151 research outputs found
Tensor-based trapdoors for CVP and their application to public key cryptography
We propose two trapdoors for the Closest-Vector-Problem in lattices (CVP) related to the lattice tensor product. Using these trapdoors we set up a lattice-based cryptosystem which resembles to the McEliece scheme
Good Gottesman-Kitaev-Preskill codes from the NTRU cryptosystem
We introduce a new class of random Gottesman-Kitaev-Preskill (GKP) codes
derived from the cryptanalysis of the so-called NTRU cryptosystem. The derived
codes are good in that they exhibit constant rate and average distance scaling
with high probability, where is the number of
bosonic modes, which is a distance scaling equivalent to that of a GKP code
obtained by concatenating single mode GKP codes into a qubit-quantum error
correcting code with linear distance. The derived class of NTRU-GKP codes has
the additional property that decoding for a stochastic displacement noise model
is equivalent to decrypting the NTRU cryptosystem, such that every random
instance of the code naturally comes with an efficient decoder. This
construction highlights how the GKP code bridges aspects of classical error
correction, quantum error correction as well as post-quantum cryptography. We
underscore this connection by discussing the computational hardness of decoding
GKP codes and propose, as a new application, a simple public key quantum
communication protocol with security inherited from the NTRU cryptosystem.Comment: 23 pages, 10 figures, comments welcome! Version 2 has minor
correction
Komplexität von Gitterproblemen : Nicht-Approximierbarkeit und Grenzen der Nicht-Approximierbarkeit
Ein Gitter vom Rang n ist die Menge der ganzzahligen Linerkombinationen von n linear unabhängigen Vektoren im Rm. Unter der Annahme P NP beweisen wir, daß kein Polynomialzeit-Algorithmus existiert, der eine kürzeste Gitterbasis bis auf einen Faktor nO exp(1/log log n) berechnet, wobei die Länge einer Menge von Vektoren durch die maximale Euklidische Länge der Vektoren definiert ist. Weiter zeigen wir, daß eine Verbesserung dieses Resultates bis hin zu einem Faktor n/ sqrt(log n) unter plausiblen Annahmen nicht möglich ist. Ein simultaner Diophantischer Best Approximations Nenner für reelle Zahlen alpha1, .... , alpha n und Hauptnennerschranke N ist eine natürliche Zahl q mit 1 = N, so daß maxi minp2Z |q alpha i - p| minimal ist. Unter der Annahme, daß die Klasse NP keine fast-polynomiellen Algorithmen besitzt, beweisen wir, daß kein Polynomialzeit-Algorithmus existiert, der für gegebene rationale Zahlen. Ein Gitter vom Rang n ist die Menge der ganzzahligen Linerkombinationen von n linear unabhängigen Vektoren im Rm. Unter der Annahme P 6= NP beweisen wir, daß kein Polynomialzeit-Algorithmus existiert, der eine kürzeste Gitterbasis bis auf einen Faktor nO(1= log log n) berechnet, wobei die Länge einer Menge von Vektoren durch die maximale Euklidische Länge der Vektoren definiert ist. Weiter zeigen wir, daß eine Verbesserung dieses Resultates bis hin zu einem Faktor n=plog n unter plausiblen Annahmen nicht möglich ist. Ein simultaner Diophantischer Best Approximations Nenner für reelle Zahlen alpha1, .... , alpha n und Hauptnennerschranke N ist eine natürliche Zahl q mit 1 0 eine beliebige Konstante ist. Wir zeigen, daß eine Verbesserung dieses Resultates bis hin zu einem Faktor n=log n unter plausiblen Annahmen nicht mölich ist. Wir untersuchen die Konsequenzen dieser Resultate zur Konstruktion von im Durchschnitt schwierigen Gitterproblemen
SMS-based One-Time Passwords: Attacks and Defense
SMS-based One-Time Passwords (SMS OTP) were introduced to counter phishing and other attacks against Internet services such as online banking. Today, SMS OTPs are commonly used for authentication and authorization for many different applications. Recently, SMS OTPs have come under heavy attack, especially by smartphone trojans. In this paper, we analyze the security architecture of SMS OTP systems and study attacks that pose a threat to Internet-based authentication and authorization services. We determined that the two foundations SMS OTP is built on, cellular networks and mobile handsets, were completely different at the time when SMS OTP was designed and introduced. Throughout this work, we show why SMS OTP systems cannot be considered secure anymore. Based on our findings, we propose mechanisms to secure SMS OTPs against common attacks and specifically against smartphone trojans
A super-polynomial quantum-classical separation for density modelling
Density modelling is the task of learning an unknown probability density
function from samples, and is one of the central problems of unsupervised
machine learning. In this work, we show that there exists a density modelling
problem for which fault-tolerant quantum computers can offer a super-polynomial
advantage over classical learning algorithms, given standard cryptographic
assumptions. Along the way, we provide a variety of additional results and
insights, of potential interest for proving future distribution learning
separations between quantum and classical learning algorithms. Specifically, we
(a) provide an overview of the relationships between hardness results in
supervised learning and distribution learning, and (b) show that any weak
pseudo-random function can be used to construct a classically hard density
modelling problem. The latter result opens up the possibility of proving
quantum-classical separations for density modelling based on weaker assumptions
than those necessary for pseudo-random functions.Comment: 15 pages, one figur
Breaking the quadratic barrier: Quantum cryptanalysis of Milenage, telecommunications’ cryptographic backbone
The potential advent of large-scale quantum computers in the near future poses a threat to contemporary cryptography.
One ubiquitous usage of cryptography is currently present in the vibrant field of cellular networks.
The cryptography of cellular networks is centered around seven secret-key algorithms , aggregated into an authentication and key agreement algorithm set.
Still, to the best of our knowledge, these secret key algorithms have not yet been subject to quantum cryptanalysis. Instead, many quantum security considerations for telecommunication networks argue that the threat posed by quantum computers is restricted to public-key cryptography. However, various recent works have presented quantum attacks on secret key cryptography that exploit quantum period finding to achieve more than a quadratic speedup compared to the best known classical attacks. Motivated by this quantum threat to symmetric cryptography, this paper presents a quantum cryptanalysis for the Milenage algorithm set, the prevalent instantiation of the seven secret-key algorithms that underpin cellular security.
Building upon recent quantum cryptanalytic results, we show attacks that go beyond a quadratic speedup.
Concretely, we provide quantum attack scenarios for all Milenage algorithms, including exponential speedups when the attacker is allowed to issue superposition queries. Our results do not constitute a quantum break of the Milenage algorithms, but they do show that Milenage suffers from structural weaknesses making it susceptible to quantum attacks
- …