對公鑰加密和量子安全解決方案的威脅.pdf

1、#CiscoLive#CiscoLiveStephen DiAdamo,Research ScientistBRKETI-1302Threats to Public Key Cryptography and Quantum-Secure Solutions 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the sp

2、eaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affil

3、iates.All rights reserved.Cisco PublicBRKETI-1302Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public1.Preliminaries2.Quantum Threats to Cryptography3.Quantum-Secure Solutions4.Options for Quantum Network Deployment5.ConclusionBRKETI-13024 2023 Cisco and/or its affiliates.All rig

4、hts reserved.Cisco Public#CiscoLiveBiography5Research Scientist at Cisco Quantum LabFrom Canada,living in GermanyPhD in quantum networkingResearch Focuses:Quantum networksQuantum information theoryDistributed quantum computing Simulation tools for quantum networksBRKETI-1302Communication Networks 20

5、23 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommunication Networks7BRKETI-1302A system that allows for the exchange of information between multiple devices or nodesIncludes components such as routers,switches,and transmission lines to transfer data between different poin

6、ts in the networkCommunication networks can be used for various applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Internet8BRKETI-1302A global communication networkIt uses various standardized communication protocols to facilitate the transfer of data 2023 C

7、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecurity on the Internet9BRKETI-1302Encryption based on cryptography and authentication protocols are used to secure dataFirewalls and intrusion detection systems are also used to protect network access Cryptography 2023 Cisco and/

8、or its affiliates.All rights reserved.Cisco Public#CiscoLiveCryptography11BRKETI-1302The study of sending secret messages in the presence of adversariesCommonly done with“private”or“public”keysSecurity can be added using tamper-detecting methods 2023 Cisco and/or its affiliates.All rights reserved.C

9、isco Public#CiscoLiveKey-Based Cryptography12BRKETI-1302Uses a key,or several keys,to encrypt dataMostly split into public and private key cryptographyIs widely used for securing online communication 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrivate Key Cryptography

10、13BRKETI-1302 Private keys are known only to the communicating parties When all parties share the same key,it is known as a symmetric key Distribution is difficult and often requires meeting in person or using a trusted courier 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL

11、ivePublic Key Cryptography 14BRKETI-1302 The study of cryptographic protocols that work using public keys Public keys are generally paired with a private key Main type of cryptography for the Internet,one popular scheme is RSALets talk!2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

12、c#CiscoLiveRSA-Based Public Key Cryptography15BRKETI-1302 The RSA algorithm generates a pair of keys,one for encryption and one for decryption The keys are generated using a complex mathematical formula that involves selecting two large prime numbers and using them to generate the keys Breaking RSA

13、requires the ability to perform prime factorizationQuantum Information Basics 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQubits and Photons17BRKETI-1302 A qubit is the basic unit of quantum information A qubit can be in a superposition of binary states,meaning it can

14、represent both 0 and 1 at the same time Qubits can be entangled,a property where the state of one qubit is dependent on the state of another qubit 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQubit Manipulation and Measurement18BRKETI-1302 Qubit state manipulation is th

15、e ability to prepare and control the state of a qubit Can be done through applying quantum gates or manipulating the systems environment A quantum measurement extracts information from a bit The measurement process can collapse the quantum state of the system,revealing a classical output result 2023

16、 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuantum States Cannot be Copied19BRKETI-1302 It is impossible to create an identical copy of an arbitrary unknown quantum state The act of measuring the state would necessarily disturb a superposition The no cloning theorem plays

17、 a crucial role in the security of quantum cryptography protocols 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEntanglement20BRKETI-1302 A phenomenon where two or more qubits become correlated even when physically separated Allows protocols to perform correlated operati

18、ons Maintaining entanglement is a major challenge in quantum information science due environmental sensitivity 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveComputing with Qubits21BRKETI-1302 The act of using qubits and quantum phenomena to perform computation Quantum co

19、mputers use“superposition”and“entanglement”to compute many answers at once,but only one answer can be extracted at a time Quantum computers are difficult to build and will require many innovationsThreats to Public Key Cryptography 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cis

20、coLiveQuantum Threat to Public Key Cryptography23BRKETI-1302Prime factorization is difficult to perform on classical computersPeter Shor invented a quantum algorithm that can perform prime factorization efficientlyThe threat of Shors algorithm has created the field of“Post-Quantum Cryptography”Post-

21、Quantum Cryptography is cryptography under the assumption that adversaries have quantum computers(sometimes even unlimited computational power)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveShors AlgorithmA quantum algorithm that can efficiently factor large numbers into

22、their prime factorsFirst prepares a superposition of all possible inputs,then applies a quantum Fourier transform to the superpositionHas the potential to be exponentially faster than classical algorithms for prime factorization24BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco

23、 Public#CiscoLiveIs Shors Algorithm Really a Threat?To perform Shors algorithm may require millions of qubits with full quantum error correction Error corrected quantum computers are predicted to be 20-50 years away,so why bother worrying about this now?25BRKETI-1302 2023 Cisco and/or its affiliates

24、.All rights reserved.Cisco Public#CiscoLiveWhy care about Shors Algorithm?Generally,it requires(at least)a 10-year buffer between when a new cryptographic protocol is invented and when it can be deployed wide-scaleCan eavesdrop on communication now,store the data,and in 50 years,decrypt the informat

25、ion when ECd quantum computers exist26BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat should we do?27BRKETI-1302Continue efforts on quantum-secure security including both QKD and PQCPrepare for a change in encryption algorithmsCollaborate Develop test beds

26、Quantum-Secure Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA Brief Overview of Post-Quantum CryptoA type of“classical”cryptography designed to be resistant to attacks by quantum computersCan uses lattice-based cryptography that is believed to be hard even for

27、quantum computers to solve29BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDownsides of Post-Quantum Crypto30BRKETI-1302Added computational complexityCan have larger key sizesNo proof of security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

28、c#CiscoLiveQuantum Key Distribution31BRKETI-1302Uses properties of quantum mechanics to ensure no eavesdropper is present during key exchangeRelies on entanglement being“monogamous”and the“no-cloning”theoremAlready sold as a commercial product110010001 2023 Cisco and/or its affiliates.All rights res

29、erved.Cisco Public#CiscoLiveProtocols for Quantum Key Distribution32BRKETI-1302Entanglement based protocols 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBB8433BRKETI-130233BRKETI-13021)Generate 2 random binary strings:Ba and K2)When Ba,i=0,use the Z basis to prepare Ki,

30、otherwise use the X basis.3)When all bits are transmitted,reveal Ba to BobAliceBob1)Generate 1 random binary string:Bb2)When Bb,i=0,measure the incoming qubit in the Z basis,otherwise measure in the X basis3)When Alice reveals Ba,respond with the indexes that matched with Bb 2023 Cisco and/or its af

31、filiates.All rights reserved.Cisco Public#CiscoLiveBB8434BRKETI-130234BRKETI-1302SPSSPDSPDSPDSPDOSBSBS|-110010|1|+|0|-|+BaKBb 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePros and Cons of QKDProvably secure theoreticallyIn practice,information can leak from“side-channel

32、s”Human error is not considered in the proof of QKDQKD is possible with todays Internet technology,where no other PQC has been shown to have the same security35BRKETI-1302Deploying Quantum Networks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow can quantum states be t

33、ransferred?37BRKETI-13021.Directly sending the state over a quantum channel 2.Using quantum entanglement to teleport the quantum state|0|0H|ZMM 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuantum Network Hardware ComponentsQuantum transmitters:Quantum transmitters:Gene

34、rate and send quantum states,such as single photons,through optical fibers or free space.Quantum receivers:Quantum receivers:Detect and measure the quantum states sent by the transmitterQuantum memories:Quantum memories:Store quantum states for a short period of time,allowing for the synchronization

35、 of quantum communication protocols.Classical communication infrastructure:Classical communication infrastructure:A quantum network also requires classical communication infrastructure to coordinate and control the quantum components.38BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved

36、.Cisco Public#CiscoLiveSending Classical Information39BRKETI-1302LaserReceiver 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSending Classical Information40BRKETI-1302LaserReceiverRepeater 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSending

37、 Quantum Information41BRKETI-1302LaserReceiver 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIssues with Direct Transmission42BRKETI-1302 Direct transmission of quantum states is very lossy Transmitting a quantum state over fiber optic cables is possible only up to a few

38、 hundred KMs In free-space networks(e.g.,satellite)further distances are attainable,but not unlimited Classical methods of amplifying and error correction are possible,new methods are needed to surpass the finite distance limitations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

39、CiscoLiveLong-Range Entanglement Distribution 43BRKETI-1302 Idea:Create entanglement and use quantum teleportation Distributing entanglement over large distances faces the same challenge as direct transmission,but there are key benefits:Entanglement does not contain informationEntanglement swapping

40、to distribute over long distancesBDCAE|2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEntanglement Swapping:Challenges44BRKETI-1302 Probabilistic task that very often fails Requires a high level of synchronization Requires a quantum memory Entanglement swapping is the mos

41、t accessible solution now,other solutions require even more advanced technology 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDirect Transmission-Based Quantum Networks45BRKETI-1302 At smaller scales,a direct transmission-based network integrated into the fiber technolog

42、y can be used Integrating quantum networks with Internet technology leads to a“co-existence network”Packet switching can be used which has many advantages for certain networks types 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive46BRKETI-1302AB Route is reserved Frames ar

43、rive in order1.2.3.4.Circuit Switching 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive47BRKETI-1302 Route is dynamic Frames can arrive out of orderPacket SwitchingAB 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntegrating with Classical Netw

44、orksUsing existing deployed fiber for quantum networks is highly attractiveIt will require a high level of coordination and noise mitigationQuantum and classical routing algorithms will need to be compatible48BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePack

45、et Switching in Quantum Networks49BRKETI-1302 The frames are hybrid classical-quantum data frames Design compatible with both classical and quantum trafficABDiAdamo,Qi,Miller,Kompella,and Shabani.Phys.Rev.Research4 4,043064(2022).2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc

46、oLivePacket-Switched QKD Networks50BRKETI-1302Mandil,DiAdamo,Qi,and Shabani.arXiv preprint arXiv:2302.14005(2023).ABABAABBBBBBAAAA 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePacket-Switched QKD Networks51BRKETI-1302Practical key rates may be achieved without any optic

47、al storage Limited storage time in a fiber delay line can enhance performance QKD in a packet-switched network is feasible with todays technology!Mandil,DiAdamo,Qi,and Shabani.arXiv preprint arXiv:2302.14005(2023).Conclusions 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

48、eSummaryQuantum algorithms can break the public key encryption schemes but building a quantum computer is very challenging QKD and PQC are methods for maintaining security in the era of quantum computingTechniques for long distances transmission cannot be used directly for quantum networksRobust ent

49、anglement generation and manipulation will be critical for a global quantum Internet53BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOutlookQuantum technology is rapidly advancing,and we should be preparing for future security threats nowA likely solution for

50、future security will be a hybrid PQC/QKD model,but is highly specific to the applicationQuantum and classical networks will,in some ways,be unified54BRKETI-1302 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum o

51、f four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!55BRKETI-1302These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Game for every survey

52、completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive#CiscoLive