DOCSLIB.ORG

The Impact of Quantum Computing on Present Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 9, No. 3, 2018 The Impact of Quantum Computing on Present Cryptography Vasileios Mavroeidis, Kamer Vishi, Mateusz D. Zych, Audun Jøsang Department of Informatics, University of Oslo, Norway Email(s): fvasileim, kamerv, mateusdz, josangg@ifi.uio.no Abstract—The aim of this paper is to elucidate the impli- challenge of building a true quantum computer. Furthermore, cations of quantum computing in present cryptography and we introduce two important quantum algorithms that can to introduce the reader to basic post-quantum algorithms. In have a huge impact in asymmetric cryptography and less in particular the reader can delve into the following subjects: present symmetric, namely Shor’s algorithm and Grover’s algorithm cryptographic schemes (symmetric and asymmetric), differences respectively. Finally, post-quantum cryptography is presented. between quantum and classical computing, challenges in quantum Particularly, an emphasis is given on the analysis of quantum computing, quantum algorithms (Shor’s and Grover’s), public key encryption schemes affected, symmetric schemes affected, the im- key distribution and some mathematical based solutions such pact on hash functions, and post quantum cryptography. Specif- as lattice-based cryptography, multivariate-based cryptography, ically, the section of Post-Quantum Cryptography deals with hash-based signatures, and code-based cryptography. different quantum key distribution methods and mathematical- based solutions, such as the BB84 protocol, lattice-based cryptog- II. PRESENT CRYPTOGRAPHY raphy, multivariate-based cryptography, hash-based signatures and code-based cryptography. In this chapter we explain briefly the role of symmetric algorithms, asymmetric algorithms and hash functions in mod- Keywords—quantum computers; post-quantum cryptography; Shor’s algorithm; Grover’s algorithm; asymmetric cryptography; ern cryptography. We analyze the difficulty of factorizing large symmetric cryptography numbers, as well as the discrete logarithm problem which is the basis of strong asymmetric ciphers. I. INTRODUCTION A. Symmetric Cryptography There is no doubt that advancements in technology and particularly electronic communications have become one of In symmetric cryptography, the sender and the receiver use the main technological pillars of the modern age. The need the same secret key and the same cryptographic algorithm to for confidentiality, integrity, authenticity, and non-repudiation encrypt and decrypt data. For example, Alice can encrypt a in data transmission and data storage makes the science of plaintext message using her shared secret key and Bob can cryptography one of the most important disciplines in infor- decrypt the message using the same cryptographic algorithm mation technology. Cryptography, etymologically derived from Alice used and the same shared secret key. The key needs to the Greek words hidden and writing, is the process of securing be kept secret, meaning that only Alice and Bob should know data in transit or stored by third party adversaries. There are it; therefore, an efficient way for exchanging secret keys over two kinds of cryptosystems; symmetric and asymmetric. public networks is demanded. Asymmetric cryptography was introduced to solve the problem of key distribution in sym- Quantum computing theory firstly introduced as a concept metric cryptography. Popular symmetric algorithms include the in 1982 by Richard Feynman, has been researched extensively advanced encryption standard (AES) and the data encryption and is considered the destructor of the present modern asym- standard (3DES). arXiv:1804.00200v1 [cs.CR] 31 Mar 2018 metric cryptography. In addition, it is a fact that symmetric cryptography can also be affected by specific quantum algo- B. Asymmetric Cryptography rithms; however, its security can be increased with the use of larger key spaces. Furthermore, algorithms that can break Asymmetric cryptography or public key cryptography the present asymmetric cryptoschemes whose security is based (PKC) is a form of encryption where the keys come in pairs. on the difficulty of factorizing large prime numbers and the Each party should have its own private and public key. For discrete logarithm problem have been introduced. It appears instance, if Bob wants to encrypt a message, Alice would that even elliptic curve cryptography which is considered send her public key to Bob and then Bob can encrypt the presently the most secure and efficient scheme is weak against message with Alice’s public key. Next, Bob would transmit quantum computers. Consequently, a need for cryptographic the encrypted message to Alice who is able to decrypt the algorithms robust to quantum computations arose. message with her private key. Thus, we encrypt the message with a public key and only the person who owns the private The rest of the paper deals initially with the analysis of key can decrypt the message. symmetric cryptography, asymmetric cryptography and hash functions. Specifically, an emphasis is given on algorithms Asymmetric cryptography additionally is used for digital that take advantage of the difficulty to factorize large prime signatures. For example, Alice can sign a document digitally numbers, as well as the discrete logarithm problem. We move with her private key and Bob can verify the signature with on by giving an introduction to quantum mechanics and the Alice’s known public key. The security of PKC rests on www.ijacsa.thesai.org 1 j P a g e (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 9, No. 3, 2018 computational problems such as the difficulty of factorizing in superposition acts on both values at the same time. Another large prime numbers and the discrete logarithm problem. Such physical phenomenon used in quantum computing is quantum kind of algorithms are called one-way functions because they entanglement. When two qubits are entangled their quantum are easy to compute in one direction but the inversion is state can no longer be described independently of each other, difficult [1]. but as a single object with four different states. In addition, if one of the two qubits state change the entangled qubit will 1) Factorization Problem - RSA Cryptosystem: One of change too regardless of the distance between them. This leads the most important public-key schemes is RSA invented by to true parallel processing power [5]. The combination of the Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977. aforementioned phenomena result in exponential increase in RSA exploits the difficulty of factorizing bi-prime numbers. the number of values that can be processed in one operation, According to Paar and Pelzl [2], RSA and in general asymmet- when the number of entanglement qubits increase. Therefore, ric algorithms are not meant to replace symmetric algorithms a n-qubit quantum computer can process 2n operations in because they are computationally costly. RSA is mainly used parallel. for secure key exchange between end nodes and often used together with symmetric algorithms such as AES, where the Two kinds of quantum computers exists; universal and symmetric algorithm does the actual data encryption and de- non-universal. The main difference between the two is that cryption. Kirsch [3] stated that RSA is theoretically vulnerable universal quantum computers are developed to perform any if a fast factorizing algorithm is introduced or huge increase given task, whereas non-universal quantum computers are in computation power can exist. The latter can be achieved developed for a given purpose (e.g., optimization of machine with the use of quantum mechanics on computers, known as learning algorithms). Examples are, D-Wave’s 2000+ qubits quantum-computers. non-universal quantum computer [6] and IBM’s 17 qubits universal quantum computer with proper error correction. 2) Discrete Logarithm Problem (DLP): Asymmetric cryp- IBM’s quantum computer is currently the state of the art tographic systems such as Diffie-Hellman (DH) and Elliptic of universal quantum computers [7]. Both D-Wave and IBM Curve Cryptography (ECC) are based on DLP. The difficulty have quantum computers accessible online for research pur- of breaking these cryptosystems is based on the difficulty r poses. Additionally, in October 2017, Intel in collaboration in determining the integer r such that g = x mod p. The with QuTech announced their 17-qubits universal quantum integer r is called the discrete logarithm problem of x to the computer [7]. base g, and we can write it as r = logg x mod p. The discrete logarithm problem is a very hard problem to compute if the Bone and Castro [8] stated that a quantum computer is parameters are large enough. completely different in design than a classical computer that uses the traditional transistors and diodes. Researchers have Diffie-Hellman is an asymmetric cipher that uses the afore- experimented with many different designs such as quantum mentioned property to transmit keys securely over a public dots which are basically electrons being in a superposition network. Recently, keys larger or equal to 2048 bits are state, and computing liquids. Besides, they remarked that recommended for secure key exchange. In addition, another quantum computers can show their superiority over the clas- family of public key algorithms known as Elliptic Curve sical computers only when used with algorithms that exploit Cryptography is extensively used. ECC provides the same the power
Recommended publications
  • Etsi Gr Qsc 001 V1.1.1 (2016-07)

    Etsi Gr Qsc 001 V1.1.1 (2016-07)

    ETSI GR QSC 001 V1.1.1 (2016-07) GROUP REPORT Quantum-Safe Cryptography (QSC); Quantum-safe algorithmic framework 2 ETSI GR QSC 001 V1.1.1 (2016-07) Reference DGR/QSC-001 Keywords algorithm, authentication, confidentiality, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
  • Quantum Computing Overview

    Quantum Computing Overview

    Quantum Computing at Microsoft Stephen Jordan • As of November 2018: 60 entries, 392 references • Major new primitives discovered only every few years. Simulation is a killer app for quantum computing with a solid theoretical foundation. Chemistry Materials Nuclear and Particle Physics Image: David Parker, U. Birmingham Image: CERN Many problems are out of reach even for exascale supercomputers but doable on quantum computers. Understanding biological Nitrogen fixation Intractable on classical supercomputers But a 200-qubit quantum computer will let us understand it Finding the ground state of Ferredoxin 퐹푒2푆2 Classical algorithm Quantum algorithm 2012 Quantum algorithm 2015 ! ~3000 ~1 INTRACTABLE YEARS DAY Research on quantum algorithms and software is essential! Quantum algorithm in high level language (Q#) Compiler Machine level instructions Microsoft Quantum Development Kit Quantum Visual Studio Local and cloud Extensive libraries, programming integration and quantum samples, and language debugging simulation documentation Developing quantum applications 1. Find quantum algorithm with quantum speedup 2. Confirm quantum speedup after implementing all oracles 3. Optimize code until runtime is short enough 4. Embed into specific hardware estimate runtime Simulating Quantum Field Theories: Classically Feynman diagrams Lattice methods Image: Encyclopedia of Physics Image: R. Babich et al. Break down at strong Good for binding energies. coupling or high precision Sign problem: real time dynamics, high fermion density. There’s room for exponential
  • Key Concepts for Future QIS Learners Workshop Output Published Online May 13, 2020

    Key Concepts for Future QIS Learners Workshop Output Published Online May 13, 2020

    Key Concepts for Future QIS Learners Workshop output published online May 13, 2020 Background and Overview On behalf of the Interagency Working Group on Workforce, Industry and Infrastructure, under the NSTC Subcommittee on Quantum Information Science (QIS), the National Science Foundation invited 25 researchers and educators to come together to deliberate on defining a core set of key concepts for future QIS learners that could provide a starting point for further curricular and educator development activities. The deliberative group included university and industry researchers, secondary school and college educators, and representatives from educational and professional organizations. The workshop participants focused on identifying concepts that could, with additional supporting resources, help prepare secondary school students to engage with QIS and provide possible pathways for broader public engagement. This workshop report identifies a set of nine Key Concepts. Each Concept is introduced with a concise overall statement, followed by a few important fundamentals. Connections to current and future technologies are included, providing relevance and context. The first Key Concept defines the field as a whole. Concepts 2-6 introduce ideas that are necessary for building an understanding of quantum information science and its applications. Concepts 7-9 provide short explanations of critical areas of study within QIS: quantum computing, quantum communication and quantum sensing. The Key Concepts are not intended to be an introductory guide to quantum information science, but rather provide a framework for future expansion and adaptation for students at different levels in computer science, mathematics, physics, and chemistry courses. As such, it is expected that educators and other community stakeholders may not yet have a working knowledge of content covered in the Key Concepts.
  • A Quantitative Study of Advanced Encryption Standard Performance

    A Quantitative Study of Advanced Encryption Standard Performance

    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
  • On the Efficiency of the Lamport Signature Scheme

    On the Efficiency of the Lamport Signature Scheme

    Technical Sciences 275 ON THE EFFICIENCY OF THE LAMPORT SIGNATURE SCHEME Daniel ZENTAI Óbuda University, Budapest, Hungary [email protected] ABSTRACT Post-quantum (or quantum-resistant) cryptography refers to a set of cryptographic algorithms that are thought to remain secure even in the world of quantum computers. These algorithms are usually considered to be inefficient because of their big keys, or their running time. However, if quantum computers became a reality, security professionals will not have any other choice, but to use these algorithms. Lamport signature is a hash based one-time digital signature algorithm that is thought to be quantum-resistant. In this paper we will describe some simulation results related to the efficiency of the Lamport signature. KEYWORDS: digital signature, post-quantum cryptography, hash functions 1. Introduction This paper is organized as follows. Although reasonable sized quantum After this introduction, in chapter 2 we computers do not exist yet, post quantum describe some basic concepts and definition cryptography (Bernstein, 2009) became an related to the security of hash functions. important research field recently. Indeed, Also, we describe the Lamport one-time we have to discover the properties of these signature algorithm. In chapter 3 we algorithms before quantum computers expound our simulation results related to become a reality, namely suppose that we the efficiency of the Lamport signature. use the current cryptographic algorithms for The last chapter summarizes our work. x more years, we need y years to change the most widely used algorithms and update 2. Preliminaries our standards, and we need z years to build In this chapter the basic concepts and a quantum-computer.
  • Quantum Clustering Algorithms

    Quantum Clustering Algorithms

    Quantum Clustering Algorithms Esma A¨ımeur [email protected] Gilles Brassard [email protected] S´ebastien Gambs [email protected] Universit´ede Montr´eal, D´epartement d’informatique et de recherche op´erationnelle C.P. 6128, Succursale Centre-Ville, Montr´eal (Qu´ebec), H3C 3J7 Canada Abstract Multidisciplinary by nature, Quantum Information By the term “quantization”, we refer to the Processing (QIP) is at the crossroads of computer process of using quantum mechanics in order science, mathematics, physics and engineering. It con- to improve a classical algorithm, usually by cerns the implications of quantum mechanics for infor- making it go faster. In this paper, we initiate mation processing purposes (Nielsen & Chuang, 2000). the idea of quantizing clustering algorithms Quantum information is very different from its classi- by using variations on a celebrated quantum cal counterpart: it cannot be measured reliably and it algorithm due to Grover. After having intro- is disturbed by observation, but it can exist in a super- duced this novel approach to unsupervised position of classical states. Classical and quantum learning, we illustrate it with a quantized information can be used together to realize wonders version of three standard algorithms: divisive that are out of reach of classical information processing clustering, k-medians and an algorithm for alone, such as being able to factorize efficiently large the construction of a neighbourhood graph. numbers, with dramatic cryptographic consequences We obtain a significant speedup compared to (Shor, 1997), search in a unstructured database with a the classical approach. quadratic speedup compared to the best possible clas- sical algorithms (Grover, 1997) and allow two people to communicate in perfect secrecy under the nose of an 1.
  • Outline One-Time Signatures One-Time Signatures Lamport's

    Outline One-Time Signatures One-Time Signatures Lamport's

    Advanced Security Outline § One-Time Signatures Constructions • Lamport’s signature and Key Management • Improved signature constructions • Merkle-Winternitz Signature § Efficient Authenticators (amortize signature) Class 16 • One-way chains (self-authenticating values) • Chained hashes • Merkle Hash Trees § Applications • Efficient short-lived certificates, S/Key • Untrusted external storage • Stream signatures (Gennaro, Rohatgi) § Zhou & Haas’s key distribution One-Time Signatures One-Time Signatures § Use one -way functions without trapdoor § Challenge: digital signatures expensive § Efficient for signature generation and for generation and verification verification § Caveat: can only use one time § Goal: amortize digital signature § Example: 1-bit one-time signature • P0, P1 are public values (public key) • S0, S1 are private values (private key) S0 P0 S0 S0’ P S1 P1 S1 S1’ Lamport’s One-Time Signature Improved Construction I § Uses 1-bit signature construction to sign multiple bits § Uses 1-bit signature construction to sign multiple bits Sign 0 S0 S0’ S0’’ S0* Private values S0 S0’ S0’’ S0* c0 c0’ c0* P0 P0’ P0’’ P0* … … … Public values P0 P0’ P0’’ P0* p0 p0’ p0* P1 P1’ P1’’ P1* Bit 0 Bit 1 Bit 2 Bit n Bit 0 Bit 1 Bit log(n) Sign 1 S1 S1’ S1’’ S1* Private values Sign message Checksum bits: encode Bit 0 Bit 1 Bit 2 Bit n # of signature bits = 0 1 Improved Construction II Merkle-Winternitz Construction § Intuition: encode sum of checksum chain § Lamport signature has high overhead Signature S0 S1 S2 S3 § Goal: reduce size of public
  • A Survey on Post-Quantum Cryptography for Constrained Devices

    A Survey on Post-Quantum Cryptography for Constrained Devices

    International Journal of Applied Engineering Research ISSN 0973-4562 Volume 14, Number 11 (2019) pp. 2608-2615 © Research India Publications. http://www.ripublication.com A Survey on Post-Quantum Cryptography for Constrained Devices Kumar Sekhar Roy and Hemanta Kumar Kalita Abstract Quantum Computer” [1]. Shor’s algorithm can solve integer The rise of Quantum computers in the recent years have given factorization problem as well as discrete logarithm problem a major setback to classical and widely used cryptography used by RSA as well as ECC respectively in polynomial time schemes such as RSA(Rivest-Shamir-Adleman) Algorithm using a sufficiently large Quantum Computer. Thus making the and ECC (Elliptic Curve Cryptography). RSA and ECC use of cryptosystems based on integer factorization problem as depends on integer factorization problem and discrete well as discrete logarithm problem obsolete. This current logarithm problem respectively, which can be easily solved by advances has raised a genuine need for development of Quantum Computers of sufficiently large size running the cryptosystems which could serve as viable replacement for infamous Shor’s Algorithm. Therefore cryptography schemes traditionally used cryptosystems which are vulnerable to which are difficult to solve in both traditional as well as quantum computer based attacks. Since the arrival of IoT, the Quantum Computers need to be evaluated. In our paper we Cyber security scenario has entirely shifted towards security provide a rigorous survey on Post-Quantum Cryptography schemes which are lightweight in terms of computational schemes and emphasize on their applicability to provide complexity, power consumption, memory consumption etc. security in constrained devices. We provide a detailed insight This schemes also need to be secure against all known attacks.
  • NSS: an NTRU Lattice –Based Signature Scheme

    NSS: an NTRU Lattice –Based Signature Scheme

    ISSN(Online) : 2319 - 8753 ISSN (Print) : 2347 - 6710 International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 4, Issue 4, April 2015 NSS: An NTRU Lattice –Based Signature Scheme S.Esther Sukila Department of Mathematics, Bharath University, Chennai, Tamil Nadu, India ABSTRACT: Whenever a PKC is designed, it is also analyzed whether it could be used as a signature scheme. In this paper, how the NTRU concept can be used to form a digital signature scheme [1] is described. I. INTRODUCTION Digital Signature Schemes The notion of a digital signature may prove to be one of the most fundamental and useful inventions of modern cryptography. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. The creator of a message can attach a code, the signature, which guarantees the source and integrity of the message. A valid digital signature gives a recipient reason to believe that the message was created by a known sender and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions etc. Digital signatures are equivalent to traditional handwritten signatures. Properly implemented digital signatures are more difficult to forge than the handwritten type. 1.1A digital signature scheme typically consists of three algorithms A key generationalgorithm, that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm, that given a message and a private key produces a signature.
  • The Twin Diffie-Hellman Problem and Applications

    The Twin Diffie-Hellman Problem and Applications

    The Twin Diffie-Hellman Problem and Applications David Cash1 Eike Kiltz2 Victor Shoup3 February 10, 2009 Abstract We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem — this is a feature not enjoyed by the Diffie-Hellman problem in general. Specifically, we show how to build a certain “trapdoor test” that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman’s non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.
  • Blind Schnorr Signatures in the Algebraic Group Model

    Blind Schnorr Signatures in the Algebraic Group Model

    An extended abstract of this work appears in EUROCRYPT’20. This is the full version. Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model Georg Fuchsbauer1, Antoine Plouviez2, and Yannick Seurin3 1 TU Wien, Austria 2 Inria, ENS, CNRS, PSL, Paris, France 3 ANSSI, Paris, France first.last@{tuwien.ac.at,ens.fr,m4x.org} January 16, 2021 Abstract. The Schnorr blind signing protocol allows blind issuing of Schnorr signatures, one of the most widely used signatures. Despite its practical relevance, its security analysis is unsatisfactory. The only known security proof is rather informal and in the combination of the generic group model (GGM) and the random oracle model (ROM) assuming that the “ROS problem” is hard. The situation is similar for (Schnorr-)signed ElGamal encryption, a simple CCA2-secure variant of ElGamal. We analyze the security of these schemes in the algebraic group model (AGM), an idealized model closer to the standard model than the GGM. We first prove tight security of Schnorr signatures from the discrete logarithm assumption (DL) in the AGM+ROM. We then give a rigorous proof for blind Schnorr signatures in the AGM+ROM assuming hardness of the one-more discrete logarithm problem and ROS. As ROS can be solved in sub-exponential time using Wagner’s algorithm, we propose a simple modification of the signing protocol, which leaves the signatures unchanged. It is therefore compatible with systems that already use Schnorr signatures, such as blockchain protocols. We show that the security of our modified scheme relies on the hardness of a problem related to ROS that appears much harder.
  • Quantum Computing: Principles and Applications

    Quantum Computing: Principles and Applications

    Journal of International Technology and Information Management Volume 29 Issue 2 Article 3 2020 Quantum Computing: Principles and Applications Yoshito Kanamori University of Alaska Anchorage, [email protected] Seong-Moo Yoo University of Alabama in Huntsville, [email protected] Follow this and additional works at: https://scholarworks.lib.csusb.edu/jitim Part of the Communication Technology and New Media Commons, Computer and Systems Architecture Commons, Information Security Commons, Management Information Systems Commons, Science and Technology Studies Commons, Technology and Innovation Commons, and the Theory and Algorithms Commons Recommended Citation Kanamori, Yoshito and Yoo, Seong-Moo (2020) "Quantum Computing: Principles and Applications," Journal of International Technology and Information Management: Vol. 29 : Iss. 2 , Article 3. Available at: https://scholarworks.lib.csusb.edu/jitim/vol29/iss2/3 This Article is brought to you for free and open access by CSUSB ScholarWorks. It has been accepted for inclusion in Journal of International Technology and Information Management by an authorized editor of CSUSB ScholarWorks. For more information, please contact [email protected]. Journal of International Technology and Information Management Volume 29, Number 2 2020 Quantum Computing: Principles and Applications Yoshito Kanamori (University of Alaska Anchorage) Seong-Moo Yoo (University of Alabama in Huntsville) ABSTRACT The development of quantum computers over the past few years is one of the most significant advancements in the history of quantum computing. D-Wave quantum computer has been available for more than eight years. IBM has made its quantum computer accessible via its cloud service. Also, Microsoft, Google, Intel, and NASA have been heavily investing in the development of quantum computers and their applications.