Post-quantum cryptography

Abstract: Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algor… Show more

“…However, since Shor's seminal result [Sho94] it is known that those asymmetric cryptosystems can be broken in polynomial time on a quantum computer (see [BBD08]). Currently, quantum computers are not available but in recent years there has been a big financial push, by both governments and private enterprises (see [Cha12,Koe13,RG13]), to construct a fully-functioning and large enough quantum computer.…”

“…Such schemes are called post-quantum and the research area that deals with the design, analysis, and evaluation of cryptographic schemes that will still be secure in a world where quantum computers exist, is called post-quantum cryptography (PQC). In this field four major research areas have emerged, which are hash-based, code-based, multivariate-quadraticequations-based, and lattice-based cryptography [BBD08]. Additionally, cryptosystems based on supersingular elliptic curve isogenies are also supposed to be secure against attacks by quantum computers [JF11].…”

“…Additionally, the key size of post-quantum schemes is usually larger than what is recommended for RSA or ECC and the operations carried out are different or more complicated so that the implementation on constrained devices can be challenging. For more details on PQC and more details on the previously mentioned alternative problems we refer to [BBD08].…”

“…We thus only cover the background that is essential for the understanding of our work. For a general introduction to lattice problems we refer to the book by Micciancio and Goldwasser [MG02] and the chapter by Micciancio and Regev [MR09] in [BBD08]. We particularly focus on intermediate problems like the learning with errors (LWE) problem, the short integer solution problem (SIS), and the ring learning with errors problem (RLWE) as they appear in almost any lattice-based scheme.…”

“…And while quantum computers might still be several years away, it is important to note that it usually takes several decades before alternative schemes have been thoroughly tested, gained trust in the community, have been standardized, and adopted by industry. However, currently available post-quantum candidate schemes suffer from relatively large key length or are not as efficient as RSA or ECC (see [BBD08]). As a consequence, RSA and ECC are still widely used and more research efforts are required to offer practical and efficient substitutes.…”

Efficient implementation of ideal lattice-based cryptography

“…However, since Shor's seminal result [Sho94] it is known that those asymmetric cryptosystems can be broken in polynomial time on a quantum computer (see [BBD08]). Currently, quantum computers are not available but in recent years there has been a big financial push, by both governments and private enterprises (see [Cha12,Koe13,RG13]), to construct a fully-functioning and large enough quantum computer.…”

“…Such schemes are called post-quantum and the research area that deals with the design, analysis, and evaluation of cryptographic schemes that will still be secure in a world where quantum computers exist, is called post-quantum cryptography (PQC). In this field four major research areas have emerged, which are hash-based, code-based, multivariate-quadraticequations-based, and lattice-based cryptography [BBD08]. Additionally, cryptosystems based on supersingular elliptic curve isogenies are also supposed to be secure against attacks by quantum computers [JF11].…”

“…Additionally, the key size of post-quantum schemes is usually larger than what is recommended for RSA or ECC and the operations carried out are different or more complicated so that the implementation on constrained devices can be challenging. For more details on PQC and more details on the previously mentioned alternative problems we refer to [BBD08].…”

“…We thus only cover the background that is essential for the understanding of our work. For a general introduction to lattice problems we refer to the book by Micciancio and Goldwasser [MG02] and the chapter by Micciancio and Regev [MR09] in [BBD08]. We particularly focus on intermediate problems like the learning with errors (LWE) problem, the short integer solution problem (SIS), and the ring learning with errors problem (RLWE) as they appear in almost any lattice-based scheme.…”

“…And while quantum computers might still be several years away, it is important to note that it usually takes several decades before alternative schemes have been thoroughly tested, gained trust in the community, have been standardized, and adopted by industry. However, currently available post-quantum candidate schemes suffer from relatively large key length or are not as efficient as RSA or ECC (see [BBD08]). As a consequence, RSA and ECC are still widely used and more research efforts are required to offer practical and efficient substitutes.…”

Efficient implementation of ideal lattice-based cryptography

Security and Privacy of 6G

Bibliography