Quantum-safe cryptography for the Internet

互联网的量子安全密码学

• 批准号: RGPIN-2016-05146
• 负责人: Stebila, Douglas
• 金额: $ 3.35万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=665862
• 关键词: Quantum; safe; cryptography; Internet

Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer. The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.***Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including lattices (and the learning-with-errors problem), error-correcting codes, multivariate equations, and hash functions. These have been used to construct public key encryption and digital signature schemes, as well as complex functionality like fully homomorphic encryption.***Unfortunately, all current quantum-safe algorithms have drawbacks that make them unsuitable for practical use. Some require larger key sizes or ciphertexts, increasing communication costs; others have slow implementations. Existing research in quantum-safe cryptography has focused on public key encryption and digital signatures, whereas most real-world protocols need authenticated key exchange. There is little research on how to efficiently and securely integrate them in applications, and their performance characteristics.***The overall aim of this research program is to design cryptographic systems that are secure against attacks by quantum computers and are practical for use on the Internet, with a specific focus on authenticated key exchange protocols. We will achieve this by designing new and improved algorithms for a variety of cryptographic tasks and analysing and testing these algorithms in the context of deployed protocols to identify techniques that are suitable for long-term use.***The results of this research will support the creation of Internet technologies that protect communication from quantum computers. The anticipated outcomes are practical new encryption algorithms, open source software, and recommendations for the use of quantum-safe cryptography in Internet protocols, ready for use by Internet standards bodies. Canadian Internet users will benefit from enhanced security. This research supports Canada's strategic investment in becoming a leader in quantum technologies.**

公钥加密是确保所有互联网通信安全的关键。例如，传输层安全（TLS）协议使用公钥加密来保护每个“https”网页，以输入密码或信用卡号。然而，实际上使用的所有公钥算法都是基于数学问题的，比如因子分解、离散多项式或椭圆曲线，这些问题都可能被量子计算机破解。量子安全密码学领域，也称为后量子密码学或量子抵抗密码学，旨在构建即使在量子计算机上也被认为是安全的公钥密码系统。物理学的不断进步指向最终建造大规模量子计算机。这样的未来设备仍然能够解密当今的通信，允许任何人解密今天传输的数据。因此，重要的是现在就开始开发和部署量子安全密码学，甚至在量子计算机建造之前。已经提出了几种数学技术来构建量子安全密码系统，包括格（和带错误学习问题），纠错码，多元方程和哈希函数。这些已被用于构造公钥加密和数字签名方案，以及复杂的功能，如全同态加密。不幸的是，目前所有的量子安全算法都有缺点，使它们不适合实际使用。有些需要更大的密钥大小或密文，增加了通信成本;另一些则实现缓慢。量子安全密码学的现有研究集中在公钥加密和数字签名上，而大多数现实世界的协议需要认证密钥交换。关于如何有效、安全地将它们集成到应用程序中以及它们的性能特征的研究很少。该研究计划的总体目标是设计加密系统，这些系统可以安全地抵御量子计算机的攻击，并且可以在互联网上使用，特别关注认证密钥交换协议。我们将通过为各种加密任务设计新的和改进的算法，并在部署的协议中分析和测试这些算法，以确定适合长期使用的技术来实现这一目标。这项研究的结果将支持创建保护量子计算机通信的互联网技术。预期的成果是实用的新加密算法、开放源码软件以及在互联网协议中使用量子安全加密的建议，供互联网标准机构使用。加拿大互联网用户将受益于加强安全。这项研究支持加拿大成为量子技术领导者的战略投资。