sign in sign up
<<
Home , Steane code

Research on and Post- at Igor Sikorsky Kyiv Polytechnic Institute Kyiv, Ukraine

Mykhailo Stolovych Prof. Mykhailo Savchuk Prof. Andrii Fesenko Dariya Yadukha

September 21, 2020

Institute of Physics and Technology Department of Mathematical Methods of Information Security Quantum Computer

• Quantum computer utilizes quantum superposition, entanglement and other quantum-world effects to parallelize heavy computations. • Some hard (e.g. NPI) problems become easy in the quantum model of computations (Shor’s algorithm).

The Ghost of Quantum Computer • In 2019 IBM announced ”IBM Q System One” — the first commercial 20- quantum computer. • In 2019 Google claimed that quantum supremacy had been reached by its researchers on 53-qubit quantum computer. • In 2020 IBM has committed to having 1000-qubit quantum computer by 2023 while operating with a 65-qubit computer in the present time.

1 Colder than Interstellar Space

Figure 1: D-Wave2X 2 Igor Sikorsky Kyiv Polytechnic Institute

Institute of Physics and Technology: • 35 professors; • 47 associate professors; • 1500 students: • 330 students joined the program for bachelor degree (2020).

3 Department of Mathematical Methods of Information Security

Education • Educational program: Applied Mathematics • 140 present students, skilled both in math and computer science; • 9 post-graduates, involved in teaching and research; • in 2020: • 35 students joined the program for bachelor degree; • 15 students graduated as bachelors; • 12 students graduated as masters; • 1 student gained PhD grade.

Research Achievements • 24 finished R&D projects: • 5 of them are sponsored by state; • 19 of them are ordered by government agencies and commercial structures. • Technical and analytic consultation services: cryptography and information security fields. 4 Department of Mathematical Methods of Information Security

Main Results • Provable security against differential cryptanalysis; • Cryptographic analysis of post-quantum primitives; • Advanced techniques for pseudo-random generators’ analysis; • Lightweight cryptography & ARX-cryptosystems analysis.

5 Institute of Physics and Technology — Professional Certifications

• Academic programs: • trainees — students of universities; • instructors — faculty members; • Certifications: • EC-Council (CEH, CHFI); • Mile2; • ISACA.

6 Quantum Computing course (since 2019)

• Mathematical model of Quantum Computing, quantum gates; • Circuit model and basic quantum algorithms: Deutsch–Jozsa, Simon’s, Shor’s, Grover’s algorithms; • Quantum Fourier transform; • Hidden Subgroup Problem, Hidden Shit Problem, Generalized Hidden Shit Problem and other algebraic problems, Kuperberg’s algorithm; • codes: bit flip, sign flip, Shor’s code, Steane’s code, CSS codes, stabilizer codes, general codes; • , , quantum walk;

7 Quantum Computing course (since 2019)

: protocols BB84, E91, SARG04, COW, Ping-Pong, S09, S13 etc; • Quantum fingerprinting, cryptographic quantum hashing, quantum digital signatures (Gottesman-Chuang); • Quantum resource estimations for different cryptographic primitives, quantum complexity; • Quantum differential analysis, superposition attacks; • Using , ProjectQ, Q#.

8 Our researches Our researches

E-payment protocols • Analysis of Existing Quantum Money Protocols (2012) • Creation of a Quantum One-way Accumulator for Electronic Payments Protocols (2014)

Analysis of oracles • Comparative Analysis of Oracles in Quantum Computation Model (2014)

Lightweight cryptography • Analysis of the LW-cryptosystems to Known Plaintext Attack in Quantum Computation Model (2013)

9 Our researches

Symmetric key cryptography • Application of Quantum Simon and Bernstein-Vazirani Algorithms to Cryptanalysis of Generalized Feistel Networks (2019) • The Cost of Implementing the Kalyna Block Cipher as a (2020)

Post-quantum cryptography • Applying the Properties of Arithmetic Modulo a Generalized Mersenne Number for Creating Post-quantum Cryptographic Primitives (2018) • Development of Post-Quantum Secure Messaging System with Isogenies on Elliptic Curves (2019) • The Modification and Cryptanalysis of Quantum-resistant AJPS Family Primitives (2020) 10 Our researches

Non-commutative cryptography • Using of non-abelian groups as platform groups is considered as one of the ways to avoid quantum attacks using effective solution of Hidden Subgroup Problem. Security is based on Conjugacy Search Problem, Power Conjugacy Search Problem etc. • New generalized discrete logarithm problem was formulated (2014) • Quantum polynomial solution was found for this problem (2014) • That solution was used in attacks to break a few cryptographic primitives e.g. over finite non-commutative groups of the four-dimension vectors over the field (2019)

• A. V. Fesenko Complexity of hidden abelian group action problem in quantum computing // Eastern-European Journal of Enterprise Technologies 5 (4). — 2013. — pp. 45-49. 11 Our researches

• Andrey V. Fesenko Reduction of Known-Plaintext Attack on a Locally Commutative Cipher to Algebraic Problems in Classical and Quantum Computation Models // Journal of Automation and Information Sciences. — 2014. — Vol. 46. — Issue 6. — pp. 68-76. • A. V. Fesenko Vulnerability of Cryptographic Primitives Based on the Power Conjugacy Search Problem in Quantum Computing Models // Cybernetics and Systems Analysis. — 2014. — Vol. 50. — Issue 5. — pp. 815-816. • A. V. Fesenko Effective partial solution of the hidden abelian group action problem in quantum computing // Visnik of the Volodymyr Dahl East Ukrainian National University, 9(198) — 2013. — pp. 203-210. • A. V. Fesenko Reduction of the inversion of a piecewise-linear mapping problem to the hidden action on principal homogeneous space for abelian group // NaUKMA Research Papers. Computer Science, 163. — 2014. — pp. 42-48. 12 Our researches

• D. Yadukha Hamming Weight Bound for Additive Inverse Modulo Generalized Mersenne Number // Information Technologies and Computer Modelling. — 2018. — pp. 165-168. • D. Yadukha Restriction on the Public Key of the AJPS Cryptosystem // Theoretical and applied problems of physics, mathematics and computer science — 16 (2). — 2019 — pp. 81-83. • A. V. Fesenko, D. V. Yadukha Construction of attacks on the AJPS cryptosystem using the active attacker model // INTERNET-EDUCATION-SCIENCE — 11. — 2018. — pp. 193-195. • D. Yadukha Conditions for Efficient Decryption of Messages in the AJPS Cryptosystem // Intellectual Systems for Decision Making and Problems of Computational Intelligence. — 2018. — pp. 123-125. • D. V. Yadukha Application of Double Encryption in the AJPS cryptosystem // Mathematical Modeling and Simulation of Systems. — 13. — 2018. — pp. 284-288. 13 Our researches

• M. M. Savchuk, A. V. Fesenko Quantum Computing: Survey and Analysis // Cybernetics and Systems Analysis — 55 (1). — 2019. — pp. 10-21. • A. Fesenko, D. Yadukha The Necessary Security Requirements for the Values Used by the AJPS Cryptosystem // Theoretical and Applied Cybersecurity. — 1. — 2019. — pp. 31-36. • O. T. Shevchenko Quantum Cryptanalysis of Symmetric Ciphers Based on the Simon Algorithm // Theoretical and applied problems of physics, mathematics and computer science — 17 (2). — 2019 — pp. 104-107. • D. Yadukha Restriction on the Public Key of the AJPS Cryptosystem // POLIT. Challenges of Science Today. — 2. — 2019. — pp. 42-44. • D. Yadukha Requirements for Ciphertext of the AJPS-1 Cryptosystem // Science and Technology of the XXI Century. — 2019. — pp. 200-202. 14 Our researches

• Y. Hrubiian Isogenies of Edwards Curves in Cryptographic Applications // Theoretical and applied problems of physics, mathematics and computer science. — 18 (2). — 2020. — pp. 249-251. • A. Fesenko, D. Yadukha Estimation of the Hamming weight of the sum and multiplication modulo generalized Mersenne number // Theoretical and applied problems of physics, mathematics and computer science. — 18 (2). — 2020. — pp. 252-254. • A. Fesenko, D. Yadukha Forgery attack on the AJPS-2 cryptosystem using active attacker models // INTERNET-EDUCATION-SCIENCE. — 12. — 2020. — pp. 180-182. • A. Fesenko, D. Yadukha The Creation of Modification of Quantum-resistant AJPS-1 cryptosystem By Changing the Metric // Information Technologies and Computer Modelling. — 2020. — pp. 157-159. 15 Quantum-Resistant Cryptography Quantum-Resistant Cryptography

The goal of post-quantum (quantum-resistant) cryptography is to develop cryptosystems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.

Post-Quantum Cryptography Standardization (NIST) • Round 1 (November 2017 — January 2019) • Round 2 (January 2019 — July 2020) • Round 3 (Final) — since July 2020

16 Classification of post-quantum cryptosystems

• Lattice-based — cryptosystems based on lattice problems. Examples: NewHope, Round5, NTRUEncrypt • Multivariate polynomial cryptography — cryptosystems based on the difficulty of solving systems of multivariate polynomials over finite fields. Examples: MQDSS, Rainbow • Code-based cryptography — cryptosystems based on error-correcting codes. Examples: BIKE, Classic McEliece • Hash-based signatures — digital signatures constructed using hash functions. Examples: SPHINCS+, Gravity-SPHINCS • Other — a variety of cryptosystems, which do not fall into the above families: based on isogenies on supersingular elliptic curves, the conjugacy search problem and related problems in braid groups, etc. Examples: SIKE, WalnutDSA, Mersenne-756839.

17 NIST PQC — Round 3 (July 22, 2020)

Finalists PKE/KEM Signature CRYSTALS-KYBER CRYSTALS-DILITHIUM Lattice NTRU FALCON SABER Code-based Classic McEliece Multivariate Rainbow

Alternate candidates PKE/KEM Signature FrodoKEM Lattice NTRU Prime BIKE Code-based HQC Multivariate GeMSS Other SIKE Picnic

18 Mersenne-756839 (The AJPS cryptosystem)

A NewPublic-KeyCryptosystemviaMersenneNumbers D. Aggarwal, A. Joux, A. Prakash, M. Santha, November 2017

• AJPS-1 — bit-by-bit encryption; • AJPS-2 — encryption a message block; • AJPS-KEM — based on AJPS-2.

Main advantage: simplicity

Required familiarity argument: cryptosystem is based on arithmetic n modulo so called Mersenne numbers Mn = 2 − 1, n ∈ N.

19 Mersenne-756839 (The AJPS cryptosystem)

Mersenne Low Hamming Ratio Search Problem n Given an n-bit Mersenne number Mn = 2 − 1, an n-bit string H , and an integer h, find two n-bit strings F and G, each of Hamming weight at most h such that:

−1 H = G · F mod Mn.

Mersenne Low Hamming Combination Search Problem n For an n-bit Mersenne number Mn = 2 − 1 and an integer h, given tuple

(R; F · R + G mod Mn), where R is a uniformly random n-bit string and F, G have Hamming weight h, find F, G.

20 Mersenne-756839 (The AJPS cryptosystem)

1. Cryptanalysis of AJPS-1: • restrictions of cryptosystem public and secret keys; • ciphertext requirements; • forgery attack. 2. Cryptanalysis of AJPS-2: • restrictions of cryptosystem secret key; • forgery attack. 3. Modification of AJPS-1 by changing the metric. 4. The creation of modifications of AJPS-1 and AJPS-2 by changing the class of numbers, which is used in the cryptosystems as a module: n m • Generalized Mersenne numbers GMn,m = 2 − 2 − 1 n, m ∈ N; n • Crandall numbers CRn,c = 2 − c; n, c ∈ N.

21 Application of Edwards Curves to SIDH

SIDH (Supersingular Isogeny Diffie-Hellman) — key-exchange scheme proposed in 2011 by De Feo and Plut that is supposed to be secure even against adversaries with quantum computers.

• SIDH heavily uses the theory of isogenies of elliptic curves over finite fields. • SIDH is the basis for SIKE key encapsulation mechanism — one of the competitors in NIST PQC standardization process. • SIDH-based mechanisms tends to have the shortest public keys among all post-quantum algorithms.

22 Application of Edwards Curves to SIDH

Our contribution:

• The application of Edwards curves aims to make implementations of Isogeny-based cryptography faster and safer since arithmetic formulae are faster than in Weierstrass curves. • It has been originally proposed to use 3 and 4-isogenies, but we have shown that it might become a problem since the group of

Fp2 -rational points contains irrational points of order 2 that are needed to be treated separately during implementations. • We have proposed to use odd-degree isogenies (3 and 5) to overcome these issues and make implementations more efficient.

23 Thank you for your attention!

Questions?

23