100% found this document useful (1 vote)

227 views564 pages

Quantum Computers and Quantum Secure Communication

Uploaded by

Antra Pramanik

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

227 views564 pages

Quantum Computers and Quantum Secure Communication

Uploaded by

Antra Pramanik

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 564

Quantum Computers and

Quantum Secure Communications

SoSe20
950488885

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Presentation and Motivation

Description

Organization of the Course

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

PRESENTATION AND MOTIVATION

Q(CaSC) / Johanna Sepúlveda 3

Motivation

Johanna Sepúlveda
UNIVERSITY OF SOUTH BRITTANY, France
2013: Post-Doctoral Researcher

UNIVERSITY OF LYON, France

NATIONAL UNIVERSITY OF COLOMBIA, Colombia 2014: Post-Doctoral Researcher
2004: Diploma Summa Cum Laude in Electrical Engineering
(1st place)
TECHNICAL UNIVERSITY OF MUNICH, Germany
2015: Post-Doctoral Researcher

AIRBUS DEFENCE AND SPACE, Germany

AREAS OF RESEARCH: 2019: Senior Scientist Secure Communication
Expert on Post-Quantum Security
• Embedded system design
• System-on-Chip (SoC) design
• Embedded Security
• Multi-processor SoCs (MPSoCs) UNIVERSITY OF SÃO PAULO, Brazil
security (Network-on-Chip) Polytechnic School
2006: M.Sc. in Electrical Engineering (1st place)
• New technologies for MPSoCs
2011: Ph.D. in Electrical Engineering – Microelectronics (1st place)
2012: Post-Doctoral Researcher/ External Professor
• MPSoC security for critical systems
• Post-quantum security

Q(CaSC) / Johanna Sepúlveda 4

Motivation

Johanna Sepúlveda

 More than 9 years in the research area of Post-Quantum

security

 Build the TUM Post-Quantum security area since 2015

 Habilitation at TUM
“Secure and Efficient Post-quantum Security”

 TUM lecturer of Quantum Computing and Quantum Secure

Communication

Q(CaSC) / Johanna Sepúlveda 5

Motivation

Post-Quantum together with my TUM Students

(Master thesis Advisor)
Best Paper award VLSISoC
2018

More than 20 publications on PQC

Walter Gademann Prize for the best Mint Prize for the best Master Thesis 2019
Master Thesis at TUM Post-Quantum
(2018) Q(CaSC) / Johanna Sepúlveda 6
Motivation

Post-Quantum together with my TUM Students

Q(CaSC) / Johanna Sepúlveda 7

Section 1

FIRST CONTACT

Q(CaSC) / Johanna Sepúlveda 8

Motivation
Topics of the Lecture: Quantum Computers

Q(CaSC) / Johanna Sepúlveda 9

Motivation
Topics of the Lecture: Security Threat
Today traditional
Factoring large integers
cryptography
Computing discrete logarithms
is considered secure
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel
Attacker

Quantum
In the future, traditional public key Threat
cryptography
will be broken by large Quantum
computers
Q(CaSC) / Johanna Sepúlveda 10
Motivation
Topics of the Lecture: QKD and PQC
RSA ECC

Key Length qubits Key Length qubits

1024 2048 163 1000

140
2048 4096 224 1300
3072 6144 256 1500
120
4096 8192 383 2300
15360 30720 Superconductors
512 3000
100
Quantum secure communications are required Ion Trap
Spin
PHYSICAL QUBITS

80
1. Quantum Key Distribution (QKD)
Neutral atoms
60
Quantum Channels

40 2. Post-Quantum Cryptography (PQC)

Traditional Infrastructure
0
1995 2000 2005 2010 2015 2020 2025

Physical qubits ≠ Operational qubits

Q(CaSC) / Johanna Sepúlveda 11
Topics of the Lecture: PQC

Post-Quantum Cryptography Distribute

Key
Classical Network Encrypt
Decrypt
Sign
Verify

Algorithms used to secure messages on a classical computer and that are

resistant to traditional computer attacks AND quantum computer attacks

Code Hash Multivariate Isogeny Lattice

Q(CaSC) / Johanna Sepúlveda 12

Long Term Security
0 5 10 15 20 25 30

Life cycle of the product

(Years)

Expose industry and

products to attacks

Post-Quantum Security
Integration Process IonQ’s 79 qubits Quantum Processor
Q(CaSC) / Johanna Sepúlveda 13
Motivation
Topics of the Lecture: In a nut shell
Quantum Computer

Quantum Secure Communication

QKD PQC
Quantum-Key Distribution Post-Quantum Cryptography
Q(CaSC) / Johanna Sepúlveda 14
Motivation

Quantum Computers and Quantum Secure

Communications

Standardization efforts
Be part of security history

Interesting topic

Excellent experts are required

Q(CaSC) / Johanna Sepúlveda 15
Motivation

Airbus: More than Aircrafts

Since 2019

Q(CaSC) / Johanna Sepúlveda 16

Section 2

DESCRIPTION

Q(CaSC) / Johanna Sepúlveda 17

Description

Learning Objective
At the end of this module, students

1) are able to understand the basic concepts of quantum computers and quantum
secure communication;

2) are familiar with quantum and post-quantum algorithms;

3) understand the vulnerabilities of post-quantum cryptography implementations;

4) can evaluate the security and performance of Post-Quantum cryptographic

implementations; and

5) can apply security countermeasures to post-quantum cryptographic

implementations.

Theory
Q(CaSC) / Johanna Sepúlveda 18
Description

Ways of working: QCQSC

Lecture
 Physical: At TUM (face to face)
 Virtual: Lectures will have a video, so you can attend asynchronous
(look the lecture when you want)
 Virtual: Some synchronous session for discussion (scheduled)

Videos of the lecture (released weekly)

• Available on the Moodle page of the course; and
• ONLY for the enrolled students (do not share without permission)

Additional material (Moodle)

• Articles, exercises, links
Q(CaSC) / Johanna Sepúlveda 19
Description

Ways of working: QCQSC

Lecture Organization (3 hour lecture)

 Forum (Moodle):
The topic of the
week, share news
 Presentation
 Live streaming
(Google Hangout)

 Reading articles
 Using quantum emulators and online tools (e.g., IBM)
 Answering questions
 Watch additional educational material
* Time distribution of the activities may change according to the topic of the lecture
Q(CaSC) / Johanna Sepúlveda 20
Description

Ways of working: QCQSC

Tools for our communication

Lecture is open to
Email list of the course and Contact to me suggestions: Together
we make the course

Interactive questions

Course forum and repository

https://www.menti.com/
Q(CaSC) / Johanna Sepúlveda 21
Description

Contact

Johanna Sepúlveda

Email: [email protected]
(Questions, requests, schedule appointment)
Expected answer from 10 min to 7 hrs
24h/7

Q(CaSC) / Johanna Sepúlveda 22

Description

Grading (5 credits)

Final exam = 100% of the grade

Oral if we are less than 15 students
Otherwise will be written

OPTIONAL:

Bonus points (0.3)

 Exercises and Demonstrations
 Presentation/Poster (15 min)
• Topic defined by myself
• Student should request the topic until May 20th

Q(CaSC) / Johanna Sepúlveda 23

Description

Requirements
 Willing to learn
 Basic concepts of security
• Symmetric/asymmetric cryptography, hash
 Basic concepts on embedded software programming
 Basic knowledge of computer architecture
• Components, memory hierarchy, communication
structure

OPTIONAL
 Advance knowledge of computer architecture
 Optimization techniques for embedded programming
 Secure implementation of cryptographic algorithms

Q(CaSC) / Johanna Sepúlveda 24

Description

References
 Online books
• Post-Quantum Cryptography
Daniel Bernstein, Johannes Buchmann, Erik Dahmen
• An Introduction to Mathematical Cryptography
Jeffrey Hoffstein, Jill Pipher, Joseph Silverman, ISBN: 978-1-4939-1711

 Online Articles (Springer, IEEE, IACR)

 Videos

 NIST (https://csrc.nist.gov/projects/post-quantum-cryptography)

 ETSI (https://www.etsi.org/technologies/quantum-key-distribution)

Q(CaSC) / Johanna Sepúlveda 25

They will be pointed at the end of each lecture

 Optional
 Mandatory

Goal of the further reading activities / exercises

 Prepare for the next lecture; or
 Complement the current lecture; or
 Practical experience of the learnt during the lecture

Polls and on-line questionnaires (optional but recommended)

 Give bonus points
 Prepare to the final exam

Q(CaSC) / Johanna Sepúlveda 26

Section 3

ORGANIZATION OF THE COURSE

Q(CaSC) / Johanna Sepúlveda 27

Organization

Blocks of the Course

Quantum Quantum Post-Quantum

Computers Communication Cryptography
(QKD)
Basic Principles Main Principles
Evolution Main Principles Families and Types
Structure Structure Main Components
Types Types Standard
Programming Standard Secure implementation
Security threat Use cases Use cases

Q(CaSC) / Johanna Sepúlveda 28

Section 4

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 29

Feedback of the lecture (Menti)

Q(CaSC) / Johanna Sepúlveda 30

Summary
Today we:

 Have our first contact and now we are connected

 Discuss the learning objective, ways of working and grading

of the lecture

We are ready to start … Quantum

Computers
Basic Principles
Next lecture: Quantum Computer principles Evolution
Structure
Types
Programming
Security threat
Q(CaSC) / Johanna Sepúlveda 31
Recommended Material (optional)

Basic knowledge to prepare for the next lecture (Recommended for the students
that have no heard before quantum computers)

Introduction to Quantum Computers

Friendly Lecture (Pages 1 -23)
Approx. 30-45 min reading
https://courses.csail.mit.edu/6.857/2019/files/NAE-report-on-quantum-computing.pdf

Q(CaSC) / Johanna Sepúlveda

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

2. Quantum Computer Basics

Q(CaSC) / Johanna Sepúlveda 2

Goal Today‘s Lecture

Summary of Previous Lecture

Quantum Computer Need

Basic Quantum Principles

Quantum Computer Principles

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 3
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 4

Summary

L1: Introduction – Learning Objectives

UNDERSTAND

QKD
Quantum-Key Distribution

FAMILIAR
PQC
Quantum Computer Post-Quantum Cryptography

UNDERSTAND (vulnerabilities)
EVALUATE (security and performance)
APPLY (security countermeasures)

5
Q(CaSC) / Johanna Sepúlveda 5
We are Ready to Start..

Quantum
Computers
Basic Principles
Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 6

Section 2

THE BEGINNING:
QUANTUM COMPUTER NEED

Q(CaSC) / Johanna Sepúlveda 7

Need
Motivation

Computer Organization
Memories
Processor(s)

Communication
Software
structure
(buses, networks)

Interfaces
Peripherals

Machine used to process, store and communicate information

Q(CaSC) / Johanna Sepúlveda 8
Need
Motivation

Computer Organization
Processor

Datapath Memory
Bus
Registers

Address
Control Data
Unit Control

ALU

Interfaces Co-processors

Q(CaSC) / Johanna Sepúlveda 9

Need
Motivation

Integrated Circuits

Transistor Wires

Gates
Q(CaSC) / Johanna Sepúlveda 10
Need
Motivation

Systems-on-Chips (SoCs): Small

Q(CaSC) / Johanna Sepúlveda 11

Need
Motivation

Systems-on-Chips (SoCs): Medium

Q(CaSC) / Johanna Sepúlveda 12

Need
Motivation

Systems-on-Chips (SoCs): Large

Hardware Software

Computation
Structure
Processors,
Memories,
Peripherals

Communication
Structure
Network-on-Chip (NoC) Tile-MX100(www.eetimes.com)

Q(CaSC) / Johanna Sepúlveda 13

Need
Motivation

Moore Law (1965)

The number of transistors in a chip doubles almost every two years

Since 2014, it doubles every three years

Q(CaSC) / Johanna Sepúlveda 14

Need
Motivation

More than Moore

Reshaping New SoC organization
Transistors

FinFet

Silicon nanosheet

New
Technologies

3D SoC Stacking
Carbon Nanotubes
Q(CaSC) / Johanna Sepúlveda 15
Shulaker et al. Monolithic 3D integration: A path from concept to reality. DATE 2015
Need
Motivation

Evolution of Computation

Classical and Quantum computers will co-exist

Sycamore
2019

Q(CaSC) / Johanna Sepúlveda 16

Need
Motivation

Evolution of Computation
Processors
P (e.g. Intel AVX)
Neuromorphic
ASIC ASIC u Microcontroller cPros: Processors
(Application Specific Integrated Circuit) C ▪ Programmable (e.g. Intel Loihi)
(e.g. ARM Cortex-M) ▪ Low unit cost Pros:
Pros: ▪ Manycore
Pros: architecture ▪ Programmable
▪ Fast and easy development ▪ On-memory
▪ Low unit cost ▪ Advance features
▪ High performance (e.g., Out-of-order processing
▪ Wide variety
▪ Low area/power operation) Cons:
Cons: ▪ General purpose
Cons: ▪ Application
▪ Very expensive Cons:
▪ Time-consuming ▪ Specific and limited ISA specific
▪ Specific and fixed
FPGAs Microcontroller for ISA GPUs
(e.g. Nvidia)
(Field Programmable
Gate Array) SAFE
uC
safety
Pros: (e.g. AURIX of Infineon) Pros:
▪ Programmable Pros: ▪ High performance
configuration ▪ Massively parallel
▪ Parallel architecture ▪ Easy development
▪ Predictable behavior operations
▪ Fast development ▪ Safe-oriented design
Cons: ▪ Include security modules (HSM) Cons:
▪ Poor control over
optimization
Cons: ▪ High cost
▪ Specific and fixed ISA ▪ Black-box
▪ High power consumption ▪ Application oriented design
▪ Expensive in large-scale compilers
production ▪ Performance
▪ Volatile depends on nice
Q(CaSC) / Johanna Sepúlveda 17
code behavior flow
Need
Motivation

New Ways of Computation

Q(CaSC) / Johanna Sepúlveda 18

Need
Motivation

MIT Physics and Computation 1981

Q(CaSC) / Johanna Sepúlveda 19

Need
Motivation

Quantum Computer: Milestones

Richard Feynman

Proposed a quantum model to perform computations

❑ Quantum circuits:
✔ Quantum gates can be combined
✔ Able to perform computation

David Deutsch
Q(CaSC) / Johanna Sepúlveda 20
Section 3

QUANTUM PRINCIPLES

Q(CaSC) / Johanna Sepúlveda 21

Principles

Quantum Physics Principles

1. Wave–Particle Duality

2. Uncertainty Principle of Heisenberg

3. Schrödinger Equation

Q(CaSC) / Johanna Sepúlveda 22

Principles

Wave-Particle Duality (1905)

Experiment of Young Photoelectric Effect

(Wave nature of light) (Particle nature of light)

E= h. v E= m. c2

Q(CaSC) / Johanna Sepúlveda 23

Principles

Uncertainty Principle of Heisenberg (1927)

The position and the velocity of an object cannot both be measured exactly,
at the same time

Velocity= V

Velocity=?

Measure has a strong effect on the quantum system

Q(CaSC) / Johanna Sepúlveda 24
Principles

Uncertainty Principle of Heisenberg (1927)

The position and the velocity of an object cannot both be measured exactly,
at the same time

Planck Constant
Position Uncertainty

Momentum Uncertainty
Tunneling effect
(p=m.v)

There is a probability that the electron

traverse the potential barrier and that
escapes (transmitted)

Q(CaSC) / Johanna Sepúlveda 25

Principles

Schrödinger Equation (1925)

Function that describes the state of a quantum-mechanical system

Conditions that the electron must meet in order that a system is stable

: Electronic probability density

Orbitals:
Described by quantum numbers (n l ml ms)
✔ n: Principal quantum number (energy level) n=[1,∞)
✔ l: Azimuthal quantum number (angular momentum) l=[0,n-1]
s, p, d, f..
✔ ml: Magnetic quantum number (orientation) ml=[-l,l]
✔ ms: Spin quantum number (magnetic field orientation) ms=[-1/2,1/2]

Q(CaSC) / Johanna Sepúlveda 26

Principles

Quantum Phenomena

1. Superposition

2. Entanglement

Q(CaSC) / Johanna Sepúlveda 27

Principles

Superposition
The state of a system is determined by the value of a set of
macroscopic variables which characterize the system in a given
moment of time. New temporal values of such variables will
characterize the state in other moment

All possible states simultaneously Collapses to a single state when measured

Q(CaSC) / Johanna Sepúlveda 28
Principles

Superposition

Mental experiment: Cat of Schrödinger

Duck

Q(CaSC) / Johanna Sepúlveda 29

Principles

Entanglement: Classical physical notions

Realism Locality
Universe exist even if we do Each bit of the universe act
not observe it with the immediate
surrounding (no faster than c)

Q(CaSC) / Johanna Sepúlveda 30

Principles

Entanglement: Copenhagen Interpretation

In the universe:
✔ Reality needs an observer
✔ Exists as superposition of
possibilities
✔ Described by of the superposition
✔ Experience when the moment is
measured

Niels Bohr

Q(CaSC) / Johanna Sepúlveda 31

Principles

EPR Paradox (Einstein, Podolsky, Rosen)

"Spooky action at a distance“

Mental experiment to demonstrate the

paradox of the Copenhagen interpretation
of the universe

In the universe:
✔ All is real
✔ All is physical
✔ All is defined (local hidden variables)

Local realism
Q(CaSC) / Johanna Sepúlveda 32
Principles

Entanglement

The entangled particles are somehow connected.

In an entangled pair the measure of the state of a
particle will influence the state of the second
particle

Q(CaSC) / Johanna Sepúlveda 33

Principles

Entanglement- Bell inequalities (1964)

e--

(spin different
direction)
Photon pos

✔ Wavefunction is entangled
✔ Until measure we cannot know which is the spinning direction
✔ Measure of one will let us know the measure of the second one
✔ Measure has an effect (AXIS of measurement)

Q(CaSC) / Johanna Sepúlveda 34

Principles

Entanglement: Bell inequaliteis are violated

Alain Aspect: Entangled photons (polarization)

Correlation of states Correlation of states

Correlation with selected axis No correlation with selected axis

1st

Copenhagen Interpretation Local Realism

Universe is not local

Q(CaSC) / Johanna Sepúlveda 35
Principles

Entanglement

Q(CaSC) / Johanna Sepúlveda 36

Section 4

QUANTUM COMPUTER

Q(CaSC) / Johanna Sepúlveda 37

Q-Computer

New Ways of Computation

Q(CaSC) / Johanna Sepúlveda 38

Q-Computer

Qubit: Quantum bit

Q(CaSC) / Johanna Sepúlveda 39

Q-Computer

Qubit: Quantum bit

✔Quantum superposition
of 0 and 1

✔Whole sphere of states

✔Noisy qubit (somewhere

inside the sphere)

Q(CaSC) / Johanna Sepúlveda 40

Q-Computer

Qubit: Operation

Q(CaSC) / Johanna Sepúlveda 41

Q-Computer

Qubit: Operation

Q(CaSC) / Johanna Sepúlveda 42

Q-Computer

Qubit: Operation

Q(CaSC) / Johanna Sepúlveda 43

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 44

Tasks

Summary

• System-on-Chips (SoC) to develop different

applications

• Moore law reached their limit (new ways of

computation)

• Quantum mechanics
– Princpiples: Wave-particle duality, Uncertainty Principle,
Schödinger equation
– Phenomena: Superposition and Entanglement

Q(CaSC) / Johanna Sepúlveda 45

Tasks

Summary

• Bit: Fundamental carrier of information

Possible bit states:
0 or 1

• Qubit: Fundamental carrier of quantum information

Possible qubit states: Any superposition described by
the wavefunction

Complex numbers
Q(CaSC) / Johanna Sepúlveda 46
Next Lecture

Quantum
Computers
Basic Principles
Next lecture: Quantum Computer Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 47

Recommended Material (optional)

1) More videos:

What is the Heisenberg Uncertainty Principle?

https://www.youtube.com/watch?v=TQKELOE9eY4

Quantum Entanglement, Bell Inequality, EPR paradox

https://www.youtube.com/watch?v=v657Ylwh-_k

Qubit video used in the lecture (Spanish)

https://www.youtube.com/watch/?v=ilPfvMEOmCs

2) Familiarization with Qubit notation

Linear Algebra for Quantum Computation (28 pages)

https://link.springer.com/content/pdf/bbm%3A978-1-4614-6336-8%2F1.pdf

Q(CaSC) / Johanna Sepúlveda

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

3. Quantum Computer Operation

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Summary of Previous Lecture

Qubits

Quantum Gates and Organization

Quantum Computer Technology

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 3

Summary

L2: Traditional Computer organization

Processor

Datapath Memory
Bus
Registers

Address
Control Data
Unit Control

Since 2014, it doubles every three years

ALU

Interfaces Co-processors

Q(CaSC) / Johanna Sepúlveda 4

Summary

L2: Quantum Computer Principles

1. Wave–Particle Duality

2. Uncertainty Principle of Heisenberg

Velocity=?
Measure has a strong effect on the quantum system

3. Schrödinger Equation
Function that describes the state of a quantum-mechanical system

Q(CaSC) / Johanna Sepúlveda 5

Summary

L2: Quantum Computer Principles

Superposition Entanglement

Collapses to a single state when measured

Q(CaSC) / Johanna Sepúlveda 6

Summary

L2: Qubits: Quantum bit

Qubit: Fundamental carrier of

quantum information
0
Possible qubit states: Any
superposition described by the
wavefunction

1
Complex numbers
Q(CaSC) / Johanna Sepúlveda 7
We are Ready to Start..

Quantum
Computers
Basic Principles
Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 8

Section 2

QUBITS

Q(CaSC) / Johanna Sepúlveda 9

Qubit
Motivation

Qubit Notation

|𝟎
𝑩𝑲
Dirac Bra-Ket Notation

Row Column
Vector Vector

|𝟏 𝟐 𝟐
Where 𝜶 + 𝜷 =𝟏 Quantum amplitudes

Q(CaSC) / Johanna Sepúlveda 10

Qubit
Motivation

Qubit Notation

The state of a single qubit is a vector in a 2-dimensional

complex vector space

|𝒙 = α How much “0” is there in the state

How much “1” is there in the state

Where 𝜶 𝟐 + 𝜷 𝟐 =𝟏

Probability of 0 Probability of 1
Q(CaSC) / Johanna Sepúlveda 11
Qubit
Motivation

Qubit Notation
Qubit 0 (Ket 0)
1
|𝟎 = 0

Qubit 1 (Ket 1)

0
|𝟏 = 1

Q(CaSC) / Johanna Sepúlveda 12

Qubit
Motivation

Exercise: How does these qubit look like?

1
2
1
2

Q(CaSC) / Johanna Sepúlveda 13

Qubit
Motivation

Exercise: How does these qubit look like?

1
2
1
2

Q(CaSC) / Johanna Sepúlveda 14

Exercise: How does these qubit look like?

1
2
1
2

α Where 𝜶 𝟐
+ 𝜷 𝟐
=𝟏
β
1
α=β =
2
1
Probability of 0 = α2 =
2

Q(CaSC) / Johanna Sepúlveda 15

Compute
Motivation

Exercise: How does these qubit look like?

1
2
1
−
2

3𝑒𝑖𝜋/7
?
5
−4𝑖
5

Q(CaSC) / Johanna Sepúlveda 16

Need
Motivation

Measure a Qubit: State Collapse

Outcome 0
(High Probability)

Superposition
between 0 and 1
(Dominant 0)

Outcome 1
Q(CaSC) / Johanna Sepúlveda (Low Probability) 17
Need
Motivation

How do we Differentiate A from B?

Outcome 0
(50% Probability)

This is true for A and B

How to differentiate A from

B? Outcome 1
(50% Probability)
Q(CaSC) / Johanna Sepúlveda 18
Compute
Motivation

Qubit explosion of States

Explosion of states
Q(CaSC) / Johanna Sepúlveda 19
Compute
Motivation

Qubit explosion of States (Example 3 Qubits)

Quantum state 0 0 0

𝑪𝟎 |𝟎𝟎𝟎 +
𝑪𝟏 |𝟎𝟎𝟏 + 1 1 1

𝑪𝟐 |𝟎𝟏𝟎 + Superposition of states

(8 states at once)
𝑪𝟑 |𝟎𝟏𝟏 +
𝑪𝟒 |𝟏𝟎𝟎 +
2N
𝑪𝟓 |𝟏𝟎𝟏 +
𝑪𝟔 |𝟏𝟏𝟎 + Complex numbers
(N qubits)
𝑪𝟕 |𝟏𝟏𝟏
𝑪𝟎 𝟐 + 𝑪𝟏 𝟐 𝟐
+ 𝑪Q(CaSC) 𝑪𝟑 𝟐Sepúlveda 𝟐 𝟐 𝟐 𝟐
Where 𝟐 + / Johanna + 𝑪𝟒 + 𝑪𝟓 + 𝑪𝟔 + 𝑪𝟕 =𝟏
20
Compute
Motivation

Qubit explosion of States (Example 3 Qubits)

𝑪𝟎 |𝟎𝟎𝟎 + 0 0 0
𝑪𝟏 |𝟎𝟎𝟏 +
𝑪𝟐 |𝟎𝟏𝟎 +
𝑪𝟑 |𝟎𝟏𝟏 +
𝑪𝟒 |𝟏𝟎𝟎 +
𝑪𝟓 |𝟏𝟎𝟏 +
𝑪𝟔 |𝟏𝟏𝟎 +
1 1 1
𝑪𝟕 |𝟏𝟏𝟏

Superposition Entanglement

The state is described as a The state of entangled Qubits cannot

proportion of the different kets be described independently
Q(CaSC) / Johanna Sepúlveda 21
Compute
Motivation

How does it look like? (Example 3 Qubits)

No
1 0

1
1

High dimensional sphere

Q(CaSC) / Johanna Sepúlveda 22
Compute
Motivation

Main Message of this Section

Superposition and entanglement allow

Quantum Computers to store and manipulate vast
amounts of information

Q(CaSC) / Johanna Sepúlveda 23

Section 3

QUANTUM GATES

Q(CaSC) / Johanna Sepúlveda 24

Gates

Quantum Gates
Transformation of Qubits
|𝟎

Rotation Measure

Interaction among
qubits

|𝟏

Q(CaSC) / Johanna Sepúlveda 25

Need
Motivation

Quantum Gates: Single qubits

Quantum Gate

Pauli Gate Hadamard

Rotation around the different axis Creates superposition

50% |𝟎
X Y Z 50% |𝟏
Q(CaSC) / Johanna Sepúlveda 26
Need
Motivation

Quantum Gates

Quantum Gate

Pauli Gate

Q(CaSC) / Johanna Sepúlveda 27

Gates

Quantum Gates: Rotations

Q(CaSC) / Johanna Sepúlveda 28

Gates

Quantum Gates (Single Qubit)

A gate act acts on a qubit can be described as a 2x2 matrix

Any quantum gate can be written as a matrix of 2𝑛 × 2𝑛 where 𝑛 is the

number of qubits to which it is applied
The inverse of a gate 𝐺 is the conjugated-transposed gate:

Q(CaSC) / Johanna Sepúlveda 29

Gates

Quantum Gates (matrix)

0 1
 Pauli X-gate (NOT gate or bit flip): 𝑋 =
1 0
1 0
• 0 = 1 =
0 1
0 1 1 0
• 𝑋0 = = = 1
1 0 0 1
0 −𝑖
 Pauli Y-gate (bit flip and phase shift): 𝑌 =
𝑖 0
1 0
 Pauli Z-gate (phase shift): Z =
0 −1
−𝑖𝜋
1 0
=𝑒 4 𝑒 0
𝑖𝜋 4
 Phase gate: 𝑆 = 𝑖𝜋
0 𝑖 0 𝑒 4

−𝑖𝜋
1 0 𝑖𝜋 𝑒 8 0
 π/8 gate: T = 𝑖𝜋 = 𝑒 8
𝑖𝜋
0 𝑒 4 0 𝑒 8

How will the gate s look like?

Q(CaSC) / Johanna Sepúlveda 30
Gates

Quantum Gates: Reversible logic

Quantum systems can reconstruct the past

Control NOT

Q(CaSC) / Johanna Sepúlveda 31

Gates

Quantum Gates: Swap Gate

Q(CaSC) / Johanna Sepúlveda 32

Gates

Quantum Gates (multiple Qubit)

SWAP

Controlled NOT
(CNOT)

Controlled Z
(CZ)

Toffoli
Q(CaSC) / Johanna Sepúlveda 33
Gates

Quantum Gates: Measure

Quantum Gate
Measure

The probability to collapse to 0 is much higher

than the probability to collapse to 1

Q(CaSC) / Johanna Sepúlveda 34

Gates

Quantum Circuits

To implement a global rotation, we decompose it into a

sequence of smaller dimensional rotations

INPUT OUTPUT

Circuits of 1 and 2 qubit gates

Q(CaSC) / Johanna Sepúlveda 35
Gates

Qubits and Quantum Circuits

Q(CaSC) / Johanna Sepúlveda 36

Section 3

QUANTUM ORGANIZATION

Q(CaSC) / Johanna Sepúlveda 37

Organization

Quantum Computer

Q(CaSC) / Johanna Sepúlveda 38

Organization

Sycamore Quantum Chip

Q(CaSC) / Johanna Sepúlveda 39

Organization

Quantum Computer Shield

Q(CaSC) / Johanna Sepúlveda 40

Organization

Coaxial Cable (Communication)

Q(CaSC) / Johanna Sepúlveda 41

Organization

Control Lines

Q(CaSC) / Johanna Sepúlveda 42

Organization

Control Lines

Q(CaSC) / Johanna Sepúlveda 43

Organization

Quantum Computer (Cooling System)

Q(CaSC) / Johanna Sepúlveda 44

Organization

Quantum Computer (Output)

Q(CaSC) / Johanna Sepúlveda 45

Organization

Quantum Computer (Programming Interface)

Q(CaSC) / Johanna Sepúlveda 46

Organization

Quantum Computer Status: NISQ

Noisy Intermediate Scale Quantum
Era

• Noisy imperfect but nontrivially big

quantum computers

• Beyond classical computational

power

• Quantum supremacy: quantum

computers can do something that
classical computers cannot unless
they run for a really long time

Q(CaSC) / Johanna Sepúlveda 47

Need
Motivation

Quantum Computer Supremacy

Q(CaSC) / Johanna Sepúlveda 48

Section 4

QUANTUM TECHNOLOGIES

Q(CaSC) / Johanna Sepúlveda 49

Technology

DiVicenzo Criteria

Q(CaSC) / Johanna Sepúlveda 50

Technology

Technologies

Q(CaSC) / Johanna Sepúlveda 51

Technology

Superconducting Circuits

 Qubits are built by microwave

circuit oscillators

 Microwave pulses are used to

control the qubits

Q(CaSC) / Johanna Sepúlveda 52

Technology

Trapped Ions

 Ions stored in electromagnetic

traps

 Ion qubits and interactions

manipulated by laser beams and
interactions between ions

Q(CaSC) / Johanna Sepúlveda 53

Technology

Electrically-Controlled Quantum Dots

 Qubits are electron spins trapped

in a semiconductor nanostructure

 Microwave pulses are used to

control the qubits

Q(CaSC) / Johanna Sepúlveda 54

Technology

Neutral Atoms

 Atoms trapped by optical lattice

formed by lasers

 Qubits formed by electronic

states of the atoms, and can be
controlled by lasers

Q(CaSC) / Johanna Sepúlveda 55

Technology

Quantum Computers (SoA)

Q(CaSC) / Johanna Sepúlveda 56

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 57

Tasks

Summary

• Quantum Computers offer exponential

computational power due the superposition and
entanglement phenomena

• Quantum gates operate on quantum bits (qubits):

Rotation, Interaction (reversible) and measurement

• Currently we are at the noisy Intermediate Scale

Quantum Era

• Several technologies meet the DiVicenzo Criteria

Q(CaSC) / Johanna Sepúlveda 58
Recommended Material and tasks (optional)

1) Documentation material

A field guide to quantum computing

https://quantum-computing.ibm.com/docs/guide/

2) Solve challenges presented in the lecture and send it back to me by email

3) Build and send the simulation result of a quantum circuit executed in the IBM
computer (Try to predict the output using the matrix notation)
Example: (But you can try any other circuit)

Q(CaSC) / Johanna Sepúlveda

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

4. Quantum Algorithms

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Summary of Previous Lecture

Quantum Technology

Quantum Logic Synthesis

Quantum Algorithms

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 3

Summary

Qubit Notation (1) Complex vector space

|𝟎
Quantum amplitudes
How much “0”
is there in the
α state
|𝒙 = β
How much “1”
|𝟏 is there in the
state
𝟐 𝟐
Where 𝜶 + 𝜷 =𝟏

Probability of 0 Probability of 1

Q(CaSC) / Johanna Sepúlveda 4

Summary

Qubit Notation (2) Univector EXTRA

Imaginary

𝛼= a+ib
α 𝛼= r𝑒 𝑖∅
b r
Φ Real
a
Q(CaSC) / Johanna Sepúlveda 5
Summary

Qubit Notation (2) Univector EXTRA

𝛼= r𝑒 𝑖∅
𝜑 = 𝑟0 𝑒 𝑖∅0 |0 + 𝑟1 𝑒 𝑖∅1 |1
Where 𝒓𝟎 𝟐 + 𝒓𝟏 𝟐 = 𝟏 𝜃
𝜑 =𝑒 𝑖∅0
(𝑟0 |0 + 𝑟1 𝑒 |1 𝑖∅ 𝑟1 = sin
2
Where ∅ = ∅𝟏 − ∅𝟎 𝜃
𝑟0 = cos
Q(CaSC) / Johanna Sepúlveda 2 6
Summary

Qubit explosion of States (Example 3 Qubits)

𝑪𝟎 |𝟎𝟎𝟎 +
𝑪𝟏 |𝟎𝟎𝟏 +
1 1 1

𝑪𝟐 |𝟎𝟏𝟎 + Superposition of states

(8 states at once)
𝑪𝟑 |𝟎𝟏𝟏 +
𝑪𝟒 |𝟏𝟎𝟎 +
2N
𝑪𝟓 |𝟏𝟎𝟏 +
𝑪𝟔 |𝟏𝟏𝟎 + Complex numbers
(N qubits)
𝑪𝟕 |𝟏𝟏𝟏
𝑪𝟎 𝟐 + 𝑪𝟏 𝟐 𝟐
+ 𝑪Q(CaSC) 𝑪𝟑 𝟐Sepúlveda 𝟐 𝟐 𝟐 𝟐
Where 𝟐 + / Johanna + 𝑪𝟒 + 𝑪𝟓 + 𝑪𝟔 + 𝑪𝟕 =
7 𝟏
Summary

Qubit explosion of States (Example 3 Qubits)

Superposition Entanglement

The state is described as a The state of entangled Qubits cannot

proportion of the different kets be described independently
Q(CaSC) / Johanna Sepúlveda 8
Summary

Quantum Gates
Transformation of Qubits
|𝟎

Rotation Measure

Interaction among
qubits

|𝟏

Q(CaSC) / Johanna Sepúlveda 9

Summary

Quantum Gates (Single Qubit)

A gate act acts on a qubit can be described as a 2x2 matrix

Any quantum gate can be written as a matrix of 2𝑛 × 2𝑛 where 𝑛 is the

number of qubits to which it is applied

Q(CaSC) / Johanna Sepúlveda 10

Summary

Quantum Gates: Reversible logic

Quantum systems can reconstruct the past

Control NOT

Q(CaSC) / Johanna Sepúlveda 11

Qubits and Quantum Circuits

Q(CaSC) / Johanna Sepúlveda 12

Summary

Quantum Computer

Quantum Computer
(Output)
Quantum Computer
Shield

Coaxial Cable
Cooling System (Communication)

Noisy Intermediate Scale Quantum Era (NISQ)

Quantum Computer (Programming

Interface) Quantum Chip

Q(CaSC) / Johanna Sepúlveda 13

Summary

IBM Quantum Computer

Q(CaSC) / Johanna Sepúlveda 14

We are Ready to Start..

Quantum
Computers
Basic Principles
Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 15

Section 2

QUANTUM TECHNOLOGY

Q(CaSC) / Johanna Sepúlveda 16

Technology

DiVicenzo Criteria

Q(CaSC) / Johanna Sepúlveda 17

Technology

Quantum Computer Metrics

Coherence

Wavelength
Frequency
Velocity

Wave C is not coherent and will not cause maximum or minimum

interference
Q(CaSC) / Johanna Sepúlveda 18
Technology

Quantum Computer Metrics

Decoherence

Q(CaSC) / Johanna Sepúlveda 19

Technology

Quantum Computer Metrics

Control

Facility to process and interact with qubits

Q(CaSC) / Johanna Sepúlveda 20

Technology

Quantum Computer Metrics

Scalability Number of operations that can be performed

(circuit depth)

INPUT OUTPUT

Number of qubits that can be operated

(circuit wide)
Q(CaSC) / Johanna Sepúlveda 21
Technology

Evaluation Summary of Quantum Technologies

Q(CaSC) / Johanna Sepúlveda 22

Technology

Superconducting Circuits

 Qubits are built by microwave

circuit oscillators

 Microwave pulses are used to

control the qubits

Efficient (FAST)

Q(CaSC) / Johanna Sepúlveda 23

Technology

Trapped Ions

 Ions stored in electromagnetic

traps
Paul trap
 Ion qubits and interactions
manipulated by laser beams and
interactions between ions

Accuracy on qubit operation

Q(CaSC) / Johanna Sepúlveda 24

Technology

Electrically-Controlled Quantum Dots

 Qubits are electron spins trapped

in a semiconductor nanostructure

 Microwave pulses are used to

control the qubits

Q(CaSC) / Johanna Sepúlveda 25

Technology

Neutral Atoms

 Atoms trapped by optical lattice

formed by lasers

 Qubits formed by electronic

states of the atoms, and can be
controlled by lasers

Q(CaSC) / Johanna Sepúlveda 26

Technology

Quantum Computers (SoA)

Q(CaSC) / Johanna Sepúlveda 27

Section 3

Quantum Logic Synthesis

Q(CaSC) / Johanna Sepúlveda 28

Q-Synthesis

Interview: Quantum Logic Synthesis

Q(CaSC) / Johanna Sepúlveda 29

Q-Synthesis

Interview: Oracle

Inputs Output

Oracle

 Implements a liner function

 Programmable
 Unitary

Q(CaSC) / Johanna Sepúlveda 30

Section 4

Quantum Algorithm

Q(CaSC) / Johanna Sepúlveda 31

Algorithm

Software

Q(CaSC) / Johanna Sepúlveda 32

Algorithm

Quantum Computers Utilization

 Quantum computers are only

better than classical
(existing) computers at
specific computational
tasks

 Quantum algorithms have

different degrees of:

• Evidence for/amount of
beyond-classical power

• Implementation Feasibility
Q(CaSC) / Johanna Sepúlveda 33
Algorithm

Main Quantum Applications

Q(CaSC) / Johanna Sepúlveda 34

Algorithm

Optimization in Industry

Find the shortest

circuit between cities

These problems are computationally difficult

(NP-hard)

Find the portfolio with the

minimum risk for a given return

Q(CaSC) / Johanna Sepúlveda 35

Algorithm

Optimization in Industry
Grover Algorithm: Polynomial speedup for these problems

Optimization, Monte Carlo Methods in Finance [Montanaro], Database Search,…

Q(CaSC) / Johanna Sepúlveda 36

Algorithm

Main Quantum Applications

 Chemistry simulation

 Optimization

 Machine learning

 Cryptography
 Grover Algorithm
 Shor Algorithm

Q(CaSC) / Johanna Sepúlveda 37

Algorithm

Implications on Security
QUANTUM
Grover’s algorithm
SKC/PKC in CLASSIC
Halves the security of AES
Better classic algorithm
AES-128 AES-256
~ 1034 Steps
Shor’s algorithm
In a classic computer (THz)
(1 trillion of ops / sec)
~ 107 Steps
In a quantum computer (MHz)
~ 17 Trillions of years (1 million of ops / sec)

~ 10 Seconds

Q(CaSC) / Johanna Sepúlveda 38

Algorithm

Quantum Threat

Type Algorithm Key strength Key strength Quantum attack

Classic Quantum
(bits) (bits)
Better classic algorithm
RSA-2048 112

Asymmetric
(Public Key)
~ 10RSA-3072
34 Steps
ECC-256
128

128
0 Shor’s Algorithm

ECC521 256
In a classic computer (THz)
(1 trillion of ops / sec)
AES-128 128 64
Grover’s
Symmetric
AES-256 256 128 Algorithm

Q(CaSC) / Johanna Sepúlveda 39

Algorithm

Quantum Algorithm Main Steps

Initialize Transform Measure

Q(CaSC) / Johanna Sepúlveda 40

Algorithm

Quantum Algorithm Main Steps

Initialize Transform Measure

Q(CaSC) / Johanna Sepúlveda 41

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 42

Tasks

IBM Quantum Programming

https://quantum-computing.ibm.com/

Homework: Open an account and start exploring!

Q(CaSC) / Johanna Sepúlveda 43

Tasks

Grover’s Algorithm
https://quantum-computing.ibm.com/docs/guide/q-algos/grover-s-algorithm

Challenge: Execute the Grover’s Algorithm

(Send the result)

Q(CaSC) / Johanna Sepúlveda 44

Tasks

Grover’s Algorithm

Grover algorithm explanation (TU Delft):

https://www.youtube.com/watch?v=IT-O-KSWlaE

Steps of the Grover’s algorithm (Berkley):

https://www.youtube.com/watch?v=PAVKuYv1HC8

Next week I will explain the algorithm!

Q(CaSC) / Johanna Sepúlveda 45

Tasks

Summary

 Several technologies meet the five DiVicenzo Criteria

 Three metrics can be used to classify quantum

computers: Coherence, control and scalability

 Logic synthesis is challenging and different

optimization guidelines can be used

 Quantum algorithms are defined by three steps:

Initialization, transformation and measurement

Q(CaSC) / Johanna Sepúlveda 46

Next Lecture

End of the Quantum Block

Quantum
 Shor’s and Grover’s Quantum Algorithms
Computers
 Q&A Quantum Technology Basic Principles
Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 47

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

5. Quantum Security Threat:

Grover and Shor Algorithms
Q(CaSC) / Johanna Sepúlveda 2
Goal Today‘s Lecture

Summary of Previous Lecture

Security Basics

Grover’s Algorithm

Shor’s Algorithm

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 3
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 4

Summary
DiVicenzo Criteria

Q(CaSC) / Johanna Sepúlveda 5

Summary

Quantum Computer Metrics

Decoherence

Q(CaSC) / Johanna Sepúlveda 6

Summary

Quantum Computer Metrics

Control

Facility to process and interact with qubits

Q(CaSC) / Johanna Sepúlveda 7

Summary

Quantum Computer Metrics

Scalability Number of operations that can be performed

(circuit depth)

INPUT OUTPUT

Number of qubits that can be operated

(circuit wide)
Q(CaSC) / Johanna Sepúlveda 8
Summary

Evaluation Summary of Quantum Technologies

Q(CaSC) / Johanna Sepúlveda 9

Summary

Quantum Computers (SoA)

Q(CaSC) / Johanna Sepúlveda 10

Summary

Main Quantum Applications

 Chemistry simulation

 Optimization

 Machine learning

 Cryptography
 Grover Algorithm
 Shor Algorithm

Q(CaSC) / Johanna Sepúlveda 11

Summary

Quantum Algorithm Main Steps

Initialize Transform Measure

Q(CaSC) / Johanna Sepúlveda 12

Summary

We are Ready to Start..

Quantum
Computers
Basic Principles
Evolution
Structure
Types
Programming
Security threat

Q(CaSC) / Johanna Sepúlveda 13

Section 2

SECURITY BASICS

Q(CaSC) / Johanna Sepúlveda 14

Security

Symmetric Key Cryptography

Public values
Alice‘s values Alice Bob Bob‘s values

Present Trivium Triple

AES Prince Lucifer DES
Q(CaSC) / Johanna Sepúlveda 15
Security

Public Key Cryptography

Public values
Alice‘s values Alice Bob Bob‘s values

RSA ECC
Q(CaSC) / Johanna Sepúlveda 16
Security

Public Key Cryptography

Q(CaSC) / Johanna Sepúlveda 17

Security

Public Key Cryptography

Application layer
(I) COAP Generate Data Data

Security layer
(II) DTLS Encryption EData

Transport layer
(III) UDP UDP Header UDP

Network layer
(IV) IPv6 IP Header IP

Adaptation layer
(V) 6LoWPAN 6LoWPAN

Physical layer F F
MAC/PHY
(VI) IEEE 802.15.4 H F

Q(CaSC) / Johanna Sepúlveda 18

Security

Public Key Cryptography

Client Server
Application layer
(I) COAP *ClientHello

*ClientHelloVerify
Security layer
(II) DTLS ClientHello
C1
Transport layer ServerHello, Certificate
UDP C2
(III)

Network layer
C3 ClientKeyExchange
ClientKeyExchange
(IV) IPv6 PKC
Adaptation layer Finished
(V) 6LoWPAN C4
ChangeCipherSpec
C5
Physical layer
Finished
(VI) IEEE 802.15.4
C6

SC
Q(CaSC) / Johanna Sepúlveda 19
Security

Traditional Security
Today traditional cryptography
is considered secure
Factoring large integers Computing discrete logarithms
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

IonQ’s 79 qubits Quantum Processor

In the future, traditional cryptography

will be broken
Q(CaSC) / Johanna Sepúlveda 20
Security

Quantum Computer RSA ECC

Key Length qubits Key Length qubits

1024 2048 163 1000

2048 4096 224 1300
140
3072 6144 256 1500
4096 8192 383 2300
120
15360 30720 512 3000

100

80
QUBITS

60
Superconductors

40 Ion Trap

Spin
20
Neutral atoms

0
1995 2000 2005 2010 2015 2020 2025

Q(CaSC) / Johanna Sepúlveda 21

Security

~ 10 Seconds

Q(CaSC) / Johanna Sepúlveda 22

Security

Quantum Threat

Type Algorithm Key strength Key strength Quantum attack

Classic Quantum
(bits) (bits)
Better classic algorithm
RSA-2048 112

Asymmetric
(Public Key)
~ 10RSA-3072
34 Steps
ECC-256
128

128
0 Shor’s Algorithm

ECC521 256
In a classic computer (THz)
(1 trillion of ops / sec)
AES-128 128 64
Grover’s
Symmetric
AES-256 256 128 Algorithm

Q(CaSC) / Johanna Sepúlveda 23

Section 3

Grover Algorithm

Q(CaSC) / Johanna Sepúlveda 24

Grover

Optimization in Industry

Find the shortest

circuit between cities

These problems are computationally difficult

(NP-hard)

Find the portfolio with the

minimum risk for a given return

Q(CaSC) / Johanna Sepúlveda 25

Grover

Unstructured Search (N cards)

Worst case: Average case:

N trials N/2 trials
Winner w

Searching large databases is an important problem with

broad applications

Traditional Computer Quantum Computer

O(N) (Grover’s Algorithm)
O( 𝑵)
Q(CaSC) / Johanna Sepúlveda 26
Grover

Grover’s Algorithm: Amplitude amplification trick

Optimal search (exhaustive search) algorithm for a quantum

computers which has further applications as a subroutine for other
quantum algorithms

Four stages:

Initialization Transformation

Oracle

Amplification

Measurement
Q(CaSC) / Johanna Sepúlveda 27
Grover

Grover’s Algorithm: Parameter Definition

We know the value 𝒚 = 𝒇(𝒙) Our goal

N= 8 2𝑛=3 = 8

Initialization Oracle Amplification Measurement

Advantage: All searches are performed in a single iteration

N: number of cards
Repeat O( 𝑁) times
n: Qubits required to express
the N cards
Q(CaSC) / Johanna Sepúlveda 28
Grover

Grover’s Algorithm: Initialization 𝒚 = 𝒇(𝒙)

Bar graph of the amplitudes of the state

Initialization Oracle Amplification Measurement

Repeat O( 𝑁) times

Uniform
Superposition

𝟏
Amplitude

𝑵 mean

X
1 2 3 4 5 6 7 8
|000 |001 |010 |011 |100 |101 |110 |111

Q(CaSC) / Johanna Sepúlveda 29

Grover

Grover’s Algorithm: Oracle (1) 𝒚 = 𝒇(𝒙)

Bar graph of the amplitudes of the state

Initialization Oracle Amplification Measurement

Repeat O( 𝑁) times

Marks the solution(s)

Amplitude

𝟏
(flip sign of that <
𝑵 mean
state’s amplitude)
X
1 2 3 4 5 6 7 8

Identify Flip
Q(CaSC) / Johanna Sepúlveda 30
Grover

Grover’s Algorithm: Oracle (2)

 Function that can be encoded through quantum

gates (distinguisher)
Oracle
 Described as an unitary matrix

 Quantum computer computes f(x) simultaneously

Result:
 Amplitude representation: Inversion
 Geometrical representation: reflection

Example:
Function that returns ‘0' for all possible input states,
except one input state (x= winner)

Q(CaSC) / Johanna Sepúlveda 31

Grover

Grover’s Algorithm: Amplification 𝒚 = 𝒇(𝒙)

Bar graph of the amplitudes of the state

Initialization Oracle Amplification Measurement

Repeat O( 𝑁) times

Reflection about the 𝟓

mean, thus increasing 𝟒 𝟐
the amplitude of the
Amplitude

marked state <

𝟏
mean
𝟏 𝑵
𝟒 𝟐 X
1 2 3 4 5 6 7 8

Diffusion operator / amplitude purification

(inversion about the mean)
Q(CaSC) / Johanna Sepúlveda 32
Grover

Grover’s Algorithm: Measurement 𝒚 = 𝒇(𝒙)

Note that the number of iterations in Grover's algorithm is critical.
High probability to many
If you make too measure |011
thethe
iterations state of success decreases again
probability

After only one iteration: 77% of getting the correct answer

For M solutions
𝑵
r≈ times
𝑴

After two iterations: 94% of getting the correct answer

Repeat
𝛑 𝑵
r =( ) times
𝟒

N=8, r ≈ 2

Q(CaSC) / Johanna Sepúlveda 33

Grover

Grover’s Algorithm: Geometrical 𝒚 = 𝒇(𝒙)

Define states

Define function

Q(CaSC) / Johanna Sepúlveda 34

Grover

Grover’s Algorithm: Quantum Circuit 𝒚 = 𝒇(𝒙)

Mathematical and Geometrical development:

https://www.quantiki.org/wiki/grovers-search-algorithm
https://www.cs.cmu.edu/~odonnell/quantum15/lecture04.pdf
https://www.nature.com/articles/s41467-017-01904-7
https://arxiv.org/ftp/arxiv/papers/0705/0705.4171.pdf

Simulator
http://davidbkemp.github.io/animated-qubits/grover.html
Q(CaSC) / Johanna Sepúlveda 35
Grover

Advanced Encryption Standard (AES-128)

AddRoundKey S0 S1 S2 S3
State Key
S4 S5 S6 S7
S8 S9 S10 S11
SubBytes
S12 S13 S14 S15
ShiftRows 9 rounds S3 XOR
k3
S‘3

MixColumns
S‘0 S‘1 S‘2 S‘3
AddRoundKey
S‘4 S‘5 S‘6 S‘7 State
S‘8 S‘9 S‘10 S‘11
SubBytes S-Box
S‘12S‘13S‘14 S‘15

ShiftRows
V3
AddRoundKey

https://arxiv.org/pdf/1512.04965.pdf
Q(CaSC) / Johanna Sepúlveda 36
Grover

Grover’s Algorithm: AES-128 case

Goal: To find the key x (winner) from 2128 possible solution that produce the
Ciphertext y

 Challenge: To define the oracle for the case of AES.

 We may know a set of plaintext/Ciphertext pairs

Message
(plaintext) Encrypted
AES Message
Secret (ciphertext)
N: number of
candidates
key

https://arxiv.org/pdf/1512.04965.pdf
https://eprint.iacr.org/2019/1146.pdf
Q(CaSC) / Johanna Sepúlveda 37
Grover

Grover’s Algorithm: AES-128 Oracle and results

 The number of logical qubits required to implement a Grover attack on AES
is relatively low

 Exponential development (2016: 3000 to 7000 Qubits; 2019: 864 to 1200)

 Large circuit depth due the unrolling the entire Grover iteration

https://arxiv.org/pdf/1512.04965.pdf
https://eprint.iacr.org/2019/1146.pdf
Q(CaSC) / Johanna Sepúlveda 38
Section 4

Shor Algorithm

Q(CaSC) / Johanna Sepúlveda 39

Shor

Public Key Cryptography

Factoring large integers Computing discrete logarithms

Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

N= p.q
Hard problem
Today traditional cryptography
is considered secure
Q(CaSC) / Johanna Sepúlveda 40
Shor

RSA Public-key Cryptography

N integer number has a unique decomposition into a product of primes, finding the
prime factors is believed to be a hard problem

Q(CaSC) / Johanna Sepúlveda 41

Shor

Complexity of Factoring (1)

N with d decimal digits
 Brute force
 All primes p, (0 < p < 𝑁)

 Check if p divides N

Worst case: 𝑵 trials

(Exponential in d)
 Quadratic sieve
 Search two integers a2- b2 multiple of N

 Check a ± b have common factors with N

Worst case: 𝑵 trials
(Exponential in 𝒅)
Q(CaSC) / Johanna Sepúlveda 42
Shor

Complexity of Factoring (2)

Q(CaSC) / Johanna Sepúlveda 43

Shor

Shor Algorithm: Mathematical

Large PrimesBackground

 Euclid’s Algorithm: gcd (N,g) =p1 N is known, attacker

obtain p1 from the guess g
Guess N = p1 . p2 and calculates p2
Goal:
Get p2 or g (shares factor with N) so we can 𝑵
𝒑𝟐 =
𝒈𝒄𝒅(𝑵, 𝒈)
g = p1 . c
But if they do not share factors, it was demonstrated
𝒈𝒑 = m. N + 1
𝒑 𝒑
Factors of N (𝑔 +1). (𝑔 −1) = m. N
2 2

𝒑
𝒈2 ±1
 Period Finding
p has a repeating property
𝒈𝒑+𝒙 = m2. N + r

Q(CaSC) / Johanna Sepúlveda 44

Shor

Period Finding
Modular math:
Dividend Quotient

𝑎
=𝑞 With remainder r
𝑁
Divisor

𝒓 = 𝑎 𝑚𝑜𝑑 𝑁

𝒈𝒑+𝒙 = m2. N + r

Factoring is easy if we find a period of the modular exponential

 Given N and a, find smallest r

𝑎𝒓 − 1 is multiple of N
r: Period of a modulo N
Q(CaSC) / Johanna Sepúlveda 45
Shor

Shor Algorithm
 Superposition of all the
possible powers
Quantum
 Measure r (superposition of
 Guess 𝒈 answers with equal r)

 Extract p  They are p apart from each

other
 Obtain a better guess
𝒑 Initialization
𝑔 ±1
2

Oracle

Quantum Fourier Transformation

Measurement

Q(CaSC) / Johanna Sepúlveda 46

Shor

Shor’s Algorithm (1994)

 Key step:
Quantum Fourier Transformation

Initialization Measurement

𝟏
𝒑

Find Period

Transformation
Q(CaSC) / Johanna Sepúlveda 47
Shor

Shor Algorithm (steps) N=21

𝑵
 Choose a random g < 𝑵 . If gcd(𝒈, 𝑵) ≠ 1 then 𝑝1 = gcd(𝑥, 𝑁) and 𝑝2 = 𝑝1 ,
otherwise continue
𝒈 = 11
 Choose the parameter 𝑴 ∈ 𝑁 2 , 2𝑁 2 ∶ 𝑴 = 2 𝒎
𝑴 = 512
𝒎=9
 Apply the quantum algorithm to find the period 𝑟 of 𝑔𝑝 𝑚𝑜𝑑 𝑁
 Initialize a register with 𝒏 + 𝒎 + 1 qubits
 First 𝑛 + 𝑚 qubits to |0 and the last qubit to |1
𝒏 = 𝑙𝑜𝑔2 𝑵 = 5 and

Q(CaSC) / Johanna Sepúlveda 48

Shor

Shor Algorithm (steps) N=21

 Apply Hadamard transformation to the first 𝒎 qubits to get an uniform

superposition of all states up to 𝑀 − 1

 Apply the oracle function 𝑼𝒇 = 𝑥 𝑎 𝑚𝑜𝑑 𝑁

 Apply the QFT on the first register

 Measure the value on the first register

𝑃(𝑐)
𝑴
High probability of getting a multiple of
𝒑

𝑐 = 427
0
𝑀 2𝑀 3𝑀 𝑐
0
𝑝 𝑝 𝑝
Q(CaSC) / Johanna Sepúlveda 49
Shor

Period Finding
𝑴
 Assuming we get a multiple of , use the continued fraction
𝒑
expansion algorithm (runs with polynomial time) to get the integer
𝑴
fraction that best approximates the result 𝑐 = 𝑘 , 𝑘 ∈ ℕ
𝒑
𝑐 𝑘 427 𝑘
min − = −
𝑴 𝒑 512 𝒑
p= 𝟔
𝒑
 If 𝒑 is even and 𝒈 2 ≡ ±1 𝑚𝑜𝑑 𝑵, continue, otherwise, select a new
6
guess g11 2 ≡ 1331 ≡ 8 ≢ ±1 𝑚𝑜𝑑 21
 Compute the factors of 𝑵 as
𝒑 𝒑
𝑝1 = gcd(𝒈 2 − 1, 𝑵) and p2 = gcd(𝒈 2 + 1, 𝑵)
𝑝1 = gcd 7, 21 = 7
𝑝2 = gcd 9, 21 = 3

Q(CaSC) / Johanna Sepúlveda 50

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 51

Tasks

Quantum Programming
https://qiskit.org/textbook/ch-algorithms/grover.html

Q(CaSC) / Johanna Sepúlveda 52

Tasks

Summary: Quantum Threat

 Two types of cryptography for securing

communication: Symmetric key and Public key

 Security of symmetric key cryptography (SC) will be

halved by the Grover algorithm. AES-256 should be
used in the future

 Public key cryptography (PKC) will be broken by the

Shor algorithm. Quantum secure communications
should be used

Q(CaSC) / Johanna Sepúlveda 53

Next Lecture

End of the Quantum Block

 Quantum Communication Quantum

Communication
(QKD)
Main Principles
Structure
Types
Standard
Use cases

Q(CaSC) / Johanna Sepúlveda 54

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

6. Quantum Key Distribution (QKD)

Q(CaSC) / Johanna Sepúlveda 2

Goal Today‘s Lecture

Summary of Previous Lecture

Key Exchange

Quantum Communication

Important Information Lecture

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 3
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 4

Summary

Symmetric Key Cryptography

Public values
Alice‘s values Alice Bob Bob‘s values

Present Trivium Triple

AES Prince Lucifer DES
Q(CaSC) / Johanna Sepúlveda 5
Summary

Public Key Cryptography

Public values
Alice‘s values Alice Bob Bob‘s values

RSA ECC
Q(CaSC) / Johanna Sepúlveda 6
Summary

Traditional Security
Today traditional cryptography
is considered secure
Factoring large integers Computing discrete logarithms
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

IonQ’s 79 qubits Quantum Processor

In the future, traditional cryptography

will be broken
Q(CaSC) / Johanna Sepúlveda 7
Summary

Public Key Cryptography

SC
Q(CaSC) / Johanna Sepúlveda 8
Summary

Quantum Threat

Type Algorithm Key strength Key strength Quantum attack

Classic Quantum
(bits) (bits)
Better classic algorithm
RSA-2048 112

Asymmetric
(Public Key)
~ 10RSA-3072
34 Steps
ECC-256
128

128
0 Shor’s Algorithm

ECC521 256
In a classic computer (THz)
(1 trillion of ops / sec)
AES-128 128 64
Grover’s
Symmetric
AES-256 256 128 Algorithm

Q(CaSC) / Johanna Sepúlveda 9

Summary

Unstructured Search (N cards)

Worst case: Average case:

N trials N/2 trials
Winner w

Searching large databases is an important problem with

broad applications

Traditional Computer Quantum Computer

O(N) (Grover’s Algorithm)
O( 𝑵)
Q(CaSC) / Johanna Sepúlveda 10
Summary

Grover’s Algorithm: Amplitude amplification trick

Optimal search (exhaustive search) algorithm for a quantum

computers which has further applications as a subroutine for other
quantum algorithms

Four stages:

Initialization Transformation

Diffusion operator / amplitude purification

Oracle
(inversion about the mean)

Amplification

Measurement
Q(CaSC) / Johanna Sepúlveda 11
Summary

Grover’s Algorithm: AES-128 case

Goal: To find the key x (winner) from 2128 possible solution that produce the
Ciphertext y

 Challenge: To define the oracle for the case of AES.

 We may know a set of plaintext/Ciphertext pairs

Message
(plaintext) Encrypted
AES Message
Secret (ciphertext)
N: number of
candidates
key

Shor’s Algorithm
Period Finding
Goal: Find prime factors of N If N = 11, a= 5

 Euclid’s Algorithm: gcd (N,g) r = 𝑎 𝑥 𝑚𝑜𝑑 𝑁

Equals to:
𝒑
𝒈2 ±1
5, 3, 4, 9, 1, 5, 3, 4, 9, 1, 5, 3, …
𝒈𝒑+𝒙 = m2. N + r

𝒓 = 𝒈𝒑+𝒙 𝑚𝑜𝑑 𝑁𝑚2 Period = 5

Factoring is easy if we find a period of the modular exponential

 Given N and a, find smallest r

𝑎𝒓 − 1 is multiple of N
r: Period of a modulo N
Q(CaSC) / Johanna Sepúlveda 13
Summary

Shor’s Algorithm
 Superposition of all the
possible p
Quantum
 Measure r
 Guess 𝒈
 They are p apart from each
 Extract p other

 Obtain a better guess

𝒑 Initialization
𝑔 ±1 2

Oracle
𝑃(𝑐)

Quantum Fourier Transformation

0
Measurement
𝑀 2𝑀 3𝑀 𝑐
0
𝑝 𝑝 𝑝 Q(CaSC) / Johanna Sepúlveda 14
Summary

Shor’s Algorithm (1994)

 Key step:
Quantum Fourier Transformation

Initialization Measurement

𝟏
𝒑

Find Period

Transformation
Q(CaSC) / Johanna Sepúlveda 15
Summary

We are Ready to Start..

Quantum
Communication
(QKD)
Main Principles
Structure
Types
Standard
Use cases

Q(CaSC) / Johanna Sepúlveda 16

Section 2

KEY EXCHANGE

Q(CaSC) / Johanna Sepúlveda 17

Key Exchange

Security Services (CIA)

Secrecy of the
Confidentiality information

Data is not
Cryptographic Primitivescorrupted
Integrity
(Use a key)

Authentication Integrity of the

source

Q(CaSC) / Johanna Sepúlveda 18

Key Exchange

Cryptographic primitive that allows that

keys are exchanged between communication parties

01101010100001010101000010…..

Enforced Negotiated

A single party decides the secret Each party contributes to the

and transfer it establishment of a common secret

Q(CaSC) / Johanna Sepúlveda 19

Key Exchange

Key Exchange: Enforced

Alice Bob

 Alice puts secret information

into a lockable briefcase

 Alice locks the briefcase

 Bob unlocks the briefcase

and retrieves the information

Q(CaSC) / Johanna Sepúlveda 20

Key Exchange

Key Exchange: Enforced (Encapsulation)

Alice Bob
Public key of Bob

Secret key of Bob

Alice selects the

secret

Alice locks the secret with

the public key of Bob

Bob unlocks the secret with

the Bob secret key

Q(CaSC) / Johanna Sepúlveda 21

Key Exchange

Key Exchange: Diffie-Hellman

Alice Bob

modulo p and base g

Selects Selects
g, p, a g, p, A b

Calculate Calculate
A = ga mod p B = gb mod p
B
Calculate Calculate

K = Ba mod p K = Ab mod p

Alice and Bob now share the

same secret K

Q(CaSC) / Johanna Sepúlveda 22

Whitfield Diffie and Martin Hellman.
Key Exchange

Once they share the secret…

Message
(plaintext) Encrypted
Encryption Message
Secret (ciphertext)
(key)

Encrypted
Message
(ciphertext) Message
Decryption (plaintext)
Secret
(key)

Q(CaSC) / Johanna Sepúlveda 23

Key Exchange

One Time Pad

Message
(plaintext) Encrypted
XOR
Encryption Message
Secret (ciphertext)
(key)

Pre-shared key (identical) should have at least the same size as the message
being sent (ABSOLUTELY SECURE)

Encrypted
Message
(ciphertext) Message
XOR
Decryption (plaintext)
Secret
(key)

Q(CaSC) / Johanna Sepúlveda Claude Shannon 24

Key Exchange

Once they share the secret…

Message
(plaintext) Encrypted
AES Message
(ciphertext)
Secret
(key)

Encrypted
Message
(ciphertext) Message
AES (plaintext)
Secret
(key)

Q(CaSC) / Johanna Sepúlveda 25

Key Exchange

Attacks: Man-in-the Middle (MiM)

Alice Bob

Selects Selects
g, p, a g, p, A b

Calculate Calculate
A = ga mod p B = gb mod p
B
Calculate Calculate

K = Ba mod p K = Ab mod p

Q(CaSC) / Johanna Sepúlveda 26

Key Exchange

Attacks: Man-in-the Middle (MiM)

Alice MiM Bob

Selects Selects Selects

g, p, a g, p, A g, p, m g, p, M b

Calculate Calculate Calculate

A = ga mod p M = gm mod p B = gb mod p
Calculate
B
M
Calculate KB = Bm mod p Calculate

KA = Ba mod p KA = Am mod p KB = Mb mod p

Share the same secret KA Share the same secret KB

AUTHENTICATION and TAMPER DETECTION

Q(CaSC) / Johanna Sepúlveda 27
Key Exchange

Attacks: Eavesdropping
Alice Bob

Selects Selects
g, p, a g, p, A b

Calculate Calculate
A = ga mod p B = gb mod p
B
Calculate Calculate

K = Ba mod p K = Ab mod p

Passive (just looking)

Q(CaSC) / Johanna Sepúlveda 28
Section 3

Quantum Communication

Q(CaSC) / Johanna Sepúlveda 29

QComm

Quantum Communication: Use Cases

Teleportation Quantum-key-Distribution

To share quantum states To share confidential random

Q(CaSC) / Johanna Sepúlveda 30

QComm

Teleportation

Goal: To transfer information without the physical

communication but through entanglement

Teleportation does not allow to scan a person and reassembled somewhere

else in the universe. Instead, it involves entangling two particles, separating
them, and keeping them stable enough to remain linked together

Q(CaSC) / Johanna Sepúlveda 31

QComm

QIN: Teleportation

Alice/Rick Bob/ Morty

Photon to be transmitted
Transmitted photon
Interact with other Modify the
particle quantum state

Any interaction with the entangled particle in one side (Rick) will be
immediately perceived by the other side (Morty)
Low Energy

Entangled Photons
High Energy Photon

Q(CaSC) / Johanna Sepúlveda 32

QComm

Practical Teleportation: Entanglement

Q(CaSC) / Johanna Sepúlveda 33

QComm

Teleportation in Practice: Communication

 Laying fiber-optic cables is
expensive

 Deployment takes a long time

 Loss due to long cable

(entanglement will be
destroyed)

 Quantum repeaters that

rebroadcast quantum
information could extend a
network's reach (no mature)

Separating entangled photons through fiber-optic cables is problematic

Q(CaSC) / Johanna Sepúlveda 34

QComm

Teleportation in Space: Micius 2017

Ngari transmitter
(Tibetan mountain)

Space-based link

Q(CaSC) / Johanna Sepúlveda 35

QComm

Teleportation in Space: Micius 2017

Over 32 evenings, 911 photon pairs showed teleportation

when the scientists measured their states

Q(CaSC) / Johanna Sepúlveda 36

QComm

Quantum-Key-Distribution (QKD)

Message
Encrypted Message
Message
Classical Network

Quantum Quantum
Quantum Channel
Device Device

Goal: To transfer a secret random key between a pair

It is impossible that an attacker read (measure) without
getting noticed
Q(CaSC) / Johanna Sepúlveda 37
QComm

QKD BB84 Protocol

1. Encode
2. Measure

3. Reconciliation Charles Bennett Giles Brassard

1. Encode Information: Polarized photons (polarization beam splitter)

Two polarization basis (four possible states)

V
L R

Orthogonal polarization
Q(CaSC) / Johanna Sepúlveda 38
QComm

QKD BB84 Protocol

2. Measure polarization: Aligned case
Input Output
(V)

(H)

Measure basis

Q(CaSC) / Johanna Sepúlveda 39

QComm

QKD BB84 Protocol

2. Measure polarization: Misaligned case (50% V, 50% H)
Input Output
(V)
OR

OR
(H)
OR

Measure basis OR

Q(CaSC) / Johanna Sepúlveda 40

QComm

QKD BB84 Protocol

2. Measure polarization: Aligned case
Input Output
Right
(R)

Left (L)
Measure basis

Q(CaSC) / Johanna Sepúlveda 41

QComm

QKD BB84 Protocol

2. Measure polarization: Misaligned case (50% R, 50% L)
Input Output
Right
(R) OR

OR
Left (L)
Measure basis OR

Q(CaSC) / Johanna Sepúlveda 42

QComm

QKD BB84 Protocol

3. Reconciliation

 Agree in a common secret key

 Identify the mismatch between the selected basis

(transmitter/receiver)

 Usually only 50% of the transmitted information is finally used

(after eliminating the errors)

 Requires an authenticated channel (otherwise MiM attacks are

possible)

 This key can be used for encrypting information

(OTP, AES)

Key Distillation
Error Correcting capabilities
Q(CaSC) / Johanna Sepúlveda 43
QComm

QKD BB84 Protocol

Alice/Rick Bob/ Morty

Public Channel

Quantum Channel

H V

Raw key
L R
Single photon
Encoding basis Encode
Selected basis
Correct measure Measure
Sifted key

Key Distillation
Reconciliation
Secret key
Q(CaSC) / Johanna Sepúlveda 44
QComm

QKD BB84 Protocol

Q(CaSC) / Johanna Sepúlveda 45

QComm

Possible Attacks: Photon Number Splitting

Avalanche photodiodes Trojan

Q(CaSC) / Johanna Sepúlveda 46

QComm

Decoy State QKD

Multiple source intensity levels to mess the

communication statistics
(against possible attacker: Decoy state)

Q(CaSC) / Johanna Sepúlveda 47

QComm

QKD Practical Realization

Q(CaSC) / Johanna Sepúlveda 48

QComm

QKD Today

Q(CaSC) / Johanna Sepúlveda 49

QComm

QKD Applications

Q(CaSC) / Johanna Sepúlveda 50

QComm

QKD Advantages and Disadvantages

 Quantum Key Distribution promises unconditional security

. Security is based on the laws of quantum physics

 Detect compromised channels (Eavesdropping): Virtually

unhackable

Still, we have many challenges to address

 Poorly understood
 Only to exchange key (other cryptoprimitives are not supported)
 Rely on authenticated channels
 Secure Implementation is mandatory
 Extend the performance (limits on rate and range)
 Cost
 Killer application

Q(CaSC) / Johanna Sepúlveda 51

QComm

Quantum Key Distribution

Q(CaSC) / Johanna Sepúlveda 52

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 53

Tasks

QKD Standard

https://www.etsi.org/technologies/quantum-key-distribution

 Describing complete systems involving point-to-point devices from physical

implementation to output of final secret key

 Revision on security proofs, focusing on security definition, device models,

implementation security and quantum key distribution protocols

 Implementation security: protection against Trojan horse attacks in one-way QKD

systems

 Characterisation of optical output of QKD transmitter modules, on control interface

 QKD Application Interface (API) in response to new network developments on

review of network architectures

 Revision to Group Report (GR) on QKD vocabulary and definitions

Q(CaSC) / Johanna Sepúlveda 54
Tasks

QKD attacks: Answer Moodle Questions

https://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp27_qkd_imp_sec_FINAL.pdf

Q(CaSC) / Johanna Sepúlveda 55

Tasks

Summary: Quantum Communication

 Key distribution is critical for the security

 Two types of quantum communication:

Teleportation and Quantum Key Distribution

 Quantum communication is very promising and it still

requires a huge research effort

 While Quantum communication is secure,

implementation attacks can be performed

Q(CaSC) / Johanna Sepúlveda 56

Tasks

Next Lecture

Third Block

 Post Quantum Security Post-Quantum

Cryptography
(PQC)
NIST Competition Main Principles
Families and Types
Principles PQC Main Components
Standard
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 57

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications
SoSe20
950488885

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Summary of Previous Lecture

Cryptography

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 3

Summary

Security Services (CIA)

Secrecy of the
Confidentiality information

Data is not
Cryptographic Primitivescorrupted
Integrity
(Use a key)

Authentication Integrity of the

source

Q(CaSC) / Johanna Sepúlveda 4

Summary

Key Exchange

Cryptographic primitive that allows that

keys are exchanged between communication parties

01101010100001010101000010…..

Enforced Negotiated

A single party decides the secret Each party contributes to the

and transfer it establishment of a common secret

Q(CaSC) / Johanna Sepúlveda 5

Summary

Once they share the secret…

Message
(plaintext) EncryptedM
Encryption essage
Secret (ciphertext)
(key)

One-Time-Pad (OTP) or AES

EncryptedM
essage
(ciphertext) Message
Decryption (plaintext)
Secret
(key)

Q(CaSC) / Johanna Sepúlveda 6

Summary

Public Key Cryptography

SC
Q(CaSC) / Johanna Sepúlveda 7
Summary

Traditional Security
Today traditional cryptography
is considered secure
Factoring large integers Computing discrete logarithms
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

IonQ’s 79 qubits Quantum Processor

In the future, traditional cryptography

will be broken
Q(CaSC) / Johanna Sepúlveda 8
Summary

Quantum Threat

Type Algorithm Key strength Key strength Quantum attack

Classic Quantum
(bits) (bits)
Better classic algorithm
RSA-2048 112

34
RSA-3072 128
Asymmetric
(Public Key)
~ 10ECC-256
Steps 128
0 Shor’s Algorithm

ECC521 256
In a classic computer (THz)
(1 trillion of ops / sec)
AES-128 128 64
Grover’s
Symmetric
AES-256 256 128 Algorithm

Q(CaSC) / Johanna Sepúlveda 9

Summary

Quantum Communication: Use Cases

Teleportation Quantum-key-Distribution

To share quantum states To share confidential random

Goal: To transfer Goal: To transfer a secret

information without the random key between a pair
physical communication but It is impossible that an
through entanglement attacker read (measure)
without getting noticed

Q(CaSC) / Johanna Sepúlveda 10

Summary

QIN: Teleportation

Alice/Rick Bob/ Morty

Photon to be transmitted
Transmitted photon
Interact with other Modify the
particle quantum state

Any interaction with the entangled particle in one side (Rick) will be
immediately perceived by the other side (Morty)
Low Energy

Entangled Photons
High Energy Photon

Q(CaSC) / Johanna Sepúlveda 11

Summary

Teleportation in Practice: Communication

Separating entangled photons

through fiber-optic cables is Space-based link
problematic
Q(CaSC) / Johanna Sepúlveda 12
Summary

Teleportation in Space: Micius 2017

Over 32 evenings, 911 photon pairs showed teleportation

when the scientists measured their states

Q(CaSC) / Johanna Sepúlveda 13

Summary

Quantum-Key-Distribution (QKD)

Message
Encrypted Message
Message
Classical Network

Quantum Quantum
Quantum Channel
Device Device

Goal: To transfer a secret random key between a pair

It is impossible that an attacker read (measure) without
getting noticed
Q(CaSC) / Johanna Sepúlveda 14
Summary

QKD BB84 Protocol

1. Encode
2. Measure
3. Reconciliation Charles Bennett Giles Brassard

1. Encode Information: Polarized photons (polarization beam splitter)

Two polarization basis (four possible states)

V
L R

Orthogonal polarization
Q(CaSC) / Johanna Sepúlveda 15
Summary

QKD BB84 Protocol

2. Measure polarization: Aligned case
Input Output
(V)

(H)

Measure basis

Q(CaSC) / Johanna Sepúlveda 16

Summary

QKD BB84 Protocol

2. Measure polarization: Misaligned case (50% V, 50% H)
Input Output
(V)
OR

OR
(H)
OR

Measure basis OR

Q(CaSC) / Johanna Sepúlveda 17

Summary

QKD BB84 Protocol

3. Reconciliation
Agree in a common secret key

Identify the mismatch between the selected basis

(transmitter/receiver)

Usually only 50% of the transmitted information is finally used

(after eliminating the errors)

Requires an authenticated channel (otherwise MiM attacks are

possible)

This key can be used for encrypting information

(OTP, AES)
Key Distillation: Amplification of Privacy
Error Correcting capabilities

Q(CaSC) / Johanna Sepúlveda 18

Summary

QKD BB84 Protocol

Alice/Rick Bob/ Morty

Public Channel

Quantum Channel

H V

Raw key
L R
Single photon
Encoding basis Encode
Selected basis
Correct measure Measure
Sifted key

Key Distillation
Reconciliation
Secret key
Q(CaSC) / Johanna Sepúlveda 19
Summary

Possible Attacks: Photon Number Splitting

Avalanche photodiodes Trojan

Q(CaSC) / Johanna Sepúlveda 20

Summary

QKD Practical Realization

Q(CaSC) / Johanna Sepúlveda 21

Summary

QKD Today

Q(CaSC) / Johanna Sepúlveda 22

Summary

QKD Applications

Q(CaSC) / Johanna Sepúlveda 23

Summary

Quantum Key Distribution

Q(CaSC) / Johanna Sepúlveda 24

Summary

We are Ready to Start..

Post-Quantum
Cryptography
Main Principles
Families and Types
Standard
Main Components
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 25

Section 2

CRYPTOGRAPHY

Q(CaSC) / Johanna Sepúlveda 26

Crypto

Human need: Communication

Defense

Technology
Health
Logistics

Share information Selectively

Q(CaSC) / Johanna Sepúlveda 27

Crypto

Cryptography History

Q(CaSC) / Johanna Sepúlveda 28

Crypto

Once Upon a Time

It’s a warm summer evening in ancient Greece…

Cryptography:
‘Krypto’ meaning hidden
and ‘graphene’ meaning writing.

Q(CaSC) / Johanna Sepúlveda 29

Crypto

Classical Cryptography

Hieroglyph (4500 ago): Only known by Egyptian scribes

Scytale (2500 ago):

Greeks and Spartans for
military incursions

Polybius Square (2500 ago):

Caesar cipher (1900 ago): Romans for military incursions.
Greeks. They use coordinates of the
Replace letters with a letter that is 3 letters beyond.
letters Q(CaSC) / Johanna Sepúlveda 30
Crypto

Middle Age Cryptography

Cryptanalysis: Science that develops a set of techniques to

decipher the cryptography

Q(CaSC) / Johanna Sepúlveda 31

Crypto

Reinassance Cryptography

Vigenère cipher

• Further development of
substitution-based
ciphers (polyalphabetic)

• Based on a series of
interwoven Caesar
ciphers

• Different alternatives
(rows)

Tabula Recta (1600)

Q(CaSC) / Johanna Sepúlveda 32

Crypto

Premodern Cryptography

One Time Pad –OTP (1919): Gilbert Vernam

Enigma Sigaba

Mechanical and Electromechanical cipher machines (1950)

Q(CaSC) / Johanna Sepúlveda 33
Crypto

Modern Cryptography

Note: Algorithms and parameters are PUBLIC and private keys are PRIVATE

Q(CaSC) / Johanna Sepúlveda 34

Crypto

Modern Cryptography

SYMMETRIC-KEY
(SKC)

Q(CaSC) / Johanna Sepúlveda 35

Crypto

Cryptography Definition

Parameters Performance

Length of the key

Modulo Cost
Noise
Seed….
Cryptographic
Pre-defined values Primitive Security
that define the
cryptographic
primitives Other

In order to allow interoperability and to widely deploy secure communication,

standards are needed

Q(CaSC) / Johanna Sepúlveda 36

Crypto

NIST: National Institute of Standards and Technology

Goal: To stablish a measurement system (standards)

Security standards (key distribution, signature, encryption, etc..)

Industry
Researchers
Government Requirements

Get Expertise

Unilateral

Define
Public:
Competition
Q(CaSC) / Johanna Sepúlveda 37
Crypto

NBS: Data Encryption Standard (DES)

Symmetric key encryption (Block ciphers)

• 1973: First request for proposals (No suitable candidate)

• 1974: Second request for proposals (No suitable candidate)

• 1977: Announced U.S. FIPS PUB 46 (15.01.1977)

• 1999: Broken in 22 hours and 15 minutes

• 1999: Triple DES reaffirmed in the U.S. FIPS PUB 46-3

Q(CaSC) / Johanna Sepúlveda 38

Crypto

The Drama

NSA
Lucifer
(128-bits)

National Bureau of
Public and open discussion is mandatory
Standard

The Bureau

DES Backdoor intentionally

introduced?
(56-bits)
Q(CaSC) / Johanna Sepúlveda 39
Crypto

NIST Public Process (Competition)

Q(CaSC) / Johanna Sepúlveda 40

Crypto

NIST: Advanced Encryption Standard (AES)

Symmetric key encryption

• 1997: Announce the AES competition

• 1998: 15 Candidates were submitted

• Public discussion (Advantages and Disadvantages) Joan Daemen and Vincent Rijmen
• Security assessment
• Performance assessment (PCs of various architectures, smart cards, hardware implementations)
• Feasibility in limited environments (smart cards , low gate count ASICS, FPGAs)

• 1999: Narrow to 5 candidates: MARS, RC6, Rijndael, Serpent and Twofish

(Finalists)
• 2000: NIST announced Rijndael as the winner
• 2001: Draft of the AES (U.S. FIPS PUB 197)
• 2002: AES is effective as a Federal government standard. Included in the
ISO/IEC 18033-3, NSA approved (used in top secret messages)
Q(CaSC) / Johanna Sepúlveda 41
Crypto

NIST: Lightweight Standard

SHA-3
Secure Hash Algorithm 3
(2015)

Lightweight
57 Candidates
(2019)

Q(CaSC) / Johanna Sepúlveda 42

Crypto

NIST: Lightweight Standard

Symmetric key encryption

• 2015: Start public discussions on Lighweight Cryptography

• 2018: Announce the lightweight competition

• 2019: 57 candidates were submitted

• Caesar competition (public authenticated encryption)
• Performance assessment (PCs of various architectures, smart cards, hardware
implementations)
• Feasibility in limited environments (smart cards , low gate count ASICS, FPGAs)

• 2020: Secure implementation

• Time-protected
• Side-channel (power, EM, ..)

Q(CaSC) / Johanna Sepúlveda 43

Crypto

Side-Channel: Which activity did they practice

We can get information that is leaked from the normal operation of the
system to retrieve some secret/privilege information
(time to execute a function, power, access, etc..)

Q(CaSC) / Johanna Sepúlveda 44

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

8. Lattice-Based Post-Quantum Cryptography

Principles
Q(CaSC) / Johanna Sepúlveda 2
Goal Today‘s Lecture

Summary of Previous Lecture

Lattices

Lattice-Based Cryptography

LWE / NTRU

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 3
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 4

Summary

Once Upon a Time

It’s a warm summer evening in ancient Greece…

Cryptography:
‘Krypto’ meaning hidden
and ‘graphene’ meaning writing.

Q(CaSC) / Johanna Sepúlveda 5

Summary

Cryptography History
Post-Quantum

Enigma

Cryptographic Algorithm and Cryptographic Implementation

Cryptanalysis
must be secure

Hieroglyph

Scytale
Q(CaSC) / Johanna Sepúlveda 6
Summary

Side-Channel: Which activity did they practice

We can get information that is leaked from the normal operation of the
system to retrieve some secret/privilege information
(time to execute a function, power, access, etc..)

Q(CaSC) / Johanna Sepúlveda 7

Summary

Traditional Security
Today traditional cryptography
is considered secure
Factoring large integers Computing discrete logarithms
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

IonQ’s 79 qubits Quantum Processor

In the future, traditional cryptography

will be broken
Q(CaSC) / Johanna Sepúlveda 8
Summary

Quantum Threat

Type Algorithm Key strength Key strength Quantum attack

Classic Quantum
(bits) (bits)
Better classic algorithm
RSA-2048 112

Asymmetric
(Public Key)
~ 10RSA-3072
34 Steps
ECC-256
128

128
0 Shor’s Algorithm

ECC521 256
In a classic computer (THz)
(1 trillion of ops / sec)
AES-128 128 64
Grover’s
Symmetric
AES-256 256 128 Algorithm

Q(CaSC) / Johanna Sepúlveda 9

Summary

Quantum Computer Threat

RSA ECC

Key Length qubits Key Length qubits

140 1024 2048 163 1000
2048 4096 224 1300
120 3072 6144 256 1500
4096 8192 383 2300

100
15360 30720 512 3000

80
QUBITS

60
Superconductors

40 Ion Trap

Spin
20
Neutral atoms

0
1995 2000 2005 2010 2015 2020 2025

Q(CaSC) / Johanna Sepúlveda 10

Summary

QKD: Quantum Key Distribution

Message
Encrypted Message
Message
Classical Network

Quantum Quantum
Quantum Channel
Device Device

Used to distribute keys

ONLY
Q(CaSC) / Johanna Sepúlveda 11
Summary

QKD: Quantum Channels

Q(CaSC) / Johanna Sepúlveda 12

Summary

PQC: Post-Quantum Cryptography

Distribute Key
Post-Quantum Cryptography Encrypt
Decrypt
Classical Network Sign
Verify

Code Hash Multivariate Isogeny Lattice

Algorithms used to secure messages on a classical computer and that are resistant to
traditional computers attacks AND quantum computers attacks

Q(CaSC) / Johanna Sepúlveda 13

Summary

PQC: Comparison

Code-based Hash-based Multivariate Isogeny Lattice-based

(e.g. NTRU, LWE, RLWE)
(e.g. McEliece, Rollo) (e.g. Merkle Hash- (e.g. Rainbow, LUOV) (e.g. SIKE)
trees)

Pros: Pros: Pros: Pros: Pros:

 Well studied  Well studied  Multipurpose  Elliptic-based  Efficient
problem problem  Very efficient  Smallest key  Public
 Multipurpose  Very efficient signature sizes key, digital
 Fast schemes signatures
, FHE, IBE

Cons: Cons: Cons: Cons: Cons:

 Very large  No encryption  Most public key  Low efficiency  Key sizes
key sizes schemes schemes are  Difficult to when
 Track of signed broken construct compared to
messages
classical
crypto
Q(CaSC) / Johanna Sepúlveda 14
Summary

PQC Momentum
0 5 10 15 20 25 30

Life cycle of the

product
(Years)

Expose industry and products

to attacks

Post-Quantum Security
Integration Process IonQ’s 79 qubits Quantum Processor
Q(CaSC) / Johanna Sepúlveda 15
Summary

NIST Post-Quantum Candidates

Code Hash Multivariate Isogeny Lattice

First NIST
18 3 9 2 32
Round
Second NIST
7 2 4 1 12
Round

Q(CaSC) / Johanna Sepúlveda 16

Summary

NIST: National Institute of Standards and Technology

• 2012: NIST starts meetings regarding Post-Quantum cryptography

• 2016: NIST announces the Post-Quantum standardization process
April: Report NISTIR 8105 (Report of PQC)
December: Official call for proposal
• 2017: Deadline of submissions of Post-Quantum cryptography (30.11)
• 2018: First conference of standarization of Post-Quantum cryptography
• 2019: Starts the second round of the Standardization process
– January: Report NISTIR 8240 (Report of PQC)
August: Second conference of standarization
• 2020: Freeze of second round and start internal discussion for selection of the
third round candidates
• 2022: Expected arrival of standardization (set of recommended algorithms)

Q(CaSC) / Johanna Sepúlveda 17

Summary
QKD IS NOT PQC

Advantages
- Wider portfolio of mathematical problems in
Advantages
comparison with traditional PKI (e.g., RSA, ECC)
- Security based on physics
- Use already deployed technology
- Virtually unhackable - Able to exchange keys, encrypt, decrypt, sign,
- Detect eavesdropping verify
- Target of intense research
- Standardization process (NIST, IETF, IEEE,
ETSI)
Disadvantages - Scalability
- Prone to implementation attacks - Good performance
- Resilience: Change in photon polarization - Target of intense research
- Lacks many security features (only key
exchange) Disadvantages
- Need of dedicated channel (high cost) - Prone to implementation attacks
- Restricted key throughput (scalability) - Need to build confidence
Q(CaSC) / Johanna Sepúlveda 18
- Larger keys when compared to traditional PKI
Summary

We are Ready to Start..

Post-Quantum
Cryptography
Main Principles
Families and Types
Standard
Main Components
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 19

Section 2

LATTICE

Q(CaSC) / Johanna Sepúlveda 20

Lattice

Lattices: Which concepts arrive to our mind?

Space Dimension
(Euclidean Space)

Basic Element
(Basis)

Order
(Pattern)

Q(CaSC) / Johanna Sepúlveda 21

Lattice

Lattices

𝑏2
𝑏1

Q(CaSC) / Johanna Sepúlveda 22

Lattice

Lattices: Scary and Friendly Basis

An n-dimensional
Dimension lattice ℒ is

• Generated by a basis
ℬ = 𝑏1 , … , 𝑏𝑛 Rank

ℬ𝑚𝑥𝑛

• ℒ = 𝑛𝑖=1(ℤ ⋅ 𝑏𝑖 )
𝑏2 Scary Basis: Long
ℒ(ℬ) = 𝑩𝒙 | 𝒙 ∈ ℤ𝑛 𝑏1 vectors

Friendly Basis: Short

vectors

Basis is not unique:

There are multiple basis that can generate the same lattice

Q(CaSC) / Johanna Sepúlveda 23

Lattice

Lattices
Are these vectors a basis for our lattice?

𝑏1

𝑜
𝑏2

Q(CaSC) / Johanna Sepúlveda 24

Lattice

Lattice Basis: Example

Dimension = 2
Rank = 1

Q(CaSC) / Johanna Sepúlveda 25

Lattice

Lattice Summary

 Can be described as a periodic space of points, defined in an

euclidean space n-dimensional

 Represented compactly by the basis

• Independent n vectors
• Lattice is represented by the set of all basis lineal combination
• Basis is not unique

 Many HARD PROBLEMS can be described with lattices

Problems that are not possible to solve or that require

excessive traditional and quantum computational capabilities

2O(n) Quantum steps required to solve lattice problems

Q(CaSC) / Johanna Sepúlveda 26

Lattice

Shortest Vector Problem (SVP)

Given a lattice L, find the
shortest non-zero vector to the origin

We know

Some variations:
𝑆
α-shortest vector
𝑜

Q(CaSC) / Johanna Sepúlveda 27

Lattice

Closest Vector Problem (CVP)

Given a lattice L and a target t, find the
closest lattice point

We know

𝑜
𝐶

Q(CaSC) / Johanna Sepúlveda 28

Lattice

Learning With Errors (LWE) [Regev 2005]

Given a lattice L and a vector r (visible vector), find

the verctor s hidden by the error e

𝑟
e

𝑜
𝒔

Q(CaSC) / Johanna Sepúlveda 29

Lattice

Interpretation of LWE

 Algebraic: Solving noisy random linear

equations

 Geometric: Bounded Distance Decoding in lattices

 Learning Theory: Learning linear functions over ℤ𝒏𝒒 under

random classification noise
Elements reduced
mod q
 Coding Theory: Decoding random linear q-ary codes

Q(CaSC) / Johanna Sepúlveda 30

Lattice
LWE - Algebraic
𝑎11 𝑎12 … 𝑎1𝑛 𝑆11
𝐴𝑚𝑥𝑛 = 𝑎21⋮ 𝑎22… 𝑎2𝑛 𝑆𝑛𝑥1 = 𝑆21⋮
⋮ ⋮
𝑎𝑚1 𝑎𝑚2 … 𝑎𝑚𝑛 𝑆𝑛1

A is a basis of a lattice S is the secret vector

𝑒11 𝑟11
𝑒𝑚𝑥1 = 𝑒21⋮ 𝑟𝑚𝑥1 = 𝑟21⋮
𝑒𝑚1 𝑟𝑚1
Gaussian
e is the error vector r is the visible vector
(small magnitude)

𝑨. 𝒔 + 𝒆 = 𝒓 Decisional LWE

Given
Search LWE Find (and/or)
Q(CaSC) / Johanna Sepúlveda 31
Lattice
LWE – Decisional and Searching Problem
𝑨. 𝒔 + 𝒆 = 𝒓
Public values

n: Size of the secret

m: Number of samples
q: Modulus
Χ: Error distribution

Decisional LWE
Search LWE
(Distinguish)

Q(CaSC) / Johanna Sepúlveda 32

Lattice

 Shortest Independent Vector Problem (SIVP): Given a basis for a

lattice find n linear independent vectors constrained by

 Covering Radius Problem (CRP): Given a basis for a lattice find

the smallest sphere that when placed at every lattice point it
includes 2 lattice points

 Bounded Distance Decoding (BDD): Given a basis, a point x and

a bound β, find the smallest vector v such that 𝑥 − 𝑣 ≤ 𝛽
Q(CaSC) / Johanna Sepúlveda 33
Lattice

Lattice Problems: Hardness

Quantum
[R‘05]
GapSVP, ≤
SIVP

≤ ≤
Search-LWE Decision-LWE Crypto
Decision version of SVP

GapSVP
≤
[BFKL94] [R‘05],
[R‘05], [PW‘08]
[P‘09] [GPV08]
NTRU LWE
Classical
[P‘09]

Q(CaSC) / Johanna Sepúlveda 34

Lattice

Lattice Hard Problems: Summary

V´
𝑠 c c

Shortest Vector Closest Vector Learning

Problem Problem with errors

More configuration parameters (Rich exploration trade-off)

Easy to proof the security

Q(CaSC) / Johanna Sepúlveda 35

Lattice

Taxonomy of Lattices

Lattices

NTRU
LWE
(SVP)

Ring

RLWE ILWE MLWE LWR LWP RLWR

Replaces n dimensional
vectors by polynomials of
degree smaller than n
Q(CaSC) / Johanna Sepúlveda 36
Section 3

LATTICE-BASED CRYPTOGRAPHY

Q(CaSC) / Johanna Sepúlveda 37

Crypto

Public Key Cryptography (PKC)

ga mod p N=p.q

Computing discrete logarithms Public values Factoring large integers

Alice‘s values Alice Bob Bob‘s values

PKC Security
Transformation is based on hard problems which can not be
solved or they require excessive computation/memory resources

Easy to calculate….hard to crack

Q(CaSC) / Johanna Sepúlveda 38

Crypto

Key Exchange: Diffie-Hellman

Alice Bob

modulo p and base g

Selects Selects
g, p, a g, p, A b

Calculate Calculate
A = ga mod p B = gb mod p
B
Calculate Calculate

K = Ba mod p K = Ab mod p

Alice and Bob now share the

same secret K

Q(CaSC) / Johanna Sepúlveda 39

Crypto

Public Key Cryptography (PKC)

𝑎11 𝑎12 … 𝑎1𝑛
𝐴𝑚𝑥𝑛 = 𝑎21⋮ 𝑎22…
⋮
𝑎2𝑛
⋮
𝑎𝑖𝑗 <q and 𝑎𝑖𝑗 ∈ ℤ𝑛
𝑎𝑚1 𝑎𝑚2 … 𝑎𝑚𝑛
A is a basis of a lattice
Public values
Alice‘s values Alice Bob Bob‘s values

A q

Q(CaSC) / Johanna Sepúlveda 40

Crypto

Public Key Cryptography (PKC)

 Use of lattices in the design of cryptographic functions

•Complexity of solving lattice problems in

• n-dimentional lattices grows superpolynomially
or exponentially in n
n: Security parameter
Q(CaSC) / Johanna Sepúlveda 41
Section 4A

LWE CRYPTOGRAPHY

Q(CaSC) / Johanna Sepúlveda 42

LWE

PKC Using Lattices: LWE Primal

Matrix A and integer q
Alice Bob

Private vector Public key

Selects e <<
𝒒 𝒗= A. 𝒙 Selects
𝟒
Multiplying by the inverse 𝑨−𝟏
𝒔 𝒆 𝒗 𝑨−𝟏 −𝟏 𝒙 Binary/ternary vector
𝒃𝟏= A. 𝒙 𝑨
Calculate (Key Generation) 𝒗 𝑨−𝟏 = 𝒙 Calculate (Encryption)

𝒃𝟏 = A. 𝒔 + 𝒆 -----
𝒃𝟏 . 𝒙 = (A. 𝒔 + 𝒆) . 𝒙 𝒗 = A. 𝒙
𝒗= (A.𝒃𝟐
𝒔)𝒗 𝑨−𝟏 + 𝒆 . 𝒙 𝒒
Calculate (Decryption) 𝒃𝟐 = 𝒃𝟏 𝒙 + 𝒎
= 𝒔.
Ciphertext
𝒗 + 𝒆 . 𝒙 𝟐
𝒒 Payload
𝒃𝟐 − 𝒔. 𝒗 = 𝒆.𝒙 + 𝒎 (Preamble)
𝟐

Bit message M to be sent

Q(CaSC) / Johanna Sepúlveda
0 or 1 43
LWE

PKC Using Lattices: LWE Primal

Matrix A and integer q
Alice Bob

𝒒
Private vector e <<
𝟒

𝒒
𝒃𝟐 − 𝒔. 𝒗 = 𝒆.𝒙 + 𝒎
𝟐

Small Small only if m= 0

To transfer M, b2 has to be calculated and sent

multiple times

Q(CaSC) / Johanna Sepúlveda 44

LWE

Security Proof
Matrix A and integer q
Alice Bob

𝒒
e <<
𝟒
Public key

𝒃𝟏 = A. 𝒔 + 𝒆 𝒒
𝒃𝟐 = 𝒃𝟏 𝒙 +𝒎
𝒃𝟏 : 𝐑𝐚𝐧𝐝𝐨𝐦 𝐮𝐧𝐢𝐟𝐨𝐫𝐦 𝐯𝐚𝐥𝐮𝐞 𝟐

• Very hard problem LWE- decision Problem

A 𝒃𝟏
• If 𝒃𝟏 is random, it can be proven that Bob and Alice encrypt as
OTP case (Ciphertext Uniform random)
𝒃𝟐 𝒗

Q(CaSC) / Johanna Sepúlveda 45

Crypto

PKC Using Lattices: Dual

Matrix A and integer q
Alice Bob

Binary/ternary vector 𝒒
e <<
Public key 𝟒
Selects (uniform m> n log q) Selects

𝒙 𝒗= A. 𝒙
𝒗
Multiplying by the inverse 𝑨−𝟏
𝒔 𝒆𝟏 𝒆𝟐
Calculate (Key Generation) 𝒗 𝑨−𝟏 = A. 𝒙 𝑨−𝟏 Calculate (Encryption)
𝒗 𝑨−𝟏 = 𝒙
𝒗 = A. 𝒙 𝒃𝟏 = A. 𝒔 + 𝒆𝟏
𝒃𝟏 ----- 𝒃𝟐
𝒃𝟏 . 𝒙 = (A. 𝒔 + 𝒆𝟏 ) . 𝒙 𝒒
Calculate (Decryption)
−𝟏
𝒃 𝟐 =𝒔. 𝒗 + 𝒆 𝟐 + 𝒎
= (A. 𝒔)𝒗 𝑨 + 𝒆 . 𝒙 𝟐
𝒃𝟏 . 𝒙 = 𝒔. 𝒗 + 𝒆𝟏 .𝒙 Ciphertext Payload 𝟏
= 𝒔. 𝒗 + 𝒆𝟏 . 𝒙
(Preamble)
𝒒
𝒃𝟐 − 𝒃𝟏 . 𝒙 = 𝒆𝟐 − 𝒆𝟏 .𝒙 + 𝒎
𝟐

Bit message M to be sent

Q(CaSC) / Johanna Sepúlveda
0 or 1 46
LWE

PKC Using Lattices: Dual

Matrix A and integer q
Alice Bob

𝒒
e <<
𝟒

𝒒
𝒃𝟐 − 𝒃𝟏 .𝒙 = 𝒆𝟐 − 𝒆𝟏 .𝒙 + 𝒎
𝟐

Small Small only if m= 0

To transfer M, b2 has to be calculated and sent

multiple times

Q(CaSC) / Johanna Sepúlveda 47

LWE

Comparison LWE Primal and LWE Dual

Primal Dual

 Keys  Keys
Public key Public key
𝑨. 𝒃𝟏 = A. 𝒔 + 𝒆 𝑨 . 𝒗 = A. 𝒙
Pseudorandom Random

Secret key Secret key

𝒔 𝒙
Unique Many
Ciphertext Ciphertext
𝒗 = A. 𝒙 𝒃𝟏 = A. 𝒔 + 𝒆𝟏
𝒒 𝒒
𝒃𝟐 = 𝒃𝟏 𝒙 + 𝒎 𝒃𝟐 =𝒔. 𝒗 + 𝒆𝟐 + 𝒎
𝟐 𝟐

Fresh LWE sample with many encryption Many LWE samples with unique
coins 𝒙 encryption coins 𝒔
Q(CaSC) / Johanna Sepúlveda 48
LWE

Traditional Digital Signatures

Verify the integrity of the communication
Public values
Alice‘s values Alice Bob Bob‘s values

Message Signature Sign

Signature
calculated

Verification: Compare the received signature (green) with

the calculated signature (they should match)
Q(CaSC) / Johanna Sepúlveda 49
LWE

Traditional Digital Signatures

Verify the integrity of the communication
Public values
Alice‘s values Alice Bob Bob‘s values

Message Signature Sign

Signature
calculated

Verification: Compare the received signature (green) with

the calculated signature (they should match)
Q(CaSC) / Johanna Sepúlveda 50
LWE

Tool: Trapdoor Function

 Public function f

 Secret trapdoor function f -1

f
D
R

x y
f -1

 Hash and Sign

𝒚 = 𝑯 𝒎𝒆𝒔𝒔𝒂𝒈𝒆
𝑺𝒊𝒈𝒏𝒂𝒕𝒖𝒓𝒆 = 𝒇−𝟏 (𝒚)

Q(CaSC) / Johanna Sepúlveda 51

LWE

Lattice-based Signatures
 Generate uniform 𝑣𝑘 = 𝐴 with a secret trapdoor 𝑠𝑘 = 𝑇

 Calculate 𝑆𝑖𝑔𝑛(𝑇, 𝜇):

Use T to sample a short 𝑧 ∈ ℤ𝑛 s.t. 𝐴𝑧 = 𝐻 𝜇 ∈ ℤ𝑛𝑞

 Verify (A, μ, z)
Check 𝐴𝑧 = 𝐻 𝜇 and that 𝑧 is short 𝐴𝑧 = 𝐻 𝜇 ∈ ℤ𝑛𝑞

 Security: To forge a signature for a new message μ*, requires to find a

short 𝑧 ∗ s.t. 𝐴𝑧 ∗ = 𝐻 𝜇∗ ∈ ℤ𝑛𝑞 (SIS hard)

f
D
R

x y
f -1

Q(CaSC) / Johanna Sepúlveda 52

Section 4B

NTRU CRYPTOGRAPHY

Q(CaSC) / Johanna Sepúlveda 53

NTRU

PKC Using Lattices: NTRU

 Public-key-based cryptography
– Shortest Vector Problem (SVP)
– Polynomials in the Ring
(Nth Degree Truncated Polynomial Ring Units)

𝑅𝑁 , 𝑞 = 𝕫𝑞 𝑥
𝑥𝑁 − 1
 Operations: Addition and Multiplication

 NTRU steps
1. Key generation
2. Encryption
IEEE 1363.1 (2009)
3. Decryption NTRUEncrypt lattice-based
public-key encryption algorithm
Q(CaSC) / Johanna Sepúlveda 54
NTRU

NTRU: Key Generation

Public values
Alice‘s values Alice N, p, q Bob

1. Generate two random polynomials

𝑟
𝑓 𝑅𝑁
𝑟
𝑔 𝑅𝑁
2. Compute inverses
𝑓𝑝 ∗ 𝑓 = 1 𝑚𝑜𝑑 𝑝
𝑓𝑞 ∗ 𝑓 = 1 𝑚𝑜𝑑 𝑞
3. Store private key (sk)
𝒔𝒌 = 𝒇, 𝒇𝒑
4. Compute the public key (h)
𝒉 = 𝒑 𝒇𝒒 ∗ 𝒈 𝒎𝒐𝒅 𝒒
Q(CaSC) / Johanna Sepúlveda 55
NTRU

NTRU: Encryption
Public values
Alice‘s values Alice N, p, q Bob

𝒉 = 𝒑 𝒇𝒒 ∗ 𝒈 𝒎𝒐𝒅 𝒒
𝒔𝒌 = 𝒇, 𝒇𝒑

m
1. Format m as a ternary
polynomial

m(x)

2. Generate a random polynomial

r and mask (Padding scheme)

3. Compute the ciphertext e(x)

e(x)= 𝒓 ∗ 𝒉 + 𝒎′ 𝒎𝒐𝒅 𝒒

Q(CaSC) / Johanna Sepúlveda 56

NTRU

NTRU: Decryption
Public values
Alice‘s values Alice N, p, q Bob

𝒉 = 𝒑 𝒇𝒒 ∗ 𝒈 𝒎𝒐𝒅 𝒒
𝒔𝒌 = 𝒇, 𝒇𝒑

e(x)= 𝒓 ∗ 𝒉 + 𝒎′ 𝒎𝒐𝒅 𝒒
1. Compute
𝑎 = 𝑓 ∗ 𝒆 𝒙 𝑚𝑜𝑑 𝑞
𝑏 = 𝑎 𝑚𝑜𝑑 𝑝
2. Remove the mask
m’ = 𝑓𝑝 ∗ 𝑏 𝑚𝑜𝑑 𝑝
m = 𝑚′ − 𝑴𝑮𝑭 𝑒 − 𝑚′
3. Verify there are not CCA

Q(CaSC) / Johanna Sepúlveda 57

Section 6

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 58

Tasks

Summary: Lattice-based Cryptography

 Lattice-based cryptography is based on different hard

lattice problems (SVP, CVP, LWE)

 Different constructions are possible (PKC, Signatures)

 LWE presents a richer cryptographic space (many

parameters can be configured). However, the
security proofs become more complex than when
compared to the SVP

Q(CaSC) / Johanna Sepúlveda 59

Tasks

Lattice PQC: Answer Moodle Questions

https://eprint.iacr.org/2017/634.pdf

Answer Quiz

Optional-Optional: Look the implementation at this site (try to compile the program)
https://newhopecrypto.org/

Send print screen of the compilation result60

Q(CaSC) / Johanna Sepúlveda
Tasks

Additional Links

Matrix calculator
 https://www.mathsisfun.com/algebra/matrix-calculator.html

Formal Lattice
 https://ocw.mit.edu/courses/mathematics/18-409-topics-in-theoretical-
computer-science-an-algorithmists-toolkit-fall-2009/lecture-
notes/MIT18_409F09_scribe18.pdf
 https://cseweb.ucsd.edu/classes/sp07/cse206a/lec2.pdf

Example Lattice Implementation (video)

 https://asecuritysite.com/encryption/lwe_output
https://www.youtube.com/watch?v=hN5TQiz2gWs

Q(CaSC) / Johanna Sepúlveda 61

Tasks

Next Lecture

Third Block

 Post Quantum Security Post-Quantum

Cryptography
(PQC)
LATTICE-BASED CRYPTOGRAPHY Main Principles
Families and Types
(Implementation) Main Components
Standard
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 62

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Summary of Previous Lecture

Lattice Example and RLWE

Operations: Addition and

Multiplication, Random Sampler

Real Life Lattices

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 3

Summary

PQC: Comparison

Code-based Hash-based Multivariate Isogeny Lattice-based

(e.g. Merkle (e.g. NTRU, LWE, RLWE)
(e.g. McEliece, Rollo) (e.g. Rainbow, LUOV) (e.g. SIKE)
Hash-trees)

Pros: Pros: Pros: Pros: Pros:

▪ Well studied ▪ Well studied ▪ Multipurpose ▪ Elliptic-based ▪ Efficient
problem problem ▪ Very efficient ▪ Smallest key ▪ Public
▪ Multipurpose ▪ Very efficient signature sizes key, digital
▪ Fast schemes signatures
, FHE, IBE

Cons: Cons: Cons: Cons: Cons:

▪ Very large ▪ No encryption ▪ Most public key ▪ Low efficiency ▪ Key sizes
schemes
key sizes schemes are ▪ Difficult to when
▪ Track of signed broken construct compared to
messages
classical
crypto
Q(CaSC) / Johanna Sepúlveda 4
Summary

Lattice Hard Problems

V´
c c

Shortest Vector Closest Vector Learning

Problem Problem with errors

More configuration parameters (Rich exploration trade-off)

Easy to proof the security

Q(CaSC) / Johanna Sepúlveda 5

Summary

Taxonomy of Lattices

Lattices

NTRU
LWE
(SVP)

Ring

RLWE ILWE MLWE LWR LWP RLWR

Replaces n dimensional
vectors by polynomials of
degree smaller than n
Q(CaSC) / Johanna Sepúlveda 6
Summary

We are Ready to Start..

Post-Quantum
Cryptography
Main Principles
Families and Types
Standard
Main Components
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 7

Section 2

LATTICE EXAMPLE AND

Ring-LWE

Q(CaSC) / Johanna Sepúlveda 8

Ex & RLWE

LWE
q = 13
m=7
n=4
Random - Lattice Secret Result

4 1 11 10 6 4

5 5 9 5 9 8

3 9 0 10 11 1
x =
1 3 3 2 11 10

12 7 3 4 4

6 5 11 4 12

3 3 5 0 9

This expression can be solved easily…For example using Gaussian

elimination
Q(CaSC) / Johanna Sepúlveda 9
Ex & RLWE
LWE
q = 13
m=7
n=4
Random - Lattice Secret Small Noise Result

4 1 11 10 6 0 4

5 5 9 5 9 -1 7

3 9 0 10 11 1 2
x + =
1 3 3 2 11 1 11

12 7 3 4 1 5

6 5 11 4 0 12

3 3 5 0 1 8

This expression become difficult to solve if we do not know secret and

the noise… Q(CaSC) / Johanna Sepúlveda 10
Ex & RLWE

LWE
q = 13
m=7
n=4
Random - Lattice Secret Small Noise Result

4 1 11 10 4

5 5 9 5 8

3 9 0 10 1
x + =
1 3 3 2 10

12 7 3 4 4

6 5 11 4 12

3 3 5 0 9

LWE Search Problem: Given A and r find the secret and/or the error…
Q(CaSC) / Johanna Sepúlveda 11
Ex & RLWE

LWE
q = 13
m=7
n=4
Random - Lattice Secret Small Noise Result

4 1 11 n 10 4
u9 tio
5 5
t r ib 5
on
8
s i
Di u t
3 m 9 0 10
trib+ 1
for
i
x
Di
s =
Un 1 3 3 2 n 10
s sia
12 7 3 4 a u 4
G n
o
6 5 11 4 uti 12

3 3 5 0 is trib 9
n D
s ia
u s
G a
LWE Decision Problem: Given A distinguish r from a random …
Q(CaSC) / Johanna Sepúlveda 12
Ex & RLWE

LWE: Real Dimensions

q = 13 q = 4093
m=7 m = 640
n=4 n = 256
Random - Lattice

4 1 11 10

5 5 9 5

3 9 0 10

1 3 3 2

12 7 3 4

6 5 11 4

3 3 5 0

Q(CaSC) / Johanna Sepúlveda 13

Ex & RLWE

Ring-LWE
3= -10 mod 13
Random - Lattice

❑ Implements ring structure

4 1 11 10 ❑ Each row is the cyclic shift of

3 4 1 11 the row above
2 3 4 1
❑ Special wrapping rule:
12 2 3 4
x wraps to
9 12 2 3 Xnew= –x mod q
10 9 12 2

11 10 9 12

We do not need to store all the matrix A…just the generator vector
Q(CaSC) / Johanna Sepúlveda 14
Section 3a

OPERATIONS:
ADDITION AND MULTIPLICATION

Q(CaSC) / Johanna Sepúlveda 15

Operation:+*

Identify Operations

Polynomial Multiplication
Polynomial Addition Schoolbook NTT

Karatsuba Toom–Cook
Next
Lecture

Discrete Sampling

Uniform Binomial Modular Reduction

Gaussian Trinary Next

Lecture

Q(CaSC) / Johanna Sepúlveda 16

Operation:+*

Polynomial Addition

Parameters: q=5
n=4

= (4,2,0,1) 4 2 0 1

= (2,1,4,0)
2 1 4 0

6 3 4 1

1 3 4 1

Q(CaSC) / Johanna Sepúlveda 17

Operation:+*

Polynomial Multiplication - Schoolbook

Parameters: q=5
n=4

= (4,2,0,1)

= (2,1,4,0)

a) Multiply then reduce b) Multiply and reduce

0 0 0 0 0 0 0 0
16 8 0 4 8 0 4 -16
4 2 0 1 0 1 -4 -2
8 4 0 2 2 -8 -4 0
8 8 18 10 1 4 0 10 -7 -4 -18
-8 -8 -18

0 3 1 2 0 3 1 2
Q(CaSC) / Johanna Sepúlveda 18
Operation:+*

Polynomial Multiplication - Karatsuba

Parameters: q=5
n=4

❑ Divide and Conquer (Anatoly Karatsuba in 1960)

The multiplication is

Where the value of the coefficients is

Q(CaSC) / Johanna Sepúlveda 19

Operation:+*

Polynomial Multiplication - Karatsuba

Parameters: q=5
n=4

= (4,2,0,1) a = 42
b = 01
= (2,1,4,0) c = 21
d = 40

The multiplication is

Where the value of the coefficients is

Q(CaSC) / Johanna Sepúlveda 20

Challenge: How do we reduce? So we can get the answer we got with the schoolbook?
Operation:+*

Polynomial Multiplication - NTT

Q(CaSC) / Johanna Sepúlveda Butterfly 21

Operation:+*

Polynomial Multiplication - NTT

❑ Forward Transformation: ❑ Backward Transformation:

Pre-Processi Twiddle Coefficient Post-Processi

ng Factors s ng

Butterfly
Operation

Update Twiddle
Factor
Q(CaSC) / Johanna Sepúlveda 22
Operation:+*

Polynomial Multiplication - NTT

Q(CaSC) / Johanna Sepúlveda 23

Operation:+*

Polynomial Multiplication – NTT (NIST 2nd round)

Algorithm with Usage of NTT Dimension Modulo

(n) (q)
CRYSTALS-Dilithium 256 8380417
Signatures FALCON 512/1024 12289
qTESLA 1024/2048 8058881/12681217
CRYSTALS-KYBER 256 7681
Ding Key Exchange 512/1024 120833
NewHope 512/1024 12289
Key
Exchange/ R.EMBLEM 512 12289
Encryption Hila5 / Round5 1024 12289
KCL 256 7681
Titanium 1024/2048 86017/1198081

NIST 2nd round announcement

NIST 3rd round

Q(CaSC) / Johanna Sepúlveda 24

Operation:+*

Polynomial Multiplication: Recommendation

NTT friendly
Multiplication should be implemented in a secure way to avoid the leak of information
Q(CaSC)(sensitive
/ Johanna Sepúlveda
factors) 25
Section 3b

OPERATIONS:
RANDOM SAMPLERS

Q(CaSC) / Johanna Sepúlveda 26

Random

Random Samplers
❑ Different PQC schemes have different parameters of the random
distributions (shape/type, size, mean, fixed/changing, statistical
distance)
▪ Type: Uniform, Gaussian, Binomial
▪ Operations (floating point)
▪ Memory
▪ Execution time

Challenges

❑ Efficiency: Time consuming operation (Gaussian sampling takes up

50% of the running time for some schemes)

❑ Flexibility: Should be supported by constrained devices

▪ Memory (kilobytes instead of gigabytes)
▪ Not all devices have floating point arithmetic capability

Samplers should be implemented in a/secure

Q(CaSC) way to avoid the leak of information
Johanna Sepúlveda 27
Random

Random Samplers: Statistical Distance

center c

The statistical distance between the desired

distribution and the output distribution should be negligible

Q(CaSC) / Johanna Sepúlveda 28

Random

Random Samplers: Types

Knuth-Yao
Rejection
Sampling
SHAKE

Inversion
SHA-3

Cumulative
Keccak Distribution
Ziggurat Table (CDT)

Leftover Hash Lemma (LHL)

Hash functions are good Bernoulli
randomness extractors Sampler

Q(CaSC) / Johanna Sepúlveda 29

Random

Sponge as Random Sources

KECCAK Discrete Samplers

SHA-3 SHAKE

Sponge construction is based on a wide random function and allows

absorbing any amount of data and squeezing any amount of data.

It acts as a pseudorandom function with regard to all previous inputs.

Bit Rate

Capacity

Leftover Hash Lemma (LHL)

Hash functions are good
Q(CaSC) / Johanna Sepúlveda 30
randomness extractors https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
Random

Rejection Sampling

A large proportion of samples will be rejected

We must evaluate f(x) for each candidate point (computationally expensive)
Q(CaSC) / Johanna Sepúlveda 31
Random

Discrete Ziggurat

Q(CaSC) / Johanna Sepúlveda 32

Random

Knuth-Yao: DDG Tree

Discrete Distribution Generating tree
It traverses the tree uniformly randomly (root - terminal)

Internal node The algorithm outputs the label of the node

(2 children: 0/1)

Terminal node
(Integer label)
Q(CaSC) / Johanna Sepúlveda 33
Section 5

LATTICE-BASED IN REAL LIFE

Q(CaSC) / Johanna Sepúlveda 34

Real Life

Hybrid approaches for TLS

X25519 (ECDH) +PQC (KEMs)

Support: X25519 (ECDH), PQC Shared secret 1: f(X25519)

Keys (ephemeral: ECDH, PQC) Shared secret 2: KEM
encapsulation

Shared secret 1: f(X25519)

Shared secret 2: KEM decapsulation

PK (X25519)
KEM Encapsulation

Master secret: Shared secret 1|| Shared secret 2

Q(CaSC) / Johanna Sepúlveda 35
Real Life

Google Experiment (2016)

❑ Enhance of BoringSSL with Post-Quantum algorithms
2016: NewHope (RLWE) CECPQ1
2019: NTRUHRSS (NTRU) CECPQ2

❑ Layered approach
❑ X25519: 128-bits security Elliptic curve (ECDH)
❑ PQ algorithm

“[. . . ] we did not find any unexpected

impediment to deploying something like
NewHope. There were no reported
problems caused by enabling it.”

“…median connection latency only

increased by 1 ms, the latency for the
slowest 5% increased by 20ms and, for
the slowest 1%, by 150ms...”

Q(CaSC) / Johanna Sepúlveda 36

Real Life

Google Experiment (2019)

❑ Enhance TLS 1.3 with Post-Quantum algorithms (53 days)

SIKE
Small key size
NTRU-HRSS Large computational
Larger key size cost
Small computational
cost

Q(CaSC) / Johanna Sepúlveda 37

Real Life

Google Experiment (2019)

Q(CaSC) / Johanna Sepúlveda 38

Real Life

Google Experiment (2019)

The small key size of CECPQ2b does not make up for

its large computational cost

… But not true for slowest connections (Windows computers, Android

mobile devices). One possible explanation for this is packet
fragmentation and packet loss

Q(CaSC) / Johanna Sepúlveda 39

Section 6

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 40

Tasks

Summary: Lattice Implementation

Lattice-based cryptography is based on four main

operations: addition, multiplication, random sampling
and modular reduction

Operations that deal with the secret information

should be implemented in a secure way
(First line: Constant-time/ independent of the secret)

Many alternatives: Different trade-offs

Q(CaSC) / Johanna Sepúlveda 41

Tasks

NTT Implementation: Answer Moodle Questions

https://ieeexplore.ieee.org/document/8741027

Answer Quiz

Q(CaSC) / Johanna Sepúlveda 42

Tasks

Additional Links

Samplers
https://www.sav.sk/journals/uploads/0212094402follat.pdf
https://www.youtube.com/watch?v=DOC8aamM57M

Q(CaSC) / Johanna Sepúlveda 43

Tasks

Next Lecture

Third Block

✔ Post Quantum Security Post-Quantum

Cryptography
(PQC)
CODE-BASED CRYPTOGRAPHY Main Principles
Families and Types
Main Components
Standard
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 44

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

10. Code-Based Post-Quantum Cryptography

Q(CaSC) / Johanna Sepúlveda 2

Goal Today‘s Lecture

Summary of Previous Lecture

Error Correcting Codes

Linear Codes

Code-based Cryptography

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 3
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 4

Summary

Traditional Security
Today traditional cryptography
is considered secure
Factoring large integers Computing discrete logarithms
Traditional Cryptography
(RSA, ECC)

Cryptoanalysis
Side-Channel

Attacker

IonQ’s 79 qubits Quantum Processor

In the future, traditional cryptography

will be broken
Q(CaSC) / Johanna Sepúlveda 5
Summary

Post-Quantum Cryptography

Distribute Key
Post-Quantum Cryptography Encrypt
Decrypt
Classical Network Sign
Verify

Code Hash Multivariate Isogeny Lattice

Algorithms used to secure messages on a classical computer and that are resistant to
traditional computers attacks AND quantum computers attacks

Q(CaSC) / Johanna Sepúlveda 6

Summary

PQC: Comparison

Code-based Hash-based Multivariate Isogeny Lattice-based

(e.g. NTRU, LWE, RLWE)
(e.g. McEliece, Rollo) (e.g. Merkle Hash- (e.g. Rainbow, LUOV) (e.g. SIKE)
trees)

Pros: Pros: Pros: Pros: Pros:

Cons: Cons: Cons: Cons: Cons:

NIST Post-Quantum Candidates

Code Hash Multivariate Isogeny Lattice

First NIST
18 3 9 2 32
Round
Second NIST
7 2 4 1 12
Round

Q(CaSC) / Johanna Sepúlveda 8

Summary

Lattices: Scary and Friendly Basis

An n-dimensional
Dimension lattice ℒ is

• Generated by a basis
ℬ = 𝑏1 , … , 𝑏𝑛 Rank

ℬ𝑚𝑥𝑛

• ℒ = 𝑛𝑖=1(ℤ ⋅ 𝑏𝑖 )
𝑏2 Scary Basis: Long
ℒ(ℬ) = 𝑩𝒙 | 𝒙 ∈ ℤ𝑛 𝑏1 vectors

Friendly Basis: Short

vectors

Basis is not unique:

There are multiple basis that can generate the same lattice

Q(CaSC) / Johanna Sepúlveda 9

Summary

Lattice Hard Problems

V´
𝑠 c c

Shortest Vector Closest Vector Learning

Problem Problem with errors

More configuration parameters (Rich exploration trade-off)

Easy to proof the security

Q(CaSC) / Johanna Sepúlveda 10

Summary
LWE
𝑨. 𝒔 + 𝒆 = 𝒓 q = 13
m=7
n=4
Random - Lattice Secret Small Noise Result
7𝑥4 4𝑥1 7𝑥1 7𝑥1
ℤ13 ℤ13 ℤ13 ℤ13

4 1 11 10 6 0 4

5 5 9 5 9 -1 7

3 9 0 10 11 1 2
x + =
1 3 3 2 11 1 11

12 7 3 4 1 5

6 5 11 4 0 12

3 3 5 0 1 8

This expression become difficult to solve if we do not know secret and

the noise… Q(CaSC) / Johanna Sepúlveda 11
Summary

LWE: Real Dimensions

q = 13 q = 4093
m=7 m = 640
Random - Lattice 𝑨. 𝒔 + 𝒆 = 𝒓 n=4 n = 256

7𝑥4
ℤ13

4 1 11 10

5 5 9 5

3 9 0 10

1 3 3 2

12 7 3 4

6 5 11 4

3 3 5 0

Security Parameters: * Dimension n (~256 - 1024)

* Modulo q (~211 – 232)
* Gaussian 𝝈
Q(CaSC) / Johanna Sepúlveda 12
Summary

Ring-LWE
3= -10 mod 13
Random - Lattice
7𝑥4
ℤ13
 Implements ring structure

4 1 11 10  Each row is the cyclic shift of

3 4 1 11 the row above
2 3 4 1
 Special wrapping rule:
12 2 3 4
x wraps to
9 12 2 3 Xnew= –x mod q
10 9 12 2

11 10 9 12

We do not need to store all the matrix A…just the generator vector
Q(CaSC) / Johanna Sepúlveda 13
Summary

Identify Operations

Polynomial Multiplication
Polynomial Addition Schoolbook NTT

Karatsuba Toom–Cook

Discrete Sampling

Uniform Binomial Modular Reduction

Gaussian Trinary

Q(CaSC) / Johanna Sepúlveda 14

Summary

Polynomial Addition
𝒗+𝒌=𝒄
Polynomial Addition
ℤ𝑞 𝑥
Parameters: q=5 𝑅= 𝑛
𝑥 +1
n=4

𝒗 = 4𝑥 3 + 2𝑥 2 + 1 = (4,2,0,1) 4 2 0 1

𝒌 = 2𝑥 3 + 𝑥 2 + 4𝑥 = (2,1,4,0)
2 1 4 0

6 3 4 1
𝑚𝑜𝑑 5

𝒄=𝒗+𝒌 1 3 4 1
𝒄 = 𝑥 3 + 3𝑥 2 + 4𝑥 + 1 = (𝟏, 𝟑, 𝟒, 𝟏)

Q(CaSC) / Johanna Sepúlveda 15

Summary

Polynomial Multiplication - Schoolbook

Polynomial
Parameters: q=5 𝒗. 𝒌 = 𝒍 Multiplication
n=4 ℤ𝑞 𝑥
𝑅= 𝑛
𝑥 +1
𝒗 = 4𝑥 3 + 2𝑥 2 + 1 = (4,2,0,1)
𝒌 = 2𝑥 3 + 𝑥 2 + 4𝑥 = (2,1,4,0)

a) Multiply then reduce b) Multiply and reduce

0 0 0 0 0 0 0 0
16 8 0 4 8 0 4 -16
4 2 0 1 0 1 -4 -2
8 4 0 2 2 -8 -4 0
8 8 18 10 1 4 0 10 -7 -4 -18
𝑚𝑜𝑑 5
-8 -8 -18
𝑚𝑜𝑑 𝑥 𝑛 + 1
0 3 1 2 0 3 1 2
l = 3𝑥 2 + 𝑥 +Q(CaSC)
𝟐 =/ Johanna
(𝟎, 𝟑, 𝟏, 𝟐)
Sepúlveda 16
Summary

Polynomial Multiplication - Karatsuba

Polynomial
Parameters: q=5 𝒗. 𝒌 = 𝒍 Multiplication
n=4 ℤ𝑞 𝑥
𝑅= 𝑛
𝑥 +1
𝒗 = 4𝑥 3 + 2𝑥 2 + 1 = (4,2,0,1) a = 42
𝒌 = 2𝑥 3 + 𝑥 2 + 4𝑥 = (2,1,4,0)
b = 01
c = 21
d = 40
𝑣 = 𝑎𝐵𝑚 + 𝑏 = 42 (100) +01
𝑘 = 𝑐𝐵𝑚 + 𝑑 = 21 (100) +40 𝒪 (𝑛𝑙𝑜𝑔23 )
The multiplication is 𝑚𝑜𝑑 5
𝑚𝑜𝑑 𝑥 𝑛 + 1
𝑥𝑦 = 𝑎𝐵𝑚 + 𝑏 𝑐𝐵𝑚 + 𝑑
R𝑒𝑠𝑢𝑙𝑡 = 𝑧2 𝐵2𝑚 +𝑧1 𝐵𝑚 + 𝑧0 = 882. 1002 + 1701.100 +40
= 8990140
Where the value of the coefficients is

𝑧2 = 𝑎𝑐 = 42.21 = 882 𝐵𝑚 ≤ 𝑅𝑒𝑠𝑢𝑙𝑡 ≤ 2𝐵𝑚

𝑧1 = 𝑎𝑑 + 𝑏𝑐 𝑧1 = 𝑎 + 𝑏 𝑐 + 𝑑 − 𝑧2 − 𝑧0
𝑧0 = 𝑏𝑑 = 1.40 = 40 = 42 + 1 21 + 40 − 882 −40
= 1701
Q(CaSC) / Johanna Sepúlveda 17
Polynomial Multiplication - NTT 𝒗. 𝒌 = 𝒍 Summary

Polynomial
Multiplication
Number Theoretic Transform (NTT) ℤ𝑞 𝑥
𝑅= 𝑛
𝑥 +1
 Discrete Fourier Transform (DFT) defined over a
finite field or ring

 NTT exists if q is a prime, n a power of two and if

𝒒 = 1 𝑚𝑜𝑑 2𝒏

𝒄 = 𝑁𝑇𝑇 −1 𝑁𝑇𝑇 𝒂 𝑁𝑇𝑇 𝒔

denotes coefficient-wise multiplication

Q(CaSC) / Johanna Sepúlveda Butterfly 18

Summary

Polynomial Multiplication - NTT

Bit Reversal

Cooley-Tukey
Q(CaSC) / Johanna Sepúlveda 19
Summary

Polynomial Multiplication – NTT

𝑛−1
𝑖𝑗
𝑎𝑖 = 𝜔𝑛 ∙ 𝑎𝑗
𝑗=0 Butterfly
Operation

Update Twiddle Factor

Q(CaSC) / Johanna Sepúlveda 20

Summary

Polynomial Multiplication – NTT

NTT and NTT-1 hardware

Q(CaSC) / Johanna Sepúlveda 21
Summary

Polynomial Multiplication – NTT (NIST 2nd round)

Algorithm with Usage of NTT Dimension Modulo

(n) (q)
CRYSTALS-Dilithium 256 8380417
Signatures FALCON 512/1024 12289
qTESLA 1024/2048 8058881/12681217
CRYSTALS-KYBER 256 7681
Ding Key Exchange 512/1024 120833

Key NewHope 512/1024 12289

Exchange/ R.EMBLEM 512 12289
Encryption Hila5 / Round5 1024 12289
KCL 256 7681
Titanium 1024/2048 86017/1198081

NIST 2nd round announcement

Q(CaSC) / Johanna Sepúlveda 22

Summary

Random Samplers: Types

Knuth-Yao
Rejection
Sampling
SHAKE

Inversion
SHA-3

Cumulative
Keccak Distribution
Ziggurat Table (CDT)

Leftover Hash Lemma (LHL)

Hash functions are good Bernoulli
randomness extractors Sampler

Q(CaSC) / Johanna Sepúlveda 23

Summary

Hybrid approaches for TLS

X25519 (ECDH) +PQC (KEMs)

Support: X25519 (ECDH), PQC Shared secret 1: f(X25519)

Keys (ephemeral: ECDH, PQC) Shared secret 2: KEM
encapsulation

Shared secret 1: f(X25519)

Shared secret 2: KEM decapsulation

PK (X25519)
KEM Encapsulation

Master secret: Shared secret 1|| Shared secret 2

Q(CaSC) / Johanna Sepúlveda 24
Summary

Google Experiment (2016)

 Enhance of BoringSSL with Post-Quantum algorithms
2016: NewHope (RLWE) CECPQ1
2019: NTRUHRSS (NTRU) CECPQ2

 Layered approach
 X25519: 128-bits security Elliptic curve (ECDH)
 PQ algorithm

“[. . . ] we did not find any unexpected

impediment to deploying something like
NewHope. There were no reported
problems caused by enabling it.”

“…median connection latency only

increased by 1 ms, the latency for the
slowest 5% increased by 20ms and, for
the slowest 1%, by 150ms...”

Q(CaSC) / Johanna Sepúlveda 25

Summary

Google Experiment (2019)

Q(CaSC) / Johanna Sepúlveda 26

Summary

Google Experiment (2019)

The small key size of CECPQ2b does not make up for

its large computational cost

… But not true for slowest connections (Windows computers, Android

mobile devices). One possible explanation for this is packet
fragmentation and packet loss

Q(CaSC) / Johanna Sepúlveda 27

Summary

NIST Lattice-Based Schemes

KEM/PKC
Crystals-Kyber Saber
LAC

QTesla
Frodo Round5

ThreeBears Crystals-
Dilithium

NewHope NTRU Signatures

NTRU Prime Falcon

Q(CaSC) / Johanna Sepúlveda 28
Summary

We are Ready to Start..

Post-Quantum
Cryptography
Main Principles
Families and Types
Standard
Main Components
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 29

Section 2

ERROR CORRECTING CODES

Q(CaSC) / Johanna Sepúlveda 30

ECC

Noisy Communication Channel

“The fundamental problem of communication is

that reproducing at one point either exactly or
approximately a message selected at another
point”
Claude Shannon
(Information Theory)

I love We are
over!
you!

Communication Channels are imperfect!

Q(CaSC) / Johanna Sepúlveda 31
ECC

Error Correcting Codes

Interference
Repeat Costly
Weather (Electrical, other)

Unreliable/Noisy Channel

Repeat Imperfect
materials

Inefficient
Use unmistakable
words
NATO phonetic alphabet

Error Correcting Codes (ECC)

Binary encoding scheme that allows the message recovering even if some
bits are erroneously flipped

Error Detection Error Correction

Q(CaSC) / Johanna Sepúlveda 32
ECC

Error Correcting Codes

Errors

Message Encoding Scheme

Codeword
(Sourcecode)
Generator
(Transformation) High dimensional state

Valid
codeword
Decoding Scheme
Message
Correction rules

Invalid
codeword
Codespace
Q(CaSC) / Johanna Sepúlveda 33
ECC

Error Correcting Codes: Example

Codespace
Spatial view: 16 messages are mapped on 16 valid codewords

4-Dimensional Space 7-Dimensional Space

Message Codeword Valid
codeword

Generator
(Transformation)

Q(CaSC) / Johanna Sepúlveda 34

ECC

Repetition Codes
Repeat Repeat Repeat
Can Bob correct the received message if there is
moreUnreliable/Noisy
than 1 error? Channel

Generator: Alice will

Corrector: Bob uses
send 3 times the error majority vote
information

Bob’s Received Decoded

Alice’s Information Codeword Information Information
0 000 000 0
001 0
010 0
100 0
Detect: 11error 111 111 1
011 1
101 1
Correct: 1 error Q(CaSC) / Johanna Sepúlveda 110 1 35
ECC

Repetition Codes
Repeat Repeat Repeat

Unreliable/Noisy Channel

1-Dimensional Space 3-Dimensional Space

Message Codeword
Generator

00101
(Transformation)
000 000 111 000 111
0 000 Valid
codeword
1 111
error

Q(CaSC) / Johanna Sepúlveda 36

ECC

Parity Codes
Parity bit: Makes even
Repeat
the number of 1s
Repeat

Unreliable/Noisy Channel
Odd number of 1s elucidates an error
Generator: Alice will
Corrector: Bob uses
send 2 times the error the number of ones
information

Bob’s Received Decoded

Alice’s Information Codeword Information Information
0 00 00 0
01 X
10 X
Detect: 1 error
1 11 11 1
01 X
10 X
Correct: No
Q(CaSC) / Johanna Sepúlveda 37
ECC

Hamming Codes
Analog to NATO approach

In general:
Unreliable/Noisy Channel
Detect: k-errors when HD ≥ k+1
Correct: k-errors when HD ≥ 2k+1
Hamming Distance (HD): Number of bits that are different between
two bit string

String 1: 1101010
HD= 2
String 2: 1111000
Example:

Detect: 1A error B C D
000 011 101 110
HD= 2 HD= 2 HD= 2
Correct: Depends on HD
(010): A, B or D Q(CaSC) / Johanna Sepúlveda 38
ECC

Hamming Codes
Hamming Codeword: All bit positions that are power of 2 are
parity (P) bits (1,2,4,8,…), others are data (D) bits

Example: Use the Hamming code to encode the following bit string

10011010
1. Identify the parity and the data positions
P P D P D D D P D D D D

1 2 3 4 5 6 7 8 9 10 11 12

1 0 0 1 1 0 1 0

2. Locate the data bits in the data positions

Q(CaSC) / Johanna Sepúlveda 39

ECC

Hamming Codes
3. Calculate the parity bit. Position gives the check/skip positions
Parity 1: Check 1 bit, skip 1 bit, check 1 bit,.. (1,3,5,7,9,11 = ?,1,0,1,1,1= 0)
Parity 2: Check 2 bits, skip 2 bits, check 2 bits,.. (2,3,6,7,10,11 = ?,1,0,1,0,1= 1)
Parity 4: Check 4 bits, skip 4 bits, check 4 bits,.. (4,5,6,7,12 = ?,0,0,1,0= 1)
Parity 8: Check 8 bits, skip 8 bits, check 8 bits,.. (8,9,10,11,12 = ?,1,0,1,0= 0)

0 Number of 1s is even
1 Number of 1s is odd

P P D P D D D P D D D D

1 2 3 4 5 6 7 8 9 10 11 12

0 1 1 1 0 0 1 0 1 0 1 0

Q(CaSC) / Johanna Sepúlveda 40

ECC

Hamming Codes: Decoding and Correction

error
P P D P D D D P D D D D

1 2 3 4 5 6 7 8 9 10 11 12

0 1 1 1 0 0 1 0 1 1 1 0

1. Calculate the parity bit and compare with the embedded value in the codeword
Calculate Parity 1: 1,3,5,7,9,11 = ?,1,0,1,1,1= 0 = Parity 1 in the codeword
Calculate Parity 2: 2,3,6,7,10,11 = ?,1,0,1,1,1= 0; Parity 2 in the codeword = 1
Calculate Parity 4: 4,5,6,7,12 = ?,0,0,1,0= 1 = Parity 4 in the codeword
Calculate Parity 8: 8,9,10,11,12 = ?,1,1,1,0= 1; Parity 8 in the codeword = 0

2. Calculate the position of the error bit

P2, P8 are wrong

Error position= 2+8 = 10
Q(CaSC) / Johanna Sepúlveda 41
Section 3

LINEAR CODES

Q(CaSC) / Johanna Sepúlveda 42

Linear Codes

Linear Codes: Generator Matrix G

 G is a matrix that express the transformation from a
message to a valid codeword

Generator Matrix
𝑤 = 𝑚𝐺
Codeword
(high dimension)
Message vector
(low dimension)

 Gkxn is the generator matrix of the linear code [n,k,d]q

 n: Length of the codeword
 k: Information bits
 d: Minimum distance of the code
 q: Size of the finite field (binary q=2)
Q(CaSC) / Johanna Sepúlveda 43
Linear Codes

Linear Codes: Parity Matrix H

 H is a matrix that describes the linear relations that the
components of a codeword must satisfy in order to be
valid (useful to correct errors)

Parity Matrix
0 = 𝑤𝑇 𝐻
Syndrome
0: Valid codeword
Otherwise: invalid codeword

Codeword transponse
(column)

 H has columns with every possible combination of 1s

(except column full of 0s)

Q(CaSC) / Johanna Sepúlveda 44

Linear Codes

Linear Codes: Parity Matrix H (Example)

 Hamming code (4 to 7)

Message abcd
Parity bits xyz
P P D P D D D

1 2 3 4 5 6 7

x y a z b c d

𝑥 = 𝒂⨁𝒃⨁𝒅
𝑦 = 𝒂⨁𝒄⨁𝒅
𝑧 = 𝒃⨁𝒄⨁𝒅
Q(CaSC) / Johanna Sepúlveda 45
Linear Codes

Linear Codes: Generator Matrix G (Example)

𝑤 = 𝑚𝐺 𝐺𝑘𝑥𝑛
k: Information bits
n: length of the codeword

Matrix G
x y z
1 0 0 0 1 1 0
𝑤 = 𝒂𝒃𝒄𝒅 0 1 0 0 1 0 1
0 0 1 0 0 1 1
0 0 0 1 1 1 1

𝑥 = 𝒂⨁𝒃⨁𝒅
Identity Matrix 𝑦 = 𝒂⨁𝒄⨁𝒅
𝑧 = 𝒃⨁𝒄⨁𝒅
Q(CaSC) / Johanna Sepúlveda 46
Linear Codes

Linear Codes: Parity Matrix H (Example)

Message abcd
 Hamming code (4 to 7) Parity bits xyz
Number of columns =
Codeword size (7)
x y a z b c d 𝑥 = 𝒂⨁𝒃⨁𝒅
𝑦 = 𝒂⨁𝒄⨁𝒅
1 0 1 0 1 0 1 𝑧 = 𝒃⨁𝒄⨁𝒅

𝐻= 0 1 1 0 0 1 1
0 0 0 1 1 1 1
Number of rows = a b c d x y z
Number parity bits (3)
1 1 0 1 1 0 0
Systematic 1 0 1 1 0 1 0
representation 0 1 1 1 0 0 1
[I] Q(CaSC) / Johanna Sepúlveda 47
Linear Codes

Linear Codes: Syndrome

𝐻𝑤𝑇=0
𝐻(𝑤 + 𝑒)𝑇= 𝐻𝑤𝑇 + 𝐻𝑒𝑇 = 0+ 𝐻𝑒𝑇
𝒂
a b c d x y z 𝒃
1 1 0 1 1 0 0 𝒄 0
1 0 1 1 0 1 0 . 𝒅 = 0
0 1 1 1 0 0 1 𝒙 0
𝒚
𝒛
 Syndrome vector ONLY depends on the error, never on
the codeword
Q(CaSC) / Johanna Sepúlveda 48
Linear Codes

Linear Codes: Syndrome

𝐻𝑤𝑇=0
𝐻(𝑤 + 𝑒)𝑇= 𝐻𝑤𝑇 + 𝐻𝑒𝑇 = 0+ 𝐻𝑒𝑇
𝒂
a b c d x y z 𝒃
1 1 0 1 1 0 0 𝒄 0
1 0 1 1 0 1 0 . 𝒅 = 0
0 1 1 1 0 0 1 𝒙 0
𝒚
𝒛
 Syndrome vector ONLY depends on the error, never on
the codeword (identifier of the bit with an error)
Q(CaSC) / Johanna Sepúlveda 49
Linear Codes

Linear Codes: Challenge

 Using the following H matrix
1 1 1 0 1 0 0
0 1 1 1 0 1 0
1 1 0 1 0 0 1
a) Encode 1011

b) Decode 1100010

c) Decode 1110010

d) Decode 1011101

Q(CaSC) / Johanna Sepúlveda 50

Section 4

CODE HARD PROBLEMS AND

CRYPTOGRAPHY

Q(CaSC) / Johanna Sepúlveda 51

Crypto

Hard Problems in Coding Theory

 General Decoding (GD) Problem: Given an [n, k] code C over Fq,
an integer t0 and a vector c ∈ 𝐹𝑞𝑛
Find a valid codeword w with d(w, c) ≤ t0
From a black point to the closest blue point (valid codeword)

 Syndrome Decoding (SD) Problem: Given a matrix H and a vector

s, both over Fq, and a nonnegative integer t0;
Find a vector x ∈ 𝐹𝑞𝑛 with Hamming weight wt(x) = t0 such that
HxT = sT
NP-complete
Hamming Weight= Number of ones in a string (Search Problem)

 Goppa Parameterized Syndrome Decoding (GPSD): Given a

matrix H of size 2m×r and a syndrome s, decide whether there
exists a codeword x of weight r/m such that
HxT = sT
NP-complete (Decisional Problem)
Q(CaSC) / Johanna Sepúlveda 52
Crypto

Hard Problems in Coding Theory

 Goppa Code Distinguishing (GD): Given an H of size r×n, decide
whether H is the parity check matrix of a Goppa code

(Decisional Problem)

In 2013, it was showed that “high rate” binary Goppa codes can be
distinguished from random linear codes. However it does not work at

• 8 errors for n = 1024 (where McEliece used 50 errors)

• 20 errors for n = 8192 (a variant of classic McEliece).

Q(CaSC) / Johanna Sepúlveda 53

Crypto

Code-Based Cryptosystems
Codes

McEliece Niederreiter

• G of the Goppa Code is hidden 𝑮 • m: Random, small weighted error vector

(scrambling, permuting)
• Public key: H of Generalized Reed
• Public key: 𝑮 Salomon Codes (GRSC)
• Encrypt: Encode m with 𝑮 and add an • Encrypt: Encode m with Public key
error • Decrypt: Decoding the Ciphertext
• Decrypt: Decoding the Ciphertext
(Signatures, Fast)

Quasi-cyclic
Quasi-cyclic (QC)
Low Desity Parity Check
codes
(QC-LDPC) Q(CaSC) / Johanna Sepúlveda 54
Crypto

Code-Based Cryptosystems

Classic McEliece
Goppa BIKE
Short Hamming (MDPC)

NTS-KEM HQC
Goppa Short Hamming

LEDACrypt
Short Hamming (LDPC)
Rollo
LowLow Rank
Rank (LRPC)
RQC
Low Rank

Q(CaSC) / Johanna Sepúlveda 55

Crypto

Code-Based Cryptosystems: Performance

Q(CaSC) / Johanna Sepúlveda 56

Crypto

Identify Operations

Polynomial Multiplication

Matrix Addition Schoolbook

Polynomial square/
square root

Discrete Sampling

Uniform Binomial Modular Reduction

Gaussian Trinary

Q(CaSC) / Johanna Sepúlveda 57

Section 6

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 58

Tasks

Summary: Code-Based Cryptography

 Code-based cryptosystems are very robust. Their

problems has been widely studied (1978)

 Code-based cryptography is based on different hard

code problems (GDP, SDP, GPSD, GD)

 Different constructions are possible (PKC, Signatures),

but PKC/KEM are more popular

 Code-based used a huge public key. Structured codes

can decrease this size, but may influence the security.
Q(CaSC) / Johanna Sepúlveda 59
Tasks

McEliece Encryption
https://arxiv.org/pdf/1907.12754.pdf

Answer Quiz

ONLY Section 5 (pages 26-32) with the description of the protocol and the example.

Q(CaSC) / Johanna Sepúlveda 60

Tasks

Additional Links

Matrix calculator
 https://www.mathsisfun.com/algebra/matrix-calculator.html

Implementation Codes
 Code-based Cryptography: Implementing the McEliece Scheme on
Recongurable Hardware (Pages 37 - 48)
https://www.emsec.ruhr-uni-
bochum.de/media/crypto/attachments/files/2010/04/da_heyse.pdf

Code-based Implementation (video)

 https://www.youtube.com/watch?v=FZBnox3MsUQ

Q(CaSC) / Johanna Sepúlveda 61

Tasks

Next Lecture

Third Block

 Post Quantum Security Post-Quantum

Cryptography
(PQC)
HASH-BASED CRYPTOGRAPHY Main Principles
Families and Types
Main Components
Standard
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 62

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda
Quantum Computers and
Quantum Secure Communications

Johanna Sepúlveda, Ph.D.

[email protected]

Q(CaSC) / Johanna Sepúlveda 1

Goal Today‘s Lecture

Summary of Previous Lecture

Hash

Hash-based Construction

NIST: Third Round

Summary and Tasks

Q(CaSC) / Johanna Sepúlveda 2
Section 1

SUMMARY OF PREVIOUS LECTURE

Q(CaSC) / Johanna Sepúlveda 3

Summary

PQC: Comparison

Code-based Hash-based Multivariate Isogeny Lattice-based

(e.g. Merkle (e.g. NTRU, LWE, RLWE)
(e.g. McEliece, Rollo) (e.g. Rainbow, LUOV) (e.g. SIKE)
Hash-trees)

Pros: Pros: Pros: Pros: Pros:

Cons: Cons: Cons: Cons: Cons:

Error Correcting Codes

Errors

Message Encoding Scheme

Codeword
(Sourcecode)
Generator
(Transformation) High dimensional state

Valid
codeword
Decoding Scheme
Message
Correction rules

Invalid
codeword
Codespace
Q(CaSC) / Johanna Sepúlveda 5
Summary

Linear Codes: Generator Matrix G

❑ G is a matrix that express the transformation from a
message to a valid codeword

Generator Matrix

Codeword
(high dimension)
Message vector
(low dimension)

❑ Gkxn is the generator matrix of the linear code [n,k,d]q

▪ n: Length of the codeword
▪ k: Information bits
▪ d: Minimum distance of the code
▪ q: Size of the finite field (binary q=2)
Q(CaSC) / Johanna Sepúlveda 6
Summary

Linear Codes: Parity Matrix H

❑ H is a matrix that describes the linear relations that the
components of a codeword must satisfy in order to be
valid (useful to correct errors)

Parity Matrix

Syndrome
0: Valid codeword
Otherwise: invalid codeword

Codeword transponse
(column)

❑ H has columns with every possible combination of 1s

(except column full of 0s)

Q(CaSC) / Johanna Sepúlveda 7

Summary

Hard Problems in Coding Theory

Q(CaSC) / Johanna Sepúlveda 8

Summary

Hard Problems in Coding Theory

❑ Goppa Code Distinguishing (GD): Given an H of size r×n, decide
whether H is the parity check matrix of a Goppa code

(Decisional Problem)

In 2013, it was showed that “high rate” binary Goppa codes can be
distinguished from random linear codes. However it does not work at

• 8 errors for n = 1024 (where McEliece used 50 errors)

• 20 errors for n = 8192 (a variant of classic McEliece).

Q(CaSC) / Johanna Sepúlveda 9

Summary

Code-Based Cryptosystems
Codes

McEliece Niederreiter

• m: Random, small weighted error vector

• Public key: H of Generalized Reed
Salomon Codes (GRSC)
• Encrypt: Encode m with Public key
• Decrypt: Decoding the Ciphertext

(Signatures, Fast)

Quasi-cyclic
Quasi-cyclic (QC)
Low Desity Parity Check
codes
(QC-LDPC) Q(CaSC) / Johanna Sepúlveda 10
Summary

Code-Based Cryptosystems

Classic McEliece
Goppa BIKE
Short Hamming (MDPC)

NTS-KEM HQC
Goppa Short Hamming

LEDACrypt
Short Hamming (LDPC)
Rollo
LowLow Rank
Rank (LRPC)
RQC
Low Rank

Q(CaSC) / Johanna Sepúlveda 11

Summary

Identify Operations

Polynomial Multiplication

Matrix Addition Schoolbook

Polynomial square/
square root

Discrete Sampling

Uniform Binomial Modular Reduction

Gaussian Trinary

Q(CaSC) / Johanna Sepúlveda 12

Summary

We are Ready to Start..

Post-Quantum
Cryptography
Main Principles
Families and Types
Standard
Main Components
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 13

Section 2

HASH

Q(CaSC) / Johanna Sepúlveda 14

Hash

Hash Function

Message Hash Hash value/

Digest
(Arbitrary size) Function (Fix size)

1 1 0 1 1 1 0

1 0 0 1 1 0 1 1 0 0

1 0 1 1 0 1 1 0 0

1 0 1 1 1 1 1 1 1
Q(CaSC) / Johanna Sepúlveda 15
Hash

Hash Function Properties

A function that maps a bit string of arbitrary length to a
fixed length bit string

Properties/Security bounds:
Collision resistance: It is computationally infeasible to find
any two distinct inputs that map to the same output

Preimage resistance/One way: It is infeasible to generate a

message that yields a given hash value

Second preimage resistance/weak collision resistance:

Given a message x, it is difficult to find a message z such
that hash(x) = hash(z)
Q(CaSC)
Does not rely on hard problems, / Johanna
instead Sepúlveda
they should meet the security bounds 16
Hash

Hash Function Properties

f Collision Resistance

D f
R
y
x
f
z
f -1

Preimage Resistance f -1
Second
Preimage Resistance

Q(CaSC) / Johanna Sepúlveda 17

Hash

Hash Function Properties

Easier to
Stronger break

Collision Resistance
Assumptions

Security

Second
Preimage Resistance

Preimage Resistance Pseudorandom

Weaker Harder
to break
Q(CaSC) / Johanna Sepúlveda 18
Section 3

HASH-BASED CONSTRUCTION

Q(CaSC) / Johanna Sepúlveda 19

Hash PQC

Traditional Signatures

Intractability Cryptographic Hash

Assumption Function

Factoring, discrete
logarithmic, SVP, ..

Digital Signature

Intractability assumption (hard problem): assume the existence of some

puzzle, whose hard instances are easy to generate but no efficient algorithm
can solve them
Q(CaSC) / Johanna Sepúlveda 20
Hash PQC

One-Time Signature (OTS)

Message
(plaintext)
Hashed
Function
Encryption Message
Secret
(key)

Signature scheme that uses a key pair for

signing a single message… Otherwise, an attacker is
able to reveal more parts of the private key and spoof
signatures

Q(CaSC) / Johanna Sepúlveda 21

Hash PQC

Leslie Lamport and Whitfield Diffie (1979)

If 0 publish x
If 1 publish y

Sign message 001

x y

h(x) h(y)

Q(CaSC) / Johanna Sepúlveda 22

Hash PQC

Winternitz OTS

Private key x

h(x)

h(h(x)) Published to sign 2

Public key
h(h(h(x)))

Many key pairs are needed to sign lots of messages, and therefore some kind of key
management is required. A solution to cope with this situation was proposed by
Ralph Merkle in 1979
Q(CaSC) / Johanna Sepúlveda 23
Hash PQC

Merkle Tree Root

Parent

Child Siblings

Tree structure in which leaf node is a hash of a block of data and

each non-leaf node is a hash of its children
Security is based entirely on assumptions about the security of
the underlying hash function
Q(CaSC) / Johanna Sepúlveda 24
Hash PQC

Merkle Tree Properties

Properties of a perfect Merkle binary tree

2n Number of leaves (L)

Each node has 0 or 2 children

All sibling leaves are on the same level

Number of leaves

Number of nodes Number of levels

Q(CaSC) / Johanna Sepúlveda 25
Hash PQC

Merkle Tree Properties

Level 1
Level 1

L=1 Level 2

N=1
V=1 L=2
N=3
V=2
Level 1

Level 2

L=?
Level 3
N=?
V=?

If you have a L= 16, whichQ(CaSC)

is the /value ofSepúlveda
Johanna N and of V? 26
Hash PQC

Merkle Signature Scheme (MSS)

In the MSS verification keys are hashed and build the leaves of
the tree

Neighbouring children are concatenated and then hashed to build

the parent node

The root of the tree represents the public key of the scheme

A signature is generated by applying the private key of an OTS

scheme

Q(CaSC) / Johanna Sepúlveda 27

Hash PQC

Merkle Signature Scheme (MSS)

Merkle Tree
Root node M03=
H(M01+M23)

M01= M23=
Hash function H(M0+M1)
Nodes H(M2+M3)

Leaf Nodes M0= H(m0) M1= H(m1) M2= H(m2) M3= H(m3)

Data m0 m1 m2 m3

Q(CaSC) / Johanna Sepúlveda 28

Hash PQC

Advantage of Merkle Tree

When we use a chain of hashes…

Root

Hash M0 M1 M2 M3 M4 M5 M6 M7

Data m0 m1 m2 m3 m4 m5 m6 m7

My data is not
tampered!

Alice Bob
Q(CaSC) / Johanna Sepúlveda 29
Hash PQC

Advantage of Merkle Tree

Alice wants to proof that m6 is not tampered (using a chain of hashes)…

Alice Bob

Sends m2, hashes and root

Hash m2
Appends other hashes (7)
Calculate root (calculated)
Compare root (calculated, received)

If roots match, the information was not tampered

Q(CaSC) / Johanna Sepúlveda 30
Hash PQC

Advantage of Merkle Tree

Alice wants to proof that m6 is not tampered (using a Merkle)…

M07

M03 M47

M01 M23 M45 M67

M0 M1 M2 M3 M4 M5 M6 M7

m0 m1 m2 m3 m4 m5 m6 m7

Q(CaSC) / Johanna Sepúlveda 31

Hash PQC

Advantage of Merkle Tree

•Verification key
•Path to the root

Alice wants to proof that m6 is not tampered (using a chain of hashes)…

Alice Bob

Key Generation:
Generate N private, public key pairs (Xi, Yi)

Calculate hash hi= H(Yi )

Build the tree with the hi

Private key: (Xi, Yi)

Public key: Root of the tree

Q(CaSC) / Johanna Sepúlveda 32

Hash PQC

Advantage of Merkle Tree

• Verification key
• Path to the root

Alice wants to proof that m6 is not tampered (using a chain of hashes)…

Alice Bob

Sends m2, parent hashes and root

Hash m2
Appends other hashes
Calculate root (calculated)
Compare root (calculated, received)

Merkle tree provides integrity and validity using a small

amount
Q(CaSC) ofSepúlveda
/ Johanna data 33
Hash PQC

Advantage of Merkle Tree

• Verification key
• Path to the root

Alice wants to proof that m6 is not tampered (using a chain of hashes)…

Alice Bob

Verification of the signature: Bob build the leave and

reach the root of the tree using the authentication path.

(root is already known to the verifier as the public key)

p air
y re
ke atu
w
Ne r sig
n Stateful hash-based Stateless hash-based
pe signature Q(CaSC) / Johanna Sepúlveda signature 34
Hash PQC

MSS Considerations

For each new signature generated the next key pair must be used

MSS is a stateful scheme: the index of the used key pair (respectively
leaf) of the MSS tree must be stored

Slow runtimes and large key and signature sizes

• It was not used since RSA were easier to implement
• Post-quantum nature turns hash-based crypto interesting again

Improvements in the implementation:

Signature generation is much faster thanks to the use of

pseudo-random number generators
Stateful hash-based
The construction of large trees is easier signature

Extended Merkle Signature Scheme (XMSS) PQC NIST candidate

Q(CaSC) / Johanna Sepúlveda 35
Hash PQC

XMSS

Winternitz OTS
Q(CaSC) / Johanna Sepúlveda 36
Hash PQC

XMSS Implementation

Simple implementation, but requires large memories

Q(CaSC) / Johanna Sepúlveda 37
Hash PQC

Sphincs+: Hyper-Tree Construction

Stateless hash-based
signature

Uses few-time signature

scheme
(smaller parameters)

Based on publicly
verifiable index selection

Steps: Few-Time Signature

Select FTS
Sign message with FTS
Build parent tree
Use tree to sign the pk

Q(CaSC) / Johanna Sepúlveda 38

Hash PQC

Sphincs+: FORS - Forest of Random Subsets

100 010 011

001 110 111

FORS signature with k = 6 and L = 3, for the

message 100 010 011 001 110 111
Q(CaSC) / Johanna Sepúlveda 39
Section 4

NIST: THIRD ROUND

Q(CaSC) / Johanna Sepúlveda 40

NIST

NIST Post-Quantum Candidates

Code Hash Multivariate Isogeny Lattice

First NIST
18 3 9 2 32
Round
Second NIST
7 2 4 1 12
Round
Third NIST
Round 1 - 1 - 5
(Finalists)
Third NIST
Round 2 1 2 1 2
(Alternate)

NIST Competition

Q(CaSC) / Johanna Sepúlveda 41

NIST

PQC Taxonomy

Stateless
hash-based
signature

Q(CaSC) / Johanna Sepúlveda 42

Section 5

SUMMARY AND TASKS

Q(CaSC) / Johanna Sepúlveda 43

Tasks

Summary: Hash-Based Cryptography

Hash-based cryptosystems can be used for quantum

safe signatures. Their problems has been widely
studied (1979)

Hash-based cryptography is based on different

security boundaries (CR, PIR, SPIR)

We only can sign! KEMs are not possible

Q(CaSC) / Johanna Sepúlveda 44

Tasks

Next Lecture

Third Block

Post-Quantum
Cryptography
Summary / Q&A (PQC)
Main Principles
Families and Types
Main Components
Standard
Secure implementation
Use cases

Q(CaSC) / Johanna Sepúlveda 45

Thank you.
See you soon!
Q(CaSC) / Johanna Sepúlveda

Slides Dan+tanja 20220825 Pqcrypto 16x9
No ratings yet
Slides Dan+tanja 20220825 Pqcrypto 16x9
57 pages
Introduction To Classical and Quantum Computing 1e4p
No ratings yet
Introduction To Classical and Quantum Computing 1e4p
400 pages
Alarm Problem
No ratings yet
Alarm Problem
4 pages
Introduction To Quantum Computing
No ratings yet
Introduction To Quantum Computing
131 pages
Introduction To Quantum Computing For Business
No ratings yet
Introduction To Quantum Computing For Business
178 pages
Introduction To Quantum Technology
100% (1)
Introduction To Quantum Technology
8 pages
Post-Quantum Security Opportunities and Challenges
No ratings yet
Post-Quantum Security Opportunities and Challenges
26 pages
Gokul Sai R:-1GA17EC041 Harshitha H R: - 1GA17EC049 Gowrav S: - 1GA17EC042 Amogh R: - 1GA17EC013 Bhoomika S S:-1GA17EC019
100% (1)
Gokul Sai R:-1GA17EC041 Harshitha H R: - 1GA17EC049 Gowrav S: - 1GA17EC042 Amogh R: - 1GA17EC013 Bhoomika S S:-1GA17EC019
14 pages
Foundations of Quantum Technologies 2025
No ratings yet
Foundations of Quantum Technologies 2025
1 page
A Quantum Review - Cyber Security and Emerging Technologies
No ratings yet
A Quantum Review - Cyber Security and Emerging Technologies
4 pages
1 - Introduction To Quantum Computing
0% (1)
1 - Introduction To Quantum Computing
34 pages
Quantum Cryptography
No ratings yet
Quantum Cryptography
18 pages
Quantum Computing An Applied Approach by Jack D. Hidary Ebook All Chapters PDF
No ratings yet
Quantum Computing An Applied Approach by Jack D. Hidary Ebook All Chapters PDF
24 pages
Quantum Computation
100% (1)
Quantum Computation
51 pages
Cryptography and Network Security-Ppt-1 (Autosaved) .PPTM
No ratings yet
Cryptography and Network Security-Ppt-1 (Autosaved) .PPTM
28 pages
Introduction To Quantum Computers
No ratings yet
Introduction To Quantum Computers
79 pages
Report
No ratings yet
Report
74 pages
Quantum Technology
No ratings yet
Quantum Technology
2 pages
Quantum Machine Learning and Threats To Existing Cryptography
100% (1)
Quantum Machine Learning and Threats To Existing Cryptography
20 pages
Portfolio
No ratings yet
Portfolio
42 pages
NAND NOR Implementation
50% (2)
NAND NOR Implementation
3 pages
Lectures Notes On Quantum Computing and Quantum Information
No ratings yet
Lectures Notes On Quantum Computing and Quantum Information
187 pages
GDC EMEA Whitepaper Quantum-Computing EN
No ratings yet
GDC EMEA Whitepaper Quantum-Computing EN
17 pages
Quantum Computing Demystified
No ratings yet
Quantum Computing Demystified
16 pages
Quantum Computing
No ratings yet
Quantum Computing
9 pages
Authentication and Key Agreement Based On Anonymous Identity For Peer-To-Peer Cloud
0% (1)
Authentication and Key Agreement Based On Anonymous Identity For Peer-To-Peer Cloud
7 pages
Switching Theory Architecture and Performance in Broadband ATM Networks
100% (1)
Switching Theory Architecture and Performance in Broadband ATM Networks
424 pages
32 New Seminar Topics On Future Technology - 2019-2055
No ratings yet
32 New Seminar Topics On Future Technology - 2019-2055
51 pages
Module 3 - Quantum Computation 1
No ratings yet
Module 3 - Quantum Computation 1
10 pages
Institute of Engineering & Management
100% (1)
Institute of Engineering & Management
18 pages
Classical and Quantum Computing With C++ and Java Simulations
100% (1)
Classical and Quantum Computing With C++ and Java Simulations
606 pages
(IMF Working Papers) Quantum Computing and The Financial System - Spooky Action at A Distance
No ratings yet
(IMF Working Papers) Quantum Computing and The Financial System - Spooky Action at A Distance
14 pages
Post Quantum Cryptography
No ratings yet
Post Quantum Cryptography
27 pages
Intro To QMLand QNN
No ratings yet
Intro To QMLand QNN
13 pages
Amira Abbas: Quantum Computing Lecture at Wits University PDF
No ratings yet
Amira Abbas: Quantum Computing Lecture at Wits University PDF
102 pages
Quantum Computing Cyber Security 1689695783
No ratings yet
Quantum Computing Cyber Security 1689695783
12 pages
Quantum Computing in Banking - Indian
No ratings yet
Quantum Computing in Banking - Indian
5 pages
Lecture Notes-Cns by Suthoju Girija Rani
100% (1)
Lecture Notes-Cns by Suthoju Girija Rani
163 pages
Siminar Saja
No ratings yet
Siminar Saja
29 pages
Quantum Computing Lecture Notes Another Set
No ratings yet
Quantum Computing Lecture Notes Another Set
105 pages
Quantum Key Distribution: A Revolutionary Security Technology
No ratings yet
Quantum Key Distribution: A Revolutionary Security Technology
8 pages
Interoperability in Internet of Things: Dr. Sudip Misra
No ratings yet
Interoperability in Internet of Things: Dr. Sudip Misra
25 pages
Artificial Neural Networks: Part 1/3
No ratings yet
Artificial Neural Networks: Part 1/3
25 pages
Superconducting Quantum Circuits, Qubits and Computing
No ratings yet
Superconducting Quantum Circuits, Qubits and Computing
60 pages
Unit 4 AI Notes
No ratings yet
Unit 4 AI Notes
18 pages
Ethics of Quantum Computing: An Outline
No ratings yet
Ethics of Quantum Computing: An Outline
22 pages
Opportunities For Explainable Artificial Intelligence in Aerospace Predictive Maintenance
No ratings yet
Opportunities For Explainable Artificial Intelligence in Aerospace Predictive Maintenance
12 pages
Ai Chapter1
No ratings yet
Ai Chapter1
24 pages
Digital Electronic Circuits: Goutam Saha
No ratings yet
Digital Electronic Circuits: Goutam Saha
13 pages
Quantum Computing
No ratings yet
Quantum Computing
14 pages
Quantum Computer Essay
No ratings yet
Quantum Computer Essay
4 pages
Abdulla
No ratings yet
Abdulla
19 pages
Quantum Computing
No ratings yet
Quantum Computing
2 pages
Quantum Computing Books
No ratings yet
Quantum Computing Books
1 page
Quantum Computing
No ratings yet
Quantum Computing
33 pages
Lecture Notes On Quantum Algorithms
No ratings yet
Lecture Notes On Quantum Algorithms
174 pages
A Review of Quantum Cybersecurity Threats Risks and Opportunities
No ratings yet
A Review of Quantum Cybersecurity Threats Risks and Opportunities
8 pages
Quantum Cryptography and Quantum Computation: Network Security Course Project Report
No ratings yet
Quantum Cryptography and Quantum Computation: Network Security Course Project Report
16 pages
Post-Quantum Secure Boot - July 2024
No ratings yet
Post-Quantum Secure Boot - July 2024
16 pages
Substitution Ciphers
No ratings yet
Substitution Ciphers
38 pages