Embed Size (px)
Citation preview
Research of Post-Quantum Cryptography in China
Jiwu Jing Data Assurance and Communications Security Research Center
Chinese Academy of Sciences
Quantum Revolution
Quantum Precision Measurement
Quantum Communication
QuantumComputation
Contents Background Projects and Results Trends
RSA3072
SHA-512SHA-224 SHA-384SHA-256SM3
AES128SM4
Classical Cryptographic Schemes
DES
56bit1999
2DES
80bit2010
3DES
112bit2030
128bit2040
192bit2080
256bit2120
SHA-1
RSA1024 RSA2048
AES192 AES256
DSA256SM2DSA160 DSA224 DSA384 DSA512
Safe world without quantum computingCurrent schemes can used for 100 years
Quantum Computers
Temporal Defense Systems Inc. (TDS)
Scheme Affect
Symmetric Key (SM4,AES) Security Halved (Grover)
Hash(SM3,SHA-3) Security Decreased(Grover
Public Key (RSA,DSA,SM2) Completely Broken(Shor)
Lattice Cryptography Quantum Safe (Currently)
Multivariant Cryptogrphy Quantum Safe (Currently)
Hash based signature Quantum Safe (Currently)
Code-based cryptography Quantum Safe (Currently)
Isogeny Cryptography Quantum Safe (Currently)
Affect of Quantum Computing
Candidates of NIST PQC
PQC Events in China
20182010
PQC key projects in NSFC
PQC projects in Cryptography Development Fund
2015
Lattice Cryptography Summer School 2016
2016 June 9-101st Asia PQC Forum
PQCSummer School 2018
Submit Candidates & Cryptanalysis to NIST PQC Standardization
2018.6 CACRPQC Competition
Candidates Submitted to NIST PQC
Algorithms Inventors
Lepton Yu yu, Shanghai Jiaotong University, ChinaZhangjiang, State Key Laboratory of Cryptology, China
KCL Yunlei Zhao, Zhengzhong jin, Boru Gong, Guangye SuiFudan University, China
LAC Xianhui Lu, Yamin Liu, Dingding Jia, Haiyang Xue, Jingnan HeDACAS, Chinese Academy of Sciences
Zhenfei Zhang, OnBoard Security Inc
1st Candidate Submitted to NIST PQC
The only candidate based on LPN problemSuitable for low-power devices even RFID
1st Candidate Submitted to NIST PQC
LPN is the simplest version of the hard learning problem family
1st Candidate Submitted to NIST PQC
Hardness of LPN
1st Candidate Submitted to NIST PQC
Main obstacle: public-key and ciphertext size
2nd Candidate Submitted to NIST PQC
Optimal Key Consensus inPresence of Noise.
2nd Candidate Submitted to NIST PQC
General Framework for PKE, KE
2nd Candidate Submitted to NIST PQC
KCL vs NewHope
3rd Candidate Submitted to NIST PQC
The only byte-level modulus and bit-level noiseRing-LWE based scheme
3rd Candidate Submitted to NIST PQC
NewHope: n=1024, = 8, 12289q
Kyber: n=256*3, =2 6, 7 81q
LAC: n=512, =1 / 2 5, 2 1q
3rd Candidate Submitted to NIST PQC
=
AVX2 30 times speed up:150 microseconds to 5 microseconds
_mm256_maddubs_epi16
1a 2a
1c
1b 2b
1 1 1 2 2c ab a b
μs
3rd Candidate Submitted to NIST PQC
1st Cryptanalysis of NIST PQC Candidate
Break DRS Scheme
1st Cryptanalysis of NIST PQC Candidate
statistical attack with deep learning
2rd Cryptanalysis of NIST PQC Candidate
Break HK17 Scheme
2rd Cryptanalysis of NIST PQC Candidate
3rd Cryptanalysis of NIST PQC Candidate
Break Compact-LWE Scheme
3rd Cryptanalysis of NIST PQC Candidate
LWE with structured noise
Attend ISO/IEC SC27 WG2 SD8
Attend the PQC project of ISO
Trends of PQC in China
20252018
Standardization
Theoretical Research of PQC:design & quantum computing cryptanalysis
2020
Application
Prototype
Thanks!
