Research of Post-Quantum Cryptography in China...Research of Post-Quantum Cryptography in China Jiwu...

Research of Post-Quantum Cryptography in China

Jiwu Jing Data Assurance and Communications Security Research Center

Chinese Academy of Sciences

Quantum Revolution

Quantum Precision Measurement

Quantum Communication

QuantumComputation

Contents Background Projects and Results Trends

RSA3072

SHA-512SHA-224 SHA-384SHA-256SM3

AES128SM4

Classical Cryptographic Schemes

DES

56bit1999

2DES

80bit2010

3DES

112bit2030

128bit2040

192bit2080

256bit2120

SHA-1

RSA1024 RSA2048

AES192 AES256

DSA256SM2DSA160 DSA224 DSA384 DSA512

Safe world without quantum computingCurrent schemes can used for 100 years

Quantum Computers

Temporal Defense Systems Inc. (TDS)

Scheme Affect

Symmetric Key (SM4,AES) Security Halved (Grover)

Hash(SM3,SHA-3) Security Decreased(Grover

Public Key (RSA,DSA,SM2) Completely Broken（Shor）

Lattice Cryptography Quantum Safe （Currently）

Multivariant Cryptogrphy Quantum Safe （Currently）

Hash based signature Quantum Safe （Currently）

Code-based cryptography Quantum Safe （Currently）

Isogeny Cryptography Quantum Safe （Currently）

Affect of Quantum Computing

Candidates of NIST PQC

PQC Events in China

20182010

PQC key projects in NSFC

PQC projects in Cryptography Development Fund

2015

Lattice Cryptography Summer School 2016

2016 June 9-101st Asia PQC Forum

PQCSummer School 2018

Submit Candidates & Cryptanalysis to NIST PQC Standardization

2018.6 CACRPQC Competition

Candidates Submitted to NIST PQC

Algorithms Inventors

Lepton Yu yu, Shanghai Jiaotong University, ChinaZhangjiang, State Key Laboratory of Cryptology, China

KCL Yunlei Zhao, Zhengzhong jin, Boru Gong, Guangye SuiFudan University, China

LAC Xianhui Lu, Yamin Liu, Dingding Jia, Haiyang Xue, Jingnan HeDACAS, Chinese Academy of Sciences

Zhenfei Zhang, OnBoard Security Inc

1st Candidate Submitted to NIST PQC

The only candidate based on LPN problemSuitable for low-power devices even RFID

1st Candidate Submitted to NIST PQC

LPN is the simplest version of the hard learning problem family

1st Candidate Submitted to NIST PQC

Hardness of LPN

1st Candidate Submitted to NIST PQC

Main obstacle: public-key and ciphertext size

2nd Candidate Submitted to NIST PQC

Optimal Key Consensus inPresence of Noise.

2nd Candidate Submitted to NIST PQC

General Framework for PKE, KE

2nd Candidate Submitted to NIST PQC

KCL vs NewHope

3rd Candidate Submitted to NIST PQC

The only byte-level modulus and bit-level noiseRing-LWE based scheme

3rd Candidate Submitted to NIST PQC

NewHope: n=1024, = 8, 12289q

Kyber: n=256*3, =2 6, 7 81q

LAC: n=512, =1 / 2 5, 2 1q

3rd Candidate Submitted to NIST PQC

=

AVX2 30 times speed up:150 microseconds to 5 microseconds

_mm256_maddubs_epi16

1a 2a

1c

1b 2b

1 1 1 2 2c ab a b

μs

3rd Candidate Submitted to NIST PQC

1st Cryptanalysis of NIST PQC Candidate

Break DRS Scheme

1st Cryptanalysis of NIST PQC Candidate

statistical attack with deep learning

2rd Cryptanalysis of NIST PQC Candidate

Break HK17 Scheme

2rd Cryptanalysis of NIST PQC Candidate

3rd Cryptanalysis of NIST PQC Candidate

Break Compact-LWE Scheme

3rd Cryptanalysis of NIST PQC Candidate

LWE with structured noise

Attend ISO/IEC SC27 WG2 SD8

Attend the PQC project of ISO

Trends of PQC in China

20252018

Standardization

Theoretical Research of PQC：design & quantum computing cryptanalysis

2020

Application

Prototype

Thanks!