Presentation Title

Replacing Public Cryptographic Key Exchanges with Quantum Resistant Implementations

Faculty Mentor

Juan Leon, Jared Ashcroft

Start Date

23-11-2019 10:45 AM

End Date

23-11-2019 11:30 AM

Location

154

Session

poster 4

Type of Presentation

Poster

Subject Area

engineering_computer_science

Abstract

Modern networking equipment relies on the exchange of public keys in order to establish secure sessions or tunnels, like VPNs or HTTPS websites. Many cryptographic functions are emphatically listed as solid choices on prominent enterprise networking equipments, but are in truth vulnerable to quantum computations. The classic Diffie–Hellman key exchange revolves around the discrete logarithm problem which states it is difficult to extract private keys a and b from [g^(ab)]mod(p). Large scale computing endeavors have broken this algorithm even without quantum computations, and a shift was made to elliptic curve based Diffie–Hellman exchanges. The elliptic curve is an abstract algebraic structure which has properties that fulfill all the qualities of an abelian group. Instead of using the discrete log [g^(ab)]mod(p), an example of a secure elliptic curve formula is y^2 = x^3+486662x^2+x(mod(2^255 - 19)), where we solve for a new point [private key]xP where P is a given arbitrary point on the curve. The discrete log problem now becomes more difficult even with shorter key lengths. Addition in the abelian group across a modulus operator yields the discrete mapping of the elliptic curve, and this mapping seems utterly random if discovered by a man-in-the-middle, just like how the private key is obfuscated using modular arithmetic in the classic discrete log problem. Due to shorter key lengths, elliptic curve private keys are actually less intensive for quantum algorithms to extract than the massive lengths of other 2048+ bit length keys. There is no choice but to use more quantum resistant methods employing something besides discrete log problems. While many algorithms have been proposed, there exists another implementation of elliptic curves which relies instead on a pool of curves, and the utilization of degree 2 and 3 isogeny classes to create a map between a chosen curve C and C’. By using elliptic curves which have already been studied and implemented widely on modern routers and firewall devices, it would be more straightforward for vendors to rollout new algorithms which adapt already founded mechanics to a more sophisticated encryption. The so called supersingular isogeny elliptic curve Diffie–Hellman would be a legitimately quantum-resistant algorithm, but it has seen implementation in 0 devices, whereas the flimsy 512-1024 bit classic Diffie–Hellman groups are still employed today to secure enterprise traffic over VPN connections in some businesses or otherwise sensitive environments.

This document is currently not available here.

Share

COinS
 
Nov 23rd, 10:45 AM Nov 23rd, 11:30 AM

Replacing Public Cryptographic Key Exchanges with Quantum Resistant Implementations

154

Modern networking equipment relies on the exchange of public keys in order to establish secure sessions or tunnels, like VPNs or HTTPS websites. Many cryptographic functions are emphatically listed as solid choices on prominent enterprise networking equipments, but are in truth vulnerable to quantum computations. The classic Diffie–Hellman key exchange revolves around the discrete logarithm problem which states it is difficult to extract private keys a and b from [g^(ab)]mod(p). Large scale computing endeavors have broken this algorithm even without quantum computations, and a shift was made to elliptic curve based Diffie–Hellman exchanges. The elliptic curve is an abstract algebraic structure which has properties that fulfill all the qualities of an abelian group. Instead of using the discrete log [g^(ab)]mod(p), an example of a secure elliptic curve formula is y^2 = x^3+486662x^2+x(mod(2^255 - 19)), where we solve for a new point [private key]xP where P is a given arbitrary point on the curve. The discrete log problem now becomes more difficult even with shorter key lengths. Addition in the abelian group across a modulus operator yields the discrete mapping of the elliptic curve, and this mapping seems utterly random if discovered by a man-in-the-middle, just like how the private key is obfuscated using modular arithmetic in the classic discrete log problem. Due to shorter key lengths, elliptic curve private keys are actually less intensive for quantum algorithms to extract than the massive lengths of other 2048+ bit length keys. There is no choice but to use more quantum resistant methods employing something besides discrete log problems. While many algorithms have been proposed, there exists another implementation of elliptic curves which relies instead on a pool of curves, and the utilization of degree 2 and 3 isogeny classes to create a map between a chosen curve C and C’. By using elliptic curves which have already been studied and implemented widely on modern routers and firewall devices, it would be more straightforward for vendors to rollout new algorithms which adapt already founded mechanics to a more sophisticated encryption. The so called supersingular isogeny elliptic curve Diffie–Hellman would be a legitimately quantum-resistant algorithm, but it has seen implementation in 0 devices, whereas the flimsy 512-1024 bit classic Diffie–Hellman groups are still employed today to secure enterprise traffic over VPN connections in some businesses or otherwise sensitive environments.