#	Pagina
attuale pagina	/open-h2020/projects/215466/results.html

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - IDPOQ (Evaluation and implementation of post-quantum cryptographic schemes)

Teaser

Summary

Quantum computers are devices under development that offer an immense computational capability, outperforming all actual and forthcoming classical computers. If practicable, they would have a dreadful impact on the security of our communications. Indeed, quantum computers will be able to solve mathematical problems that are infeasible today, and all currently used cryptographic schemes (i.e. the tools used to provide confidentiality, authentication, and integrity to our communication channels) rely on the hardness of such problems to ensure their robustness. Such a weakening of the security of our telecommunications would impair many aspects of our society, both in the EU and all around the world, from online shopping and financial transactions to military communications and state secrets.

This project aimed at evaluating and analysing the robustness of several cryptographic schemes against attacks led with a quantum computer, and once provably secure ones are found, implementing them. At first, it was focused on a specific family of encryption method, the lattice-based ones, which are among the most promising candidates from the resilience and performance trade-off point of view. The study was finally broadened to the whole spectrum of quantum-safe cryptographic schemes to meet the constrains of internal projects of ID Quantique (the beneficiary, a Swiss company providing quantum-safe cryptographic solutions).

A significant part of the proposal was also devoted to analysing the implementations of some quantum-safe schemes. In the first instance, studies were purely focused on the performance, namely on evaluating the intrinsic and effective efficiency of the scheme, from the speed and memory consumption point of view. The integration of these implementations in the current security software ecosystem rapidly became a major concern, which lead to studying the feasibility and the impact of deploying quantum-safe solutions in existing devices, products and systems.

Work performed

Work performed along this 18 months project has been split between two topics: on one hand we analysed the security and performance of several post-quantum solutions, and on the other hand we studied the feasibility to actually deploy these solutions.

The initial project phase has been devoted to widening the cryptographic background of the researcher. First months of the projects have been spent updating its expertise, not only in quantum security, but more broadly in cyber-security and cryptography, and this both from the academic and industrial point of views. This gain of knowledge materialized when the researcher became a â€œCertified Ethical Hackerâ€ (CEH) in early 2019, a high-level professional qualification in cyber-security.

Regarding the security and performance analysis, efforts have at first been focused on a sub-family of cryptographic solutions, called lattice-based schemes. This family offers the most versatile solution in the post-quantum ecosystem (in the sense that it provides both encryption and signature), while having the most advantageous speed/memory-consumption/security trade-off. The study was then broadened to the whole spectrum of quantum-safe cryptographic schemes to meet the constrains of internal projects and products of ID Quantique (the beneficiary, a Swiss company providing quantum-safe cryptographic solutions). Throughout the project, several cryptographic candidates stood out depending on the constrains to be satisfied. As an example, isogeny-based cryptographic schemes have been found to offer an exceptionally low memory consumption, a criterion crucial in resource-constrained environment encountered in several ID Quantique projects.

During this phase, the researcher participated to several worldwide scientific conferences (PQCrypto 2018, NIST First PQC Standardization conference, â€œCohomology of Arithmetic Groups, Lattices and Number Theory: Geometric and Computational Viewpointâ€ at CIRM), which allowed him to publish an overview of recent trends in post-quantum cryptography in the ID Quantique newsletter. An updated version of this article is expected to be released by the end of 2019, together with a technical report on post-quantum cryptography for the industry. Finally, the research will also lead a series of informal talks within ID Quantique about cryptography and cyber-security.

On the deployment side, work has been driven by one major industry concern: the feasibility of deploying quantum-safe cryptographic material. Indeed, moving from widely deployed security solutions to a brand new one is an impactful decision which raises issues involving many technological and human aspects. Meetings with numerous industrial partners of ID Quantique allowed to exhibit solutions whose deployment cost will manageable, while also offering a progressive transition to replace soon-to-be deprecated cryptographic material. It materialized in several proof-of-concept of usage of quantum-safe solutions in various industrial contexts, but also in an evaluation an transition plan for ID Quantique own products.

Final results

This project allowed to demonstrate that deploying cryptographic material robust against quantum attacks is not an abstract. In fact, with the help of a careful analysis of the needs and constrains of the systems involved, it can be done in a controlled way, with managed costs and impacts. Such a transition can even be performed gradually, supplementing exsistings material rather than totally replacing it. We hope that this project will serve as a concrete exemple of usage of post-quantum cryptography in the real, industrial world. From a socio-economic point of view, it will definitely helps to build confidense that shifting to quantum-safe technologies is actually feasible with limited impact and in a short time window.

ID Quantique also draw meaningful conclusions from this project. First of all, it helped at raising awareness about the soon to become reality quantum computer threats, and increased the overall compagny understanding in cryptography (mostly in the post-quantum field) and cyber-security. More concretly, it allowed to analyse and fix potential vulnerabilities against quantum attacks in existing products, while also allowing to define a transition plan to shift to quantum-resilient technologies if needed.