we present some
simple number theoretic tricks for improving SFA in this case.Comment: v2 : Typo correction and rewriting for improved clarity v3 : Slight
expansion, for improved clarit
Large-Scale Simulation of Shor's Quantum Factoring Algorithm
Shor's factoring algorithm is one of the most anticipated applications of
quantum computing. However, the limited capabilities of today's quantum
computers only permit a study of Shor's algorithm for very small numbers. Here
we show how large GPU-based supercomputers can be used to assess the
performance of Shor's algorithm for numbers that are out of reach for current
and near-term quantum hardware. First, we study Shor's original factoring
algorithm. While theoretical bounds suggest success probabilities of only 3-4
%, we find average success probabilities above 50 %, due to a high frequency of
"lucky" cases, defined as successful factorizations despite unmet sufficient
conditions. Second, we investigate a powerful post-processing procedure, by
which the success probability can be brought arbitrarily close to one, with
only a single run of Shor's quantum algorithm. Finally, we study the
effectiveness of this post-processing procedure in the presence of typical
errors in quantum processing hardware. We find that the quantum factoring
algorithm exhibits a particular form of universality and resilience against the
different types of errors. The largest semiprime that we have factored by
executing Shor's algorithm on a GPU-based supercomputer, without exploiting
prior knowledge of the solution, is 549755813701 = 712321 * 771781. We put
forward the challenge of factoring, without oversimplification, a non-trivial
semiprime larger than this number on any quantum computing device.Comment: differs from the published version in formatting and style; open
source code available at https://jugit.fz-juelich.de/qip/shorgp
Security, Scalability and Privacy in Applied Cryptography
In the modern digital world, cryptography finds its place in countless applications. However, as we increasingly use technology to perform potentially sensitive tasks, our actions and private data attract, more than ever, the interest of ill-intentioned actors.
Due to the possible privacy implications of cryptographic flaws, new primitives’ designs need to undergo rigorous security analysis and extensive cryptanalysis to foster confidence in their adoption. At the same time, implementations of cryptographic protocols should scale on a global level and be efficiently deployable on users’ most common devices to widen the range of their applications.
This dissertation will address the security, scalability and privacy of cryptosystems by presenting new designs and cryptanalytic results regarding blockchain cryptographic primitives and public-key schemes based on elliptic curves. In Part I, I will present the works I have done in regards to accumulator schemes. More precisely, in Chapter 2, I cryptanalyze Au et al. Dynamic Universal Accumulator, by showing some attacks which can completely take over the authority who manages the accumulator. In Chapter 3, I propose a design for an efficient and secure accumulator-based authentication mechanism, which is scalable, privacy-friendly, lightweight on the users’ side, and suitable to be implemented on the blockchain.
In Part II, I will report some cryptanalytical results on primitives employed or considered for adoption in top blockchain-based cryptocurrencies. In particular, in Chapter 4, I describe how the zero-knowledge proof system and the commitment scheme adopted by the privacy-friendly cryptocurrency Zcash, contain multiple subliminal channels which can be exploited to embed several bytes of tagging information in users’ private transactions. In Chapter 5, instead, I report the cryptanalysis of the Legendre PRF, employed in a new consensus mechanism considered for adoption by the blockchain-based platform Ethereum, and attacks for further generalizations of this pseudo-random function, such as the Higher-Degree Legendre PRF, the Jacobi Symbol PRF, and the Power-Residue PRF.
Lastly, in Part III, I present my line of research on public-key primitives based on elliptic curves. In Chapter 6, I will describe a backdooring procedure for primes so that whenever they appear as divisors of a large integer, the latter can be efficiently factored. This technique, based on elliptic curves Complex Multiplication theory, enables to eventually generate non-vulnerable certifiable semiprimes with unknown factorization in a multi-party computation setting, with no need to run a statistical semiprimality test common to other protocols. In Chapter 7, instead, I will report some attack optimizations and specific implementation design choices that allow breaking a reduced-parameters instance, proposed by Microsoft, of SIKE, a post-quantum key-encapsulation mechanism based on isogenies between supersingular elliptic curves
Quantum Computational Supremacy: Security and Vulnerability in a New Paradigm
Despite three decades of research, the field of quantum computation has yet to build a quantum computer that can perform a task beyond the capability of any classical computer – an event known as computational supremacy. Yet this multi-billion dollar research industry persists in its efforts to construct such a machine. Based on the counter-intuitive principles of quantum physics, these devices are fundamentally different from the computers we know. It is theorised that large-scale quantum computers will have the ability to perform some remarkably powerful computations, even if the extent of their capabilities remains disputed. One application, however, the factoring of large numbers into their constituent primes, has already been demonstrated using Shor’s quantum algorithm. This capability has far reaching implications for cybersecurity as it poses an unprecedented threat to the public key encryption that forms an important component of the security of all digital communications. This paper outlines the nature of the threat that quantum computation is believed to pose to digital communications and investigates how this emerging technology, coupled with the threat of Adversarial Artificial Intelligence, may result in large technology companies gaining unacceptable political leverage; and it proposes measures that might be implemented to mitigate this eventuality
Proof of Latency Using a Verifiable Delay Function
In this thesis I present an interactive public-coin protocol called Proof of Latency (PoL) that aims to improve connections in peer-to-peer networks by measuring latencies with logical clocks built from verifiable delay functions (VDF). PoL is a tuple of three algorithms, Setup(e, λ), VCOpen(c, e), and Measure(g, T, l_p, l_v). Setup creates a vector commitment (VC), from which a vector commitment opening corresponding to a collaborator's public key is taken in VCOpen, which then gets used to create a common reference string used in Measure. If no collusion gets detected by neither party, a signed proof is ready for advertising. PoL is agnostic in terms of the individual implementations of the VC or VDF used. This said, I present a proof of concept in the form of a state machine implemented in Rust that uses RSA-2048, Catalano-Fiore vector commitments and Wesolowski's VDF to demonstrate PoL. As VDFs themselves have been shown to be useful in timestamping, they seem to work as a measurement of time in this context as well, albeit requiring a public performance metric for each peer to compare to during the measurement. I have imagined many use cases for PoL, like proving a geographical location, working as a benchmark query, or using the proofs to calculate VDFs with the latencies between peers themselves. As it stands, PoL works as a distance bounding protocol between two participants, considering their computing performance is relatively similar. More work is needed to verify the soundness of PoL as a publicly verifiable proof that a third party can believe in.Tässä tutkielmassa esitän interaktiivisen protokollan nimeltä Proof of latency (PoL), joka pyrkii parantamaan yhteyksiä vertaisverkoissa mittaamalla viivettä todennettavasta viivefunktiosta rakennetulla loogisella kellolla. Proof of latency koostuu kolmesta algoritmista, Setup(e, λ), VCOpen(c, e) ja Measure(g, T, l_p, l_v). Setup luo vektorisitoumuksen, josta luodaan avaus algoritmissa VCOpen avaamalla vektorisitoumus indeksistä, joka kuvautuu toisen mittaavan osapuolen julkiseen avaimeen. Tätä avausta käytetään luomaan yleinen viitemerkkijono, jota käytetään algoritmissa Measure alkupisteenä molempien osapuolien todennettavissa viivefunktioissa mittaamaan viivettä. Jos kumpikin osapuoli ei huomaa virheitä mittauksessa, on heidän allekirjoittama todistus valmis mainostettavaksi vertaisverkossa. PoL ei ota kantaa sen käyttämien kryptografisten funktioiden implementaatioon. Tästä huolimatta olen ohjelmoinut protokollasta prototyypin Rust-ohjelmointikielellä käyttäen RSA-2048:tta, Catalano-Fiore--vektorisitoumuksia ja Wesolowskin todennettavaa viivefunktiota protokollan esittelyyn. Todistettavat viivefunktiot ovat osoittaneet hyödyllisiksi aikaleimauksessa, mikä näyttäisi osoittavan niiden soveltumisen myös ajan mittaamiseen tässä konteksissa, huolimatta siitä että jokaisen osapuolen tulee ilmoittaa julkisesti teholukema, joka kuvaa niiden tehokkuutta viivefunktioiden laskemisessa. Toinen osapuoli käyttää tätä lukemaa arvioimaan valehteliko toinen viivemittauksessa. Olen kuvitellut monta käyttökohdetta PoL:lle, kuten maantieteellisen sijainnin todistaminen, suorituskykytestaus, tai itse viivetodistuksien käyttäminen uusien viivetodistusten laskemisessa vertaisverkon osallistujien välillä. Tällä hetkellä PoL toimii etäisyydenmittausprotokollana kahden osallistujan välillä, jos niiden suorituskyvyt ovat tarpeeksi lähellä toisiaan. Protokolla tarvitsee lisätutkimusta sen suhteen, voiko se toimia uskottavana todistuksena kolmansille osapuolille kahden vertaisverkon osallistujan välisestä viiveestä
Cybersecurity and Quantum Computing: friends or foes?
L'abstract è presente nell'allegato / the abstract is in the attachmen