Abstract
In 1994, Peter Shor published a quantum algorithm capable of factoring large integers and computing discrete logarithms in Abelian groups in polynomial time. Since these computational problems provide the security basis of conventional asymmetric cryptosystems (e.g., RSA, ECC), information encrypted under such schemes today may well become insecure in a future scenario where quantum computers are a technological reality. Fortunately, certain classical cryptosystems based on entirely different intractability assumptions appear to resist Shor’s attack, as well as others similarly based on quantum computing. The security of these schemes, which are dubbed post-quantum cryptosystems, stems from hard problems on lattices, error-correcting codes, multivariate quadratic systems, and hash functions. Here we introduce the essential notions related to each of these schemes and explore the state of the art on practical aspects of their adoption and deployment, like key sizes and cryptogram/signature bandwidth overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
M. Ajtai, Generating hard instances of lattice problems (extended abstract), in Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC ‘96 (ACM, New York, 1996), pp. 99–108
M. Alabbadi, S.B. Wicker, A digital signature scheme based on linear error-correcting block codes, in Advances in Cryptology – Asiacrypt ‘94, vol. 917 of Lecture Notes in Computer Science (Springer, New York, 1994), pp. 238–348
L Babai, On lovsz lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)
M. Baldi, F. Chiaraluce, Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC code, in IEEE International Symposium on Information Theory – ISIT 2007 (IEEE, Nice, 2007), pp. 2591–2595
M. Baldi, F. Chiaraluce, M. Bodrato, A new analysis of the McEliece cryptosystem based on QC-LDPC codes, in Security and Cryptography for Networks – SCN 2008, vol. 5229 of Lecture Notes in Computer Science (Springer, Amalfi, 2008), pp. 246–262
R. Barbulescu, P. Gaudry, A. Joux, E. Thomé, A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. HAL-INRIA technical report, http://hal.inria.fr/hal-00835446/ (2013)
M. Bellare, P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, in Proceedings of the 1st ACM conference on Computer and communications security (ACM, 1993), pp. 62–73
T.P. Berger, P.-L. Cayrel, P. Gaborit, A. Otmani, Reducing key length of the McEliece cryptosystem, in Progress in Cryptology – Africacrypt 2009, Lecture Notes in Computer Science (Springer, Gammarth, 2009), pp. 77–97
E. Berlekamp, R. McEliece, H. van Tilborg, On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory 24(3), 384–386 (1978)
D. Bernstein, T. Lange, C. Peters, Smaller decoding exponents: ball-collision decoding, in Advances in Cryptology – Crypto 2011, vol. 6841 of Lecture Notes in Computer Science (Springer, Santa Barbara, 2011), pp. 743–760
D.J. Bernstein, List decoding for binary Goppa codes, in Coding and Cryptology—Third International Workshop, IWCC 2011, Lecture Notes in Computer Science (Springer, Qingdao, 2011), pp. 62–80
D.J. Bernstein, J. Buchmann, E. Dahmen, Post-Quantum Cryptography (Springer, Heidelberg, 2008)
D.J. Bernstein, T. Lange, C. Peters, Attacking and defending the McEliece cryptosystem, in Post-Quantum Cryptography – PQCrypto 2008, vol. 5299 of Lecture Notes in Computer Science (Springer, New York, 2008), pp. 31–46. http://www.springerlink.com/content/68v69185x478p53g
D.J. Bernstein, T. Lange, C. Peters, Wild McEliece, in Selected Areas in Cryptography – SAC 2010, vol. 6544 of Lecture Notes in Computer Science (Springer, Waterloo, 2010), pp. 143–158
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, Keccak specifications. Submission to NIST (2010). http://keccak.noekeon.org/Keccak-specifications.pdf
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, Sponge functions. ECRYPT Hash Workshop 2007 (2007). Also available as public comment to NIST from http://www.csrc.nist.gov/pki/HashWorkshop/Public_Comments/2007_May.html
D. Boneh, C. Gentry, M. Hamburg, Space-efficient identity based encryption without pairings, in FOCS, pp. 647–657 (2007)
A. Braeken, C. Wolf, B. Preneel, A study of the security of unbalanced oil and vinegar signature schemes, in Topics in Cryptology – CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 29–43
Z. Brakerski, V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) lwe. Electron. Colloq. Comput. Complex. 18, 109 (2011)
J. Buchmann, C. Coronado, E. Dahmen, M. Dring, E. Klintsevich, CMSS – an improved merkle signature scheme, in Progress in Cryptology INDOCRYPT 2006, vol. 4329 of Lecture Notes in Computer Science (Springer, New York, 2006), pp. 349–363
J. Buchmann, E. Dahmen, S. Ereth, A. Hlsing, M. Rckert, On the security of the Winternitz one-time signature scheme, in Progress in Cryptology – AFRICACRYPT 2011, vol. 6737 of Lecture Notes in Computer Science (Springer, New York, 2011), pp. 363–378
J. Buchmann, E. Dahmen, A. Hlsing, XMSS-a practical secure signature scheme based on minimal security assumptions, in Cryptology ePrint Archive - Report 2011/484. ePrint (2011)
J. Buchmann, E. Dahmen, E. Klintsevich, K. Okeya, C. Vuillaume, Merkle signatures with virtually unlimited signature capacity, in Applied Cryptography and Network Security – ACNS 2007, vol. 4521 of Lecture Notes in Computer Science (Springer, New York, 2007), pp. 31–45
J. Buchmann, E. Dahmen, M. Schneider, Merkle tree traversal revisited, in Post-Quantum Cryptography – PQCrypto 2008, vol. 5299 of Lecture Notes in Computer Science (Springer, New York, 2008), pp. 63–78
S. Contini, A.K. Lenstra, R. Steinfeld, VSH, an Efficient and Provable Collision Resistant Hash Function. Cryptology ePrint Archive, Report 2005/193 (2005). http://eprint.iacr.org/
N. Courtois, M. Finiasz, N. Sendrier, How to achieve a McEliece-based digital signature scheme, in Advances in Cryptology – Asiacrypt 2001, vol. 2248 of Lecture Notes in Computer Science (Springer, Gold Coast, 2001), pp. 157–174
R.A. DeMillo, D.P. Dobkin, A.K. Jones, R.J. Lipton, Foundations of Secure Computation (Academic Press, New York, 1978)
J. Ding, D. Schmidt, Rainbow, a new multivariable polynomial signature scheme, in International Conference on Applied Cryptography and Network Security – ACNS 2005, vol. 3531 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 164–175
C. Dods, N. Smart, M. Stam, Hash based digital signature schemes, in Cryptography and Coding, vol. 3796 of Lecture Notes in Computer Science (Springer, New York, 2005), pp. 96–115
J.-C. Faugère, A. Otmani, L. Perret, J.-P. Tilllich, Algebraic cryptanalysis of McEliece variants with compact keys, in Advances in Cryptology – Eurocrypt 2010, vol. 6110 of Lecture Notes in Computer Science (Springer, Nice, 2010), pp. 279–298
P. Gaborit, Shorter keys for code based cryptography, in International Workshop on Coding and Cryptography – WCC 2005 (ACM Press, Bergen, 2005), pp. 81–91
R.G. Gallager, Low-density parity-check codes. Information Theory, IRE Transactions on 8(1), 21–28 (1962)
M.R. Garey, D.S. Johnson, Computers and Intractability – A Guide to the Theory of NP-Completeness (W. H. Freeman and Company, New York, 1979)
S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in Advances in Cryptology – EUROCRYPT 2013, pp. 1–17 (2013)
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, IACR Cryptology ePrint Archive 2013, 451 (2013)
V. Gauthier, G. Leander, Practical key recovery attacks on two McEliece variants, in International Conference on Symbolic Computation and Cryptography – SCC 2010 (Springer, Egham, 2010)
C. Gentry, A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. crypto.stanford.edu/craig
C. Gentry, Encrypted messages from the heights of cryptomania, in TCC, pp. 120–121 (2013)
C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC ‘08 (ACM, New York, 2008), pp. 197–206
C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, in Advances in Cryptology – CRYPTO ‘89, vol. 8042 of Lecture Notes in Computer Science (Springer, New York, 2013), pp. 75–92
J.K. Gibson, The security of the Gabidulin public key cryptosystem, in Advances in Cryptology – Eurocrypt ‘96, vol. 1070 of Lecture Notes in Computer Science (Springer, Zaragoza, 1996), pp. 212–223
O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, in Advances in Cryptology – CRYPTO ‘97, vol. 1294 of Lecture Notes in Computer Science (Springer, New York, 1997), pp. 112–131
V.D. Goppa, A new class of linear error correcting codes. Problemy Peredachi Informatsii 6, 24–30 (1970)
A. Hülsing, Practical forward secure signatures using minimal security assumptions. PhD thesis, TU Darmstadt, 2013
J. Hoffstein, J. Pipher, J.H. Silverman, Ntru: A ring-based public key cryptosystem, in Lecture Notes in Computer Science (Springer, New York, 1998), pp. 267–288
W.C. Huffman, V. Pless, Fundamentals of Error-Correcting Codes (Cambridge University Press, Cambridge, 2003)
A. Kipnis, A. Shamir, Cryptanalysis of the oil and vinegar signature scheme, in ed. by H. Krawczyk. Advances in Cryptology – Crypto 1998, vol. 1462 of Lecture Notes in Computer Science (Springer, New York, 1998), pp. 257–266
A. Kipnis, J. Patarin, L. Goubin, Unbalanced oil and vinegar signature schemes, in ed. by J. Stern. Advances in Cryptology – EUROCRYPT ‘99, vol. 1592 of Lecture Notes in Computer Science (Springer, New York, 1999), pp. 206–222
L. Lamport, Constructing digital signatures from a one way function, in SRI International. CSL-98 (1979)
A.K. Lenstra, H.W. Lenstra, L. Lovsz, Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
A. Lewko, T. Okamoto, A. Sahai, K. Takashima, B. Waters, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, in H. Gilbert. Advances in Cryptology – EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 62–91
V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings. Adv. Cryptology EUROCRYPT 2010 6110/2010(015848), 1–23 (2010)
F.J. MacWilliams, N.J.A. Sloane, The Theory of Error-Correcting Codes, vol. 16 (North-Holland Mathematical Library, Amsterdam, 1977)
S.M. Matyas, C.H. Meyer, J. Oseas, Generating strong one-way functions with cryptographic algorithm, IBM Techn. Disclosure Bull., 1985
R. McEliece, A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report, DSN PR 42–44, 1978. http://ipnpr.jpl.nasa.gov/progressreport2/42-44/44N.PDF. Acesso em:.
R.C. Merkle, Secrecy, Authentication, and Public Key Systems. Stanford Ph.D. thesis, 1979
R.C. Merkle, A digital signature based on a conventional encryption function, in Advances in Cryptology – CRYPTO’87, vol. 435 of Lecture Notes in Computer Science (Springer, New York, 1987), pp. 369–378
D. Micciancio, C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller, in ed. by D. Pointcheval, T. Johansson. Advances in Cryptology EUROCRYPT 2012, vol. 7237 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2012), pp. 700–718
V.S. Miller, Use of elliptic curves in cryptography, in Advances in Cryptology — Crypto ‘85 (Springer, New York, 1986), pp. 417–426
R. Misoczki, N. Sendrier, J.-P. Tilllich, P.S.L.M. Barreto, MDPC-McEliece: New McEliece variants from moderate density parity-check codes. Cryptology ePrint Archive, Report 2012/409, 2012. http://eprint.iacr.org/2012/409
C. Monico, J. Rosenthal, A. Shokrollahi, Using low density parity check codes in the McEliece cryptosystem, in IEEE International Symposium on Information Theory – ISIT 2000 (IEEE, Sorrento, 2000), p. 215
E.M. Morais, R. Dahab, Encriptao homomrfica, in XII Simpsio Brasileiro em Segurana da Informao e de Sistemas Computacionais: Minicursos, SBSeg (2012)
P. Nguyen, O. Regev, Learning a parallelepiped: Cryptanalysis of ggh and ntru signatures, in S. Vaudenay. Advances in Cryptology - EUROCRYPT 2006, vol. 4004 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2006), pp. 271–288
H. Niederreiter, Knapsack-type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)
NIST, Federal Information Processing Standard FIPS 186-3 – Digital Signature Standard (DSS) – 6. The Elliptic Curve Digital Signature Algorithm (ECDSA) (National Institute of Standards and Technology (NIST), Gaithersburg, 2012). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
A. K. D. S. Oliveira, J. López. Implementação em software do Esquema de Assinatura Digital de Merkle e suas variantes, in Brazilian Symposium on Information and Computer Systems Security – SBSeg 2013 (SBC, 2013)
A. Otmani, J.-P. Tillich, L. Dallot, Cryptanalysis of two McEliece cryptosystems based on quasi-cyclic codes. Math. Comput. Sci. 3(2), 129–140 (2010)
J. Patarin, The oil and vinegar signature scheme, in Dagstuhl Workshop on Cryptography (1997). Transparencies
J. Patarin, L. Goubin, Trapdoor one-way permutations and multivariate polynomials, in ICICS’97, vol. 1334 of Lecture Notes in Computer Science (Springer, New York, 1997), pp. 356–368
J. Patarin, Hidden fields equations (hfe) and isomorphisms of polynomials (ip): Two new families of asymmetric algorithms, in ed. by U. Maurer. Advances in Cryptology – EUROCRYPT ‘96, vol. 1070 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 1996), pp. 33–48
J. Patarin, L. Goubin, N. Courtois, Improved algorithms for isomorphisms of polynomials, in Advances in Cryptology – EUROCRYPT ‘98 (Springer, New York, 1998), pp. 184–200
N.J. Patterson, The algebraic decoding of Goppa codes. IEEE Trans. Inf. Theory 21(2), 203–207 (1975)
C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem: extended abstract, in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC ‘09 (ACM, New York, 2009), pp. 333–342
A. Petzoldt, S. Bulygin, J. Buchmann, CyclicRainbow – a multivariate signature scheme with a partially cyclic public key, in ed. by G. Gong, K. Gupta. Progress in Cryptology – Indocrypt 2010, vol. 6498 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 33–48
A. Petzoldt, S. Bulygin, J. Buchmann, Selecting parameters for the Rainbow signature scheme, in ed. by N. Sendrier Post-Quantum Cryptography – PQCrypto 2010, vol. 6061 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2010), pp. 218–240. Extended Version: http://eprint.iacr.org/2010/437
A. Petzoldt, S. Bulygin, J. Buchmann, Linear recurring sequences for the UOV key generation, in International Conference on Practice and Theory in Public Key Cryptography – PKC 2011, vol. 6571 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2011), pp. 335–350
A. Petzoldt, S. Bulygin, J. Buchmann, Cyclicrainbow - a multivariate signature scheme with a partially cyclic public key, in ed. by G. Gong, K.C. Gupta. INDOCRYPT, volume 6498 of Lecture Notes in Computer Science (Springer, New York, 2010), pp. 33–48
B. Preneel, Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven, 1983
L. Rausch, A. Hlsing, J. Buchmann, Optimal parameters for \(xmss^{\mathrm{MT}}\), in CD-ARES 2013, vol. 8128 of Lecture Notes in Computer Science (Springer, New York, 2013), pp. 194–208
O. Regev, The learning with errors problem (invited survey), in IEEE Conference on Computational Complexity (IEEE Computer Society, Washington, DC, 2010), pp. 191–204
R.L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)
A. Sahai, B. Waters, Attribute-based encryption for circuits from multilinear maps. CoRR, abs/1210.5287 (2012)
N. Sendrier, Decoding one out of many, in ed. by B-Y. Yang. Post-Quantum Cryptography – PQCrypto 2011, vol. 7071 of Lecture Notes in Computer Science (Springer, Berlin/Heidelberg, 2011), pp. 51–67. 10.1007/978-3-642-25405-5-4
P.W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997)
A. Shoufan, N. Huber, H. Molter, A novel cryptoprocessor architecture for chained merkle signature scheme, in Microprocessors and Microsystems (Elsevier, Amsterdam, 2011), pp. 34–47
D. Stehlé, R. Steinfeld, Making ntru as secure as worst-case problems over ideal lattices, in Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT’11 (Springer, Berlin, Heidelberg, 2011), pp. 27–47
J. Stern, A method for finding codewords of small weight. Coding Theory Appl. 388, 106–133 (1989)
J. Stern, Can one design a signature scheme based on error-correcting codes? in Advances in Cryptology – ASIACRYPT’94, vol. 917 of Lecture Notes in Computer Science (Springer, New York, 1994), pp. 426–428
M. Szydlo, Merkle tree traversal in log space and time, in Advances in Cryptology – Eurocrypt 2004, vol. 3027 of Lecture Notes in Computer Science (Springer, New York, 2004), pp. 541–554
R.M. Tanner, Spectral graphs for quasi-cyclic LDPC codes, in IEEE International Symposium on Information Theory – ISIT 2001 (IEEE, Washington, DC, 2001), p. 226
E. Thomae, A generalization of the Rainbow band separation attack and its applications to multivariate schemes. Cryptology ePrint Archive, Report 2012/223, 2012. http://eprint.iacr.org/2012/223.
C. Wieschebrink, Two NP-complete problems in coding theory with an application in code based cryptography, in IEEE International Symposium on Information Theory – ISIT 2006 (IEEE, Seattle, 2006), pp. 1733–1737
R.S. Winternitz, Producing a one-way hash function from DES, in Advances in Cryptology – CRYPTO ‘83 (Springer, New York, 1983), pp. 203–207
C. Wolf, B. Preneel, Taxonomy of public key schemes based on the problem of multivariate quadratic equations. IACR Cryptology ePrint Archive 2005, 77 (2005)
T. Yasuda, K Sakurai, T. Takagi, Reducing the key size of Rainbow using non-commutative rings, in Topics in Cryptology – CT-RSA 2012, vol. 7178 of Lecture Notes in Computer Science (Springer, New York, 2012), pp. 68–83
Acknowledgements
Paulo S. L. M. Barreto, Ricardo Dahab and Julio López acknowledge support by the Brazilian National Council for Scientific and Technological Development (CNPq) research productivity grants 306935/2012-0, 311530/2011-7, and 309258/2011-1, respectively.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Barreto, P.S.L.M. et al. (2014). A Panorama of Post-quantum Cryptography. In: Koç, Ç. (eds) Open Problems in Mathematics and Computational Science. Springer, Cham. https://doi.org/10.1007/978-3-319-10683-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-10683-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10682-3
Online ISBN: 978-3-319-10683-0
eBook Packages: Computer ScienceComputer Science (R0)