Dissertations / Theses on the topic 'Quantum cryptographic protocols'

Cette thèse porte sur l'étude et l'analyse de deux protocoles de cryptographie quantiques: la distribution de clés quantiques (Quantum Key Distribution, QKD) et la monnaie quantique infalsifiable en variables continues (Continuous Variables, CV). Le principal avantage des protocoles CV est que leur mise en œuvre ne nécessite que des composants télécoms standards. La QKD permet à deux parties distantes d'établir une clé sécurisée même en présence d'une espionne. Une propriété remarquable de la QKD est que sa sécurité peut être établie dans le cadre de la théorie de l'information. Prouver la sécurité des protocoles CV-QKD est un défi car les protocoles sont décrits dans un espace de dimension infinie. L'une des questions ouvertes de la CV-QKD était d'établir la sécurité des protocoles QKD bidirectionnels contre les attaques générales. Nous exploitons l'invariance du groupe unitaire du protocole pour établir la sécurité composable. Nous répondons à une autre question pressante dans le domaine de la CV-QKD à modulation discrète en établissant la sécurité asymptotique de tels protocoles contre les attaques collectives. Nous fournissons une technique générale pour dériver une limite inférieure sur le taux de clé secrète en utilisant un programme semi-défini. L'argent quantique exploite la propriété de non-clonage de la mécanique quantique pour générer des jetons, des billets de banque et des cartes de crédit infalsifiables. Nous proposons un schéma de monnaie quantique à clé privée CV avec vérification classique. La motivation derrière ce protocole est de faciliter la mise en œuvre pratique. Les précédents protocoles proposés utilisent des détecteurs à photons uniques, alors que nos protocoles utilisent la détection cohérente
This thesis is concerned with the study and analysis of two quantum cryptographic protocols: quantum key distribution (QKD) and unforgeable quantum money in the continuous-variable (CV) framework. The main advantage of CV protocols is that their implementation only requires standard telecom components. QKD allows two distant parties, Alice and Bob, to establish a secure key, even in the presence of an eavesdropper, Eve. The remarkable property of QKD is that its security can be established in the information-theoretic setting, without appealing to any computational assumptions. Proving the security of CV-QKD protocols is challenging since the protocols are described in an infinite-dimensional Fock space. One of the open questions in CV-QKD was establishing security for two-way QKD protocols against general attacks. We exploit the invariance of Unitary group U(n) of the protocol to establish composable security against general attacks. We answer another pressing question in the field of CV-QKD with a discrete modulation by establishing the asymptotic security of such protocols against collective attacks. We provide a general technique to derive a lower bound on the secret key rate by formulating the problem as a semidefinite program. Quantum money exploits the no-cloning property of quantum mechanics to generate unforgeable tokens, banknotes, and credit cards. We propose a CV private-key quantum money scheme with classical verification. The motivation behind this protocol is to facilitate the process of practical implementation. Previous classical verification money schemes use single-photon detectors for verification, while our protocols use coherent detection

La mécanique quantique est sans aucun doute la théorie la mieux vérifiée qui n’a jamais existée. En se retournant vers le passé, nous constatons qu’un siècle de théorie quantique a non seulement changé la perception que nous avons de l’univers dans lequel nous vivons mais aussi est responsable de plusieurs concepts technologiques qui ont le potentiel de révolutionner notre monde.

La présente dissertation a pour but de mettre en avance ces potentiels, tant dans le domaine théorique qu’expérimental. Plus précisément, dans un premier temps, nous étudierons des protocoles de communication quantique et démontrerons que ces protocoles offrent des avantages de sécurité qui n’ont pas d’égaux en communication classique. Dans un deuxième temps nous étudierons trois problèmes spécifiques en clonage quantique ou chaque solution

apportée pourrait, à sa façon, être exploitée dans un problème de communication quantique.

Nous débuterons par décrire de façon théorique le premier protocole de communication quantique qui a pour but la distribution d’une clé secrète entre deux parties éloignées. Ce chapitre nous permettra d’introduire plusieurs concepts et outils théoriques qui seront nécessaires dans les chapitres successifs. Le chapitre suivant servira aussi d’introduction, mais cette fois-ci penché plutôt vers le côté expériemental. Nous présenterons une élégante technique qui nous permettra d’implémenter des protocoles de communication quantique de façon simple. Nous décrirons ensuite des expériences originales de communication quantique basées sur cette technique. Plus précisément, nous introduirons le concept de filtration d’erreur et utiliserons cette technique afin d’implémenter une distribution de clé quantique bruyante qui ne pourrait pas être sécurisé sans cette technique. Nous démontrerons ensuite des expériences implémentant le tirage au sort quantique et d’identification quantique.

Dans un deuxième temps nous étudierons des problèmes de clonage quantique basé sur le formalisme introduit dans le chapitre d’introduction. Puisqu’il ne sera pas toujours possible de prouver l’optimalité de nos solutions, nous introduirons une technique numérique qui nous

permettra de mettre en valeur nos résultats.

Doctorat en sciences, Spécialisation physique
info:eu-repo/semantics/nonPublished

Une étape importante pour le développement des réseaux quantiques est de combiner les protocoles de cryptographie avec les mémoires quantiques afin d'établir des communications sécurisées où les informations peuvent être stockées et récupérées sur demande. Un cas d'utilisation possible de ces réseaux est d'effectuer des transactions authentifiées synchronisées par l'utilisation de mémoires. Cependant, les pertes et le bruit ajoutés par les dispositifs de stockage peuvent être exploités par des agents malveillants pour dissimuler leurs tentatives de fraude. Les contraintes pour opérer dans un régime sécurisé sont donc très exigeantes en termes d'efficacité et de fidélité de la mémoire. Cette thèse se concentre sur l'implémentation d'un ensemble d'atomes froids, utilisé en tant que mémoire quantique basée sur l'EIT, dans un protocole de cryptographie. Les ingrédients clés pour optimiser l'efficacité de stockage ainsi que la méthode employée pour atténuer les sources de décohérence sont détaillés. Ce travail représente la première démonstration du protocole cryptographique nommé "quatum money" incluant une étape intermédiaire de stockage, tirant parti de notre mémoire quantique hautement efficace et à faible bruit. L'étape suivante consisterait à multiplexer spatialement le nuage atomique afin de stocker toute la séquence de qubits aléatoires en une seule fois. Dans ce contexte, la capacité multimode de notre mémoire a été simulée numériquement en utilisant deux techniques différentes de multiplexage spatial
Combining cryptographic protocols with quantum memories is an important step for quantum network development in order to establish secure communications where information can be stored and retrieved on demand. One possible use case of these networks is to perform authenticated transactions synchronized by the use of memories. However, the losses and noise added by storage devices can be exploited by dishonest agents to hide their cheating attempts. The constraints to operate in a secure regime are thus very demanding in terms of memory efficiency and fidelity. This thesis focuses on the implementation of a cold-atomic ensemble used as an EIT-based quantum memory in a cryptographic protocol. The key ingredients to optimize the storage-and-retrieval efficiency and the method employed to mitigate the decoherence sources are detailed. This work reports the first demonstration of the unforgeable quantum money including an intermediate quantum memory layer, taking advantage of our highly-efficient and low-noise storage platform. The next step would be to spatially multiplex the atomic cloud in order to store the whole sequence of random qubits at once. In this scenario, the multimode capacity of our memory has been numerically simulated using two different spatial multiplexing techniques

L'avènement de l'informatique quantique permet de réétudier les primitives cryptographiques avec une sécurité inconditionnelle, c'est à dire sécurisé même contre des adversaires tout puissants. En 1984, Bennett et Brassard ont construit un protocole quantique de distribution de clé. Dans ce protocole, deux joueurs Alice et Bob coopèrent pour partager une clé secrète inconnue d'une tierce personne Eve. Ce protocole a une sécurité inconditionnelle et n'a pasd'équivalent classique.Dans ma thèse, j'ai étudié les primitives cryptographiques à deux joueurs où ces joueurs ne se font pas confiance. J'étudie principalement le pile ou face quantique et la mise-en-gage quantique de bit. En informatique classique, ces primitivessont réalisables uniquement avec des hypothèses calculatoires, c'est-à-dire en supposant la difficulté d'un problème donné. Des protocoles quantiques ont été construits pour ces primitives où un adversaire peut tricher avec une probabilité constante strictement inférieure à 1, ce qui reste impossible classiquement. Néanmoins, Lo et Chau ont montré l'impossibilité de créer ces primitives parfaitement même en utilisant l'informatique quantique. Il reste donc à déterminer quelles sont les limites physiques de ces primitives.Dans une première partie, je construis un protocole quantique de pile ou face où chaque joueur peut tricher avec probabilité au plus 1/racine(2) + eps pour tout eps > 0. Ce résultat complète un résultat de Kitaev qui dit que dans un jeu de pile ou face quantique, un joueur peut toujours tricher avec probabilité au moins 1/racine(2). J'ai également construit un protocole de mise-en-gage de bit quantique optimal où un joueur peut tricher avec probabilité au plus 0,739 + eps pour tout eps > 0 puis ai montré que ce protocole est en fait optimal. Finalement, j'ai dérivé des bornes inférieures et supérieures pour une autre primitive: la transmission inconsciente, qui est une primitive universelle.Dans une deuxième partie, j'intègre certains aspects pratiques dans ces protocoles. Parfois les appareils de mesure ne donnent aucun résultat, ce sont les pertes dans la mesure. Je construis un protocole de lancer de pièce quantique tolérant aux pertes avec une probabilité de tricher de 0,859. Ensuite, j'étudie le modèle dispositif-indépendant où on ne suppose plus rien sur les appareils de mesure et de création d'état quantique.Finalement, dans une troisième partie, j'étudie ces primitives cryptographiques avec un sécurité computationnelle. En particulier, je fais le lien entre la mise en gage de bit quantique et les protocoles zero-knowledge quantiques
Quantum computing allows us to revisit the study of quantum cryptographic primitives with information theoretic security. In 1984, Bennett and Brassard presented a protocol of quantum key distribution. In this protocol, Alice and Bob cooperate in order to share a common secret key k, which has to be unknown for a third party that has access to the communication channel. They showed how to perform this task quantumly with an information theoretic security; which is impossible classically.In my thesis, I study cryptographic primitives with two players that do not trust each other. I study mainly coin flipping and bit commitment. Classically, both these primitives are impossible classically with information theoretic security. Quantum protocols for these primitives where constructed where cheating players could cheat with probability stricly smaller than 1. However, Lo, Chau and Mayers showed that these primitives are impossible to achieve perfectly even quantumly if one requires information theoretic security. I study to what extent imperfect protocols can be done in this setting.In the first part, I construct a quantum coin flipping protocol with cheating probabitlity of 1/root(2) + eps for any eps > 0. This completes a result by Kitaev who showed that in any quantum coin flipping protocol, one of the players can cheat with probability at least 1/root(2). I also constructed a quantum bit commitment protocol with cheating probability 0.739 + eps for any eps > 0 and showed that this protocol is essentially optimal. I also derived some upper and lower bounds for quantum oblivious transfer, which is a universal cryptographic primitive.In the second part, I study some practical aspects related to these primitives. I take into account losses than can occur when measuring a quantum state. I construct a Quantum Coin Flipping and Quantum Bit Commitment protocols which are loss-tolerant and have cheating probabilities of 0.859. I also construct these primitives in the device independent model, where the players do not trust their quantum device. Finally, in the third part, I study these cryptographic primitives with information theoretic security. More precisely, I study the relationship between computational quantum bit commitment and quantum zero-knowledge protocols

The main goals of cryptography are the encryption of messages to render them unintelligible to third parties and the authentication of messages to certify that they have not been modified. These goals can be accomplished if the sender ("Alice") and recipient ("Bob") both possess a secret random binary digit (bit) known as "key". It is essential that Alice and Bob acquire the key material with a high level of confidence that any third party ("Eve") does not have even partial information about the random bit sequence. If Alice and Bob communicate solely through classical messages (as opposed to Quantum cryptography), it is impossible for them to generate a certifiably secret key. QKD are the new generation of cryptographic systems which allow two remote parties (Alice and Bob) to generate a secret key with privacy guaranteed by quantum mechanics. They generate a random key securely over an optical fiber connection (also known as Quantum channel). This random key is then used for encryption and decryption of confidential messages, which then can be sent in encrypted form over any non-secure communication channel. In this thesis, we study two fiber-based QKD systems namely "oneway" and "two-way". Both systems have their unique advantage which distinguish them to one another. In one-way, the complexity of the electronic system may reduce. However more attention has to be made on the optical setup due to the requirement of active compensation. In the two-way, the requirement of optical setup may reduce but the attention moves to the electronic system which requires precise and short pulse especially for high speed in Alice system configuration. Our developed prototype is capable to support either one-way and two-way QKD system. We also solved some of the issues from the previous prototype Kumar [2008] which limited the system to be used in high speed. For instance: the synchronization system now uses a single synchronization signal per frame; the frame initialization time delay is reduced to 140ms per frame; pulse shaping distortion due to current consumption. We also introduced the security perspective for B92 protocol with uninformative states. This is done by utilizing the security analysis for BB84 such as entanglement distillation protocol (EDP) [...], smooth Ra'©nyi entropy [...] and composable security [...]. Numerous proposal on smooth Ra'©nyi entropy as general case [...] either for finite security analysis [...] or in asymptotic limit [...] assist us to deduce finite security perspective for B92 with uninformative states. [...] This thesis is organized as follow, initially starts with a general introduction to the cryptography and its relation with quantum cryptography. This is elaborated in Chapter One. In the Second Chapter we will go through the background of quantum mechanics and quantum information and introduce some parameters and theory mostly used in Quantum Key Distribution. These include quantum measurement, state behavior and the security analysis parameters. The second chapter will give the background concepts for the QKD in perspective of quantum information. The Third Chapter will explore more detailed information towards QKD. It starts with the basic architecture algorithm of the quantum cryptography system and details each components of the architecture. Later we focus on the security analysis specifically for the B92 protocol. Finally in the chapter, we will make some finite element analysis for the B92 protocol with uninformative states. In Chapter Four and onwards, we are discussing the experimental implementation and analysis. We begin with the heart of our system which is the field programmable gate array (FPGA) system. We explain the detailed architecture of our FPGA system and how the system works. The module that we develop in our FPGA system in order to work inside the QKD system is also explained in detail. We reserve the modification and advanced work of this system for the future by giving the original codes in the Appendix A. Chapter Five is one of the shortest chapters in this thesis. This chapter explains our electronic development and the opto-electronic device which are used in the QKD system. The main device that we develop for the QKD system is our Mezzanine board for FPGA. This mezzanine board supports some functions that are not available from the FPGA in order to make the system functional. Other developments include opto-electronic board and proportional-integral-derivative (PID) controller with the current driver. Chapter Six is the main experimental part. In this Chapter we start to give the introduction to our optical setup. We detail out our configuration of the setup and finally show our results taken from experimental work. Finally in Chapter Seven we conclude our work and purposed future work which actually need to done for the system.

Les ordinateurs quantiques promettent de surprenantes puissances de calcul en exploitant les étonnantes propriétés de particules infiniment petites. Je m'applique à prouver la sécurité de protocoles permettant à un client purement classique d'utiliser les ressources calculatoires d'un serveur quantique, de manière à ce que le calcul effectué ne soit jamais révélé au serveur. À cette fin, je développe un outil modulaire permettant de générer sur un serveur distant un état quantique que seul le client est en capacité de décrire, et je montre comment on peut générer plus efficacement des états quantiques sur plusieurs qubits. Je prouve également qu'il n'existe pas de protocoles de ce type qui soit sécurisé dans un modèle de sécurité généralement composable, y compris lorsque ce module est utilisé dans le protocole UBQC. Outre le calcul délégué, cet outil s’avère également être utile pour effectuer une tache qui pourrait paraître impossible à réaliser de prime abord: prouver des propriétés avancées sur un état quantique de manière non-interactive (un seul message est envoyé) et non-destructive (l'état quantique reçu est intact), y compris lorsque cet état est généré collaborativement par plusieurs participants. Cette propriété s'avère en particulier utile pour pouvoir filtrer les participants dans un protocole sans révéler leur identité, et peut avoir des applications dans d'autres domaines, par exemple pour transmettre un état quantique sur un réseau tout en cachant la source et la destination du message. Enfin, je discute de mes travaux indépendants en cours sur les programmes à usage unique, mêlant cryptographie quantique, codes correcteurs et théorie de l'information
Quantum computers promise surprising powers of computation by exploiting the stunning physical properties of infinitesimally small particles. I focused on designing and proving the security of protocols that allow a purely classical client to use the computational resources of a quantum server, so that the performed computation is never revealed to the server. To this end, I develop a modular tool to generate on a remote server a quantum state that only the client is able to describe, and I show how multi-qubits quantum states can be generated more efficiently. I also prove that there is no such protocol that is secure in a generally composable model of security, including when our module is used in the UBQC protocol. In addition to delegated computation, this tool also proves to be useful for performing a task that might seem impossible to achieve at first sight: proving advanced properties on a quantum state in a non-interactive and non-destructive way, including when this state is generated collaboratively by several participants. This can be seen as a quantum analogue of the classical Non-Interactive Zero-Knowledge proofs. This property is particularly useful to filter the participants of a protocol without revealing their identity, and may have applications in other domains, for example to transmit a quantum state over a network while hiding the source and destination of the message. Finally, I discuss my ongoing independent work on One-Time Programs, mixing quantum cryptography, error correcting codes and information theory

La sécurité des réseaux modernes de communication peut être renforcée grâce aux lois de la mécanique quantique. Dans cette thèse, nous développons une source de paires de photons que nous utilisons pour implémenter de nouvelles primitives cryptographiques. Les paires sont utilisées comme des photons uniques annoncés ou des paires intriquées. Nous proposons une méthode afin d'adapter cette source à la génération d'états intriqués multipartites. Nous démontrons la première implémentation d’un tirage à pile-ou-face faible quantique. Il permet à deux joueurs distants de décider d'un gagnant aléatoire. Nous démontrons une version retravaillée et tolérante aux pertes d'un protocole théorique récemment proposé, en utilisant des photons uniques annoncés. Ce protocole est sensible à la triche grâce à une interférence quantique et un commutateur optique rapide. Enfin, nous fournissons un nouveau protocole pour certifier la transmission d'un qubit non-mesuré à travers un canal non-fiable présentant des pertes. Nous testons le canal indépendamment du système de mesure, en utilisant la technique de self-testing des inégalités de Bell ou de steering, grâce à l’utilisation de paires de photons intriqués en polarisation pour sonder le canal. Nous montrons qu'il permet la certification de communications quantiques malgré les pertes induites par le canal
The security of modern communication networks can be enhanced thanks to the laws of quantum mechanics. In this thesis, we develop a source of photon-pairs, emitted via spontaneous parametric down-conversion, which we use to demonstrate new quantum-cryptographic primitives. Pairs are used as heralded single-photons or as close-to-maximally entangled pairs. We also provide a novel design in order to adapt this source to multipartite entanglement generation. We provide the first experimental implementation of quantum weak coin flipping protocol. It allows two distant players to decide of a random winner. We demonstrate a refined and loss-tolerent version of a recently proposed theoretical protocol, using heralded single-photons mixed with vacuum to produce entanglement. It displays cheat-sensitivity, allowed by quantum interference and a fast optical switch. We also provide a new protocol for certifying the transmission of an unmeasured qubit through a lossy and untrusted channel. The security is based on new fundamental results of lossy quantum channels. We device-independently test the channel’s quality, using self-testing of Bell or steering inequalities thanks to photon-pairs entangled in polarization to probe the channel. We show it allows the certification of quantum communication for a large amount of losses induced by the channel

La cryptographie quantique a bénéficié des nombreuses avancées de la cryptographie et théorie des réseaux classiques. Cependant, elle n’en est qu’à ses balbutiement en ce qui concerne son application en condition réelles et approfondir la théorie sous-jacente est un prérequis crucial à l’exploitation de l’intégralité de ses possibilités. Pour cela, il faut tout d’abord formaliser rigoureusement les propriétés de sécurité quantiques des techniques importées de la cryptographie classique, pour l’instant souvent utilisées sans justification. Ensuite, les progrès récents des technologies quantiques tendent à pointer vers un modèle d’accès type client-serveur avec un client faiblement quantique. Dans ce contexte, les protocoles quantiques se doivent d’être les plus frugaux possibles en termes de ressources (mémoire et opération). Enfin, implémenter des protocoles sur des architectures concrètes nécessite de les adapter finement aux machines utilisées afin d’améliorer encore leur optimisation. Cette thèse contribue à ces trois aspects en : (i) proposant une définition du Quantum Cut-and-Choose, technique qui permet de garantir la préparation honnête d’un message quantique ; (ii) présentant un cadre de sécurité plus réaliste contre les attaques par superposition, qui garantit la sécurité de protocoles classiques exécutés sur une machine quantique ; (iii) construisant un protocole efficace de délégation de calcul multipartite quantique, qui permet à des clients de déléguer un calcul privé à un serveur ; (iv) démontrant qu’il est possible de vérifier l’exactitude de calculs quantiques délégués sans aucun impact en terme ressources côté client ou serveur
Quantum cryptography builds upon decades of advances both in classical cryptography and networks. However, contrary to its classical counterparts, it is still in its infancy applicability-wise, even in the scenario where powerful quantum computers are readily available, and more theoretical work is required before it can provide concrete benefits. The first goal is to formalise in rigorous quantum security frameworks the properties of various techniques that have been transposed, often without proper justification, from the classical world.Then, the recent developments in quantum technologies suggest a mostly cloud-based future availability of quantum devices. Therefore, quantum computation and communication cost of protocol participants must be lowered before being useful.Finally, in most situations, additional steps need to be taken to tailor protocols to the specifications of devices. This allows for optimisations both in terms of quantum memory and operation requirements.This thesis contributes to these three aspects by: (i) giving the first general security definition of the Quantum Cut-and-Choose, a technique for proving the correctness of a quantum message; (ii) presenting a more realistic framework of security against superposition attacks, where classical protocols run on inherently quantum devices; (iii) constructing an efficient delegated multi-party quantum computation protocol, allowing clients to delegate securely to a quantum server a private computation; (iv) building a method for verifying the honesty of a quantum server performing computations on behalf of a client with no operation or memory overhead compared to the unprotected computation

Je souhaite réaliser un modèle théorique optimal pour les protocoles de partage de secret quantique basé sur l'utilisation des états graphes. Le paramètre représentatif d'un partage de secret à seuil est, entre autres la taille du plus grand ensemble de joueurs qui ne peut pas accéder au secret. Je souhaite donc trouver un famille de protocoles pour laquelle ce paramètre est le plus petit possible. J'étudie également les liens entre les protocoles de partage de secret quantique et des familles de courbes en géométrie algébrique
I want to realize an optimal theoretical model for quantum secret sharing protocols based on graph states. The main parameter of a threshold quantum secret sharing scheme is the size of the largest set of players that can not access the secret. Thus, my goal is to find a collection of protocols for which the value of this parameter is the smallest possible. I also study the links between quantum secret sharing protocols and families of curves in algebraic geometry

Quantum cryptography and its well-known application, quantum key distribution (QKD), promises unconditional security in data communications and is currently being deployed in commercial applications. However, there exist several challenges that concern QKD, such as secret key rate, distance, security and cost. The work of this thesis is at first developed by studying the best-know QKD protocol (BB84). The study provides performance analysis of the protocol over a quantum bit-flip channel in presence of eavesdropping, in terms of detection and false alarm probabilities, with an extension to the case of a generic quantum noisy channel. Finally, the problem of exchanging keys over long distances has been analized, providing a Multi-Hop protocol without using intercept-resend relays, and its extension to the case of a trusted node network, that exploits QKD only locally to establish secrets keys.

The Signal protocol can be considered state-of-the-art when it comes to secure messaging, but advances in quantum computing stress the importance of finding post-quantum resistant alternatives to its asymmetric cryptographic primitives. The aim is to determine whether existing post-quantum cryptography can be used as a drop-in replacement for the public-key cryptography currently used in the Signal protocol and what the performance trade-offs may be. An implementation of the Signal protocol using commutative supersingular isogeny Diffie-Hellman (CSIDH) key exchange operations in place of elliptic-curve Diffie-Hellman (ECDH) is proposed. The benchmark results on a Samsung Galaxy Note 8 mobile device equipped with a 64-bit Samsung Exynos 9 (8895) octa-core CPU shows that it takes roughly 8 seconds to initialize a session using CSIDH-512 and over 40 seconds using CSIDH-1024, without platform specific optimization. To the best of our knowledge, the proposed implementation is the first post-quantum resistant Signal protocol implementation and the first evaluation of using CSIDH as a drop-in replacement for ECDH in a communication protocol.

Contrairement aux protocoles cryptographiques fondés sur la théorie des nombres, les systèmes de chiffrement basés sur les codes correcteurs d’erreurs semblent résister à l’émergence des ordinateurs quantiques. Un autre avantage de ces systèmes est que le chiffrement et le déchiffrement sont très rapides, environ cinq fois plus rapide pour le chiffrement, et 10 à 100 fois plus rapide pour le déchiffrement par rapport à RSA. De nos jours, l’intérêt de la communauté scientifique pour la cryptographie basée sur les codes est fortement motivé par la dernière annonce de la “National Institute of Standards and Technology" (NIST), qui a récemment initié le projet intitulé “Post-Quantum cryptography Project". Ce projet vise à définir de nouveaux standards pour les cryptosystèmes résistants aux attaques quantiques et la date limite pour la soumission des cryptosystèmes à clé publique est fixée pour novembre 2017. Une telle annonce motive certainement à proposer de nouveaux protocoles cryptographiques basés sur les codes, mais aussi à étudier profondément la sécurité des protocoles existants afin d’écarter toute surprise en matière de sécurité. Cette thèse suit cet ordre d’idée en étudiant la sécurité de plusieurs protocoles cryptographiques fondés sur la théorie des codes correcteurs d’erreurs. Nous avons commencé par l’étude de la sécurité d’une version modifiée du cryptosystème de Sidelnikov, proposée par Gueye et Mboup [GM13] et basée sur les codes de Reed-Muller. Cette modification consiste à insérer des colonnes aléatoires dans la matrice génératrice (ou de parité) secrète. La cryptanalyse repose sur le calcul de carrés du code public. La nature particulière des codes de Reed-Muller qui sont définis au moyen de polynômes multivariés binaires, permet de prédire les valeurs des dimensions des codes carrés calculés, puis permet de récupérer complètement en temps polynomial les positions secrètes des colonnes aléatoires. Notre travail montre que l’insertion de colonnes aléatoires dans le schéma de Sidelnikov n’apporte aucune amélioration en matière de sécurité. Le résultat suivant est une cryptanalyse améliorée de plusieurs variantes du cryptosystème GPT qui est un schéma de chiffrement en métrique rang utilisant les codes de Gabidulin. Nous montrons qu’en utilisant le Frobenius de façon appropriée sur le code public, il est possible d’en extraire un code de Gabidulin ayant la même dimension que le code de Gabidulin secret mais avec une longueur inférieure. Le code obtenu corrige ainsi moins d’erreurs que le code secret, mais sa capacité de correction d’erreurs dépasse le nombre d’erreurs ajoutées par l’expéditeur et par conséquent, un attaquant est capable de déchiffrer tout texte chiffré, à l’aide de ce code de Gabidulin dégradé. Nos résultats montrent qu’en fin de compte, toutes les techniques existantes visant à cacher la structure algébrique des codes de Gabidulin ont échoué. Enfin, nous avons étudié la sécurité du système de chiffrement de Faure-Loidreau [FL05] qui est également basé sur les codes de Gabidulin. Inspiré par les travaux précédents et, bien que la structure de ce schéma diffère considérablement du cadre classique du cryptosystème GPT, nous avons pu montrer que ce schéma est également vulnérable à une attaque polynomiale qui récupère la clé privée en appliquant l’attaque d’Overbeck sur un code public approprié. Comme exemple, nous arrivons en quelques secondes à casser les paramètres qui ont été proposés comme ayant un niveau de sécurité de 80 bits
Contrary to the cryptosystems based on number theory, the security of cryptosystems based on error correcting codes appears to be resistant to the emergence of quantum computers. Another advantage of these systems is that the encryption and decryption are very fast, about five times faster for encryption, and 10 to 100 times faster for decryption compared to RSA cryptosystem. Nowadays, the interest of scientific community in code-based cryptography is highly motivated by the latest announcement of the National Institute of Standards and Technology (NIST). They initiated the Post-Quantum cryptography Project which aims to define new standards for quantum resistant cryptography and fixed the deadline for public key cryptographic algorithm submissions for November 2017. This announcement motivates to study the security of existing schemes in order to find out whether they are secure. This thesis thus presents several attacks which dismantle several code-based encryption schemes. We started by a cryptanalysis of a modified version of the Sidelnikov cryptosystem proposed by Gueye and Mboup [GM13] which is based on Reed-Muller codes. This modified scheme consists in inserting random columns in the secret generating matrix or parity check matrix. The cryptanalysis relies on the computation of the square of the public code. The particular nature of Reed-Muller which are defined by means of multivariate binary polynomials, permits to predict the values of the dimensions of the square codes and then to fully recover in polynomial time the secret positions of the random columns. Our work shows that the insertion of random columns in the Sidelnikov scheme does not bring any security improvement. The second result is an improved cryptanalysis of several variants of the GPT cryptosystem which is a rank-metric scheme based on Gabidulin codes. We prove that any variant of the GPT cryptosystem which uses a right column scrambler over the extension field as advocated by the works of Gabidulin et al. [Gab08, GRH09, RGH11] with the goal to resist Overbeck’s structural attack [Ove08], are actually still vulnerable to that attack. We show that by applying the Frobeniusoperator appropriately on the public key, it is possible to build a Gabidulin code having the same dimension as the original secret Gabidulin code, but with a lower length. In particular, the code obtained by this way corrects less errors than thesecret one but its error correction capabilities are beyond the number of errors added by a sender, and consequently an attacker is able to decrypt any ciphertext with this degraded Gabidulin code. We also considered the case where an isometrictransformation is applied in conjunction with a right column scrambler which has its entries in the extension field. We proved that this protection is useless both in terms of performance and security. Consequently, our results show that all the existingtechniques aiming to hide the inherent algebraic structure of Gabidulin codes have failed. To finish, we studied the security of the Faure-Loidreau encryption scheme [FL05] which is also a rank-metric scheme based on Gabidulin codes. Inspired by our precedent work and, although the structure of the scheme differs considerably from the classical setting of the GPT cryptosystem, we show that for a range of parameters, this scheme is also vulnerable to a polynomial-time attack that recovers the private key by applying Overbeck’s attack on an appropriate public code. As an example we break in a few seconds parameters with 80-bit security claim

Orientador: Ricardo Dahab
Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação
Made available in DSpace on 2018-08-22T11:38:01Z (GMT). No. of bitstreams: 1 OnikiChiquito_Izumi_M.pdf: 3419663 bytes, checksum: 5f621e251ebc62429a85ff141091f7f5 (MD5) Previous issue date: 2012
Resumo: Na área de Segurança da Informação, controle de acesso diz respeito á habilidade de permitir ou negar a utilização de determinados recursos, sejam eles informações, dispositivos, serviços etc., por parte de um indivíduo. Protocolos de identificação correspondem a algoritmos criptográficos que permitem verificar, com certo grau de confiança, se a alegação de um indivíduo a respeito de sua identidade é verdadeira. Dessa forma, pode-se prover acesso controlado e conceder privilégios de utilização de recursos somente a entidades ou indivíduos cuja identidade tenha sido comprovada. Algoritmos baseados em reticulados, de uma forma geral, têm despertado particular interesse em aplicações criptográficas, devido à sua provável resistência a ataques empregando computadores quânticos, ao contrário dos criptossistemas baseados em problemas da Teoria dos Números. Por esse motivo, nos _últimos anos, tem-se buscado desenvolver protocolos de identificação cuja segurança esteja relacionada a problemas envolvendo reticulados. Neste trabalho, foram abordadas as principais propostas recentes de protocolos de identificação baseados em reticulados. Além da apresentação dos algoritmos, é feita uma análise comparativa entre protocolos selecionados, incorporando dados experimentais de execução. A etapa de implementação aqui apresentada tem também como finalidade suprir a ausência de resultados experimentais para essa categoria de protocolos, no sentido de iniciar um processo de validação para uso dos algoritmos em aplicações práticas. Questões como possibilidades de otimização e expectativas para o futuro da área também são discutidas
Abstract: One of the main concerns of the field of Information Security is access control, which refers to the restriction of access to several kinds of resources, such as data, places, devices, services and others. Identification schemes are cryptographic algorithms that allow verifying with some level of certainty if an identity claim is legitimate. Therefore, such schemes make possible to provide access control and grant privileges only to authorized individuals whose identities have been previously verified. Lattice-based algorithms are particularly interesting as the cryptography community believes them to remain secure even to quantum computers attacks, as opposite to some cryptosystems used today based on Number Theory problems. For this reason, identification schemes based on lattices have received growing attention lately. In this work, we address the main recent developments of lattice-based identification schemes. After introducing the algorithms, we make a comparative analysis of the selected schemes, using experimental data collected from our own implementation of the algorithms. The implementation phase also aims to help validating these schemes for practical use, since to this date there were practically no experimental results available. Other issues, like optimization possibilities and the future of the area, are also addressed in this work
Mestrado
Ciência da Computação
Mestra em Ciência da Computação

Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape
The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step

In dieser Doktorarbeit werden zwei Konzepte der Quanteninformationsverarbeitung realisiert. Der Quantenschlüsselaustausch ist revolutionär, weil er perfekte Sicherheit gewährleistet. Zahlreiche Quantenkryptografieprotokolle wurden schon untersucht. Zwei Probleme bestehen. Zum einen ist es sehr schwer, die Bedingungen herzustellen, die in den Annahmen für perfekte Sicherheit impliziert sind. Zum anderen sind die Reichweiten auf momentan etwa 200 km begrenzt, aufgrund des abnehmenden Signals gegenüber des konstanten Rauschens. Ein Experiment dieser Doktorarbeit beschäftigt sich mit dem ersten Problem. Insbesondere der übertragene Quantenzustands ist kritisch für die Sicherheit des Verfahrens. Es werden Einzelphotonen von Stickstoff- Fehlstellen-Zentren und zum ersten Mal von Silizium-Fehlstellen-Zentren für einen Quantenschlüsselaustausch mit Hilfe des BB84-Protokolls benutzt. Die Abweichung von idealen Einzelphotonenzuständen sowie deren Bedeutung für die Sicherheit werden analysiert. Die Übertragung von Quantenzuständen via Satellit könnte das Problem der begrenzten Reichweite lösen. Das neue Frequenz-Zeit- Protokoll eignet sich dafür besonders gut. Es wird während dieser Arbeit zum ersten Mal überhaupt implementiert. Umfangreiche Untersuchungen inklusive der Variation wesentlicher experimenteller Parameter geben Aufschluss über die Leistungsfähigkeit und Sicherheit des Protokolls. Außerdem werden elementare Bestandteile eines vollautomatischen Experiments zum Quantenschlüsselaustausch über Glasfasern in der sogenannten Time-bin-Implementierung mit autonomem Sender und Empfänger realisiert. Ein anderes Konzept der Quanteninformationsverarbeitung ist die Herstellung zufälliger Bitfolgen durch den Quantenzufall. Zufällige Bitfolgen haben zahlreiche Anwendungsgebiete in der Kryptografie und der Informatik. Die Realisierung eines Quantenzufallszahlengenerators mit mathematisch beschreibbarer und getesteter Zufälligkeit und hoher Bitrate wird ebenfalls beschrieben.
In this thesis, photonic quantum states are used for experimental realisations of two different concepts of quantum information processing. Quantum key distribution (QKD) is revolutionary because it is the only cryptographic scheme offering unconditional security. Two major problems prevail: Firstly, matching the conditions for unconditional security is challenging, secondly, long distance communication beyond 200 km is very demanding because an increasingly attenuated quantum state starts to fail the competition with constant noise. One experiment accomplished in this thesis is concerned with the first problem. The realisation of the actual quantum state is critical. Single photon states from nitrogen and for the first time also silicon vacancy defect centres are used for a QKD transmission under the BB84 (Bennett and Brassard 1984). The deviation of the used single photon states from the ideal state is thoroughly investigated and the information an eavesdropper obtains due to this deviation is analysed. Transmitting quantum states via satellites is a potential solution to the limited achievable distances in QKD. A novel protocol particularly suited for this is implemented for the first time in this thesis, the frequency-time (FT) protocol. The protocol is thoroughly investigated by varying the experimental parameters over a wide range and by evaluating the impact on the performance and the security. Finally, big steps towards a fully automated fibre-based BB84 QKD experiment in the time-bin implementation with autonomous sender and receiver units are accomplished. Another important concept using quantum mechanical properties as a resource is a quantum random number generator (QRNG). Random numbers are used for various applications in computing and cryptography. A QRNG supplying bits with high and quantifiable randomness at a record-breaking rate is reported and the statistical properties of the random output is thoroughly tested.

Pour la cryptographie moderne, la sécurité d'un système est définie comme la somme des ressources nécessaires pour le briser. Avec la venue d'ordinateurs quantiques efficaces et les nouvelles possibilités algorithmiques que cela ouvre, ce montant de ressources est voué à changer. Dans cette thèse, nous effectuons un pas en direction d'une meilleure compréhension de cette menace quantique. Après une introduction au calcul quantique et à la cryptographie, nous montrons des attaques quantiques contre la fonction pseudo-aléatoire de Legendre sans requête en superposition et en mémoire quantique réduite. Par la suite, nous exposons une manière générale de transposer les attaques boomerang en algorithmique quantique ainsi que quelques applications. Nous continuons sur une méthode de doublement de taille de blocs pour les chiffrements à blocs inspirée sur le schéma Encrypt-Mix-Encrypt et nous en montrons la sécurité. Nous finissons par la construction d'une version quantique du protocole d'authentification de la 3G/4G/5G UMTS-AKA avant d'en montrer la sécurité ainsi que celle des primitives sous-jacentes Milenage et TUAK
For modern cryptography, the security of a system is defined as the sum of the resources required to break it. With the advent of efficient quantum computers and the new algorithmic possibilities that this opens, this amount of resource is destined to change.In this thesis, we take a step towards a better understanding of this quantum threat. After an introduction to quantum computation and cryptography, we show quantum attacks against the Legendre PRF in the setting without superposition queries and reduced quantum memory. Afterwards, we present a general way to transpose boomerang attacks into quantum attacks as well as some applications. We continue on a doubling method for block ciphers inspired by the Encrypt-Mix-Encrypt scheme and prove its security. We end by building a quantum version of the 3G/4G/5G UMTS-AKA authentication protocol before showing the security as well as the underlying primitives Milenage and TUAK

Ces dernières années, deux domaines de recherche en cryptologie ont reçu une attention considérable : les protocoles de consensus pour les technologies blockchain dus à l'émergence des cryptomonnaies, et la cryptanalyse quantique due à la menace des ordinateurs quantiques. Naturellement, nos sujets de recherche se sont orientés vers ces deux domaines que nous avons étudiés séparément dans cette thèse.Dans la première partie, nous analysons la sécurité de certains protocoles de consensus pour les technologies blockchain qui sont un des principaux défis dans ces technologies. En particulier, nous nous focalisons sur l'élection de leader qui intervient au sein d'un protocole de consensus. Après une étude de l'état de l'art des protocoles de consensus avant et après l'introduction des technologies blockchain, nous étudions la sécurité de deux approches prometteuses pour construire des protocoles de consensus, appelées Algorand et Single Secret Leader Election. Ainsi, nous définissons un modèle de sécurité d'élection de leader avec cinq propriétés de sécurité qui empêchent les problèmes et attaques bien connus des protocoles de consensus. Ensuite, nous décrivons un nouveau protocole d'élection de leader appelé LEP-TSP destiné à être utilisé dans des systèmes privés et prouvons que LEP-TSP satisfait les propriétés de sécurité attendues tant que plus de deux tiers des participants sont honnêtes. Comme travail additionnel, nous présentons une description à haut niveau d'un nouveau protocole de consensus appelé Useful Work, qui utilise la puissance de calcul pour résoudre n'importe quel problème concret.Dans la seconde partie de cette thèse, nous passons en revue les meilleurs résultats de cryptanalyse connus sur les schémas de Misty et nous présentons de nouveaux résultats de cryptanalyse quantique. Tout d'abord, nous décrivons des attaques quantiques non adaptatives à clairs choisis (QCPA) contre les schémas de Misty L à 4 tours, Misty LKF à 4 tours, Misty R à 3 tours et Misty RKF 3 à tours. Nous étendons l'attaque QCPA contre les schémas de Misty RKF à 3 tours pour obtenir une attaque quantique permettant de retrouver la clé secrète des schémas de Misty RKF à d tours. Comme travail supplémentaire, nous montrons que la meilleure attaque non quantique connue contre les schémas de Misty R à 3 tours est optimale
In recent years, two research domains in cryptography have received considerable attention: consensus protocols for blockchain technologies due to the emergence of cryptocurrencies, and quantum cryptanalysis due to the threat of quantum computers. Naturally, our research topics are geared towards these two research domains that are studied separately in this thesis.In the first part, we analyze the security of consensus protocols which are one of main challenges in these technologies. We focus more specifically on the leader election of consensus protocols. After a study of the state of the art on consensus protocols before and after the emergence of blockchain technologies, we study the security of two promising approaches to construct these protocols, called Algorand and Single Secret Leader Election. As a result, we define a security model of leader election with five security properties that address well-known issues and attacks against consensus protocols. Then, we provide a new leader election protocol called LEP-TSP intended to be used in private setting and prove that LEP-TSP meets the expected security properties while more than two third of participants are honest. As additional work, we provide a high level description of a new consensus protocol called Useful Work that uses the computing power to solve any real world problem.In the second part of this thesis, we review the best known cryptanalysis results on Misty schemes and we provide new quantum cryptanalysis results. First, we describe non-adaptive quantum chosen plaintext attacks (QCPA) against 4-round Misty L, 4-round Misty LKF, 3-round Misty R and 3-round Misty RKF schemes. We extend the QCPA attack against 3-round Misty RKF schemes to recover the keys of d-round Misty RKF schemes. As additional work, we show that the best known non-quantum attack against 3-round Misty R schemes is optimal

Cette thèse se situe à l’interface entre la théorie quantique et les expériences, en mettant l’accent sur les protocoles pratiques qui peuvent être mises en place en utilisant la technologie présente. Notre objectif est de contribuer à la construction d’un cadre général pour la conception et la mise en oeuvre de schémas de chiffrement quantiques qui permettront d’améliorer la sécurité des futurs réseaux de télécommunication. En outre, cette thèse veut avancer la recherche pertinente sur la physique quantique et l’informatique, en améliorant notre compréhension du phénomène d’intrication. Les corrélations des états intriqués ne peuvent pas être reproduites par des moyens classiques, ce qui permet d’effectuer des tâches (par exemple la téléportation et le codage super-dense) qui sont autrement impossibles. Il est donc d’une importance majeure d’être capables de vérifier si un état quantique est intriqué. Dans cette thèse, nous montrons comment vérifier efficacement si une source physique peut créer des états intriqués multipartites et les partager avec de nombreuses parties, dont certains sont malhonnêtes et collaborent avec la source. Ce protocole pourrait s’avérer essentiel pour tout type de calcul quantique entre les parties méfiantes et pourrait aussi faciliter la délégation sécurisée des tâches de calcul aux serveurs quantiques puissants qui ne sont pas fiables. Finalement, nous étudions le lien entre la théorie des jeux et la non-localité quantique, dans le cadre de jeux bayésiens. Nous examinons comment l’intrication partagé aide les joueurs gagner un jeu avec une probabilité plus élevée que les ressources classiques pourraient atteindre
This thesis stands at the interface between quantum theory and experiments, focusing on practical protocols that can be implemented using present-day technology. Our goal is to build a general framework for the design and implementation of quantum cryptographic schemes that will improve the safety of future telecommunication networks. In addition, this thesis aims to advance research on quantum physics and computer science, by improving our understanding of entanglement. The correlations of entangled states can not be reproduced by conventional means, allowing to perform tasks (eg teleportation and superdense coding) that are otherwise impossible. It is therefore of major importance to be able to check whether a quantum state is entangled. In this thesis, we show how to efficiently check whether a physical source can create multi-party entangled states and share them with many parties, some of which are dishonest and work with the source. This protocol could prove essential for quantum computation between suspicious parties and could also facilitate the secure delegation of tasks to powerful untrusted quantum servers. Finally, we study the link between game theory and quantum non-locality, in the context of Bayesian games. We examine how the shared entanglement helps players win a game with a higher probability than the conventional resources could achieve

Cette thèse se situe à l’interface entre la théorie quantique et les expériences, en mettant l’accent sur les protocoles pratiques qui peuvent être mises en place en utilisant la technologie présente. Notre objectif est de contribuer à la construction d’un cadre général pour la conception et la mise en oeuvre de schémas de chiffrement quantiques qui permettront d’améliorer la sécurité des futurs réseaux de télécommunication. En outre, cette thèse veut avancer la recherche pertinente sur la physique quantique et l’informatique, en améliorant notre compréhension du phénomène d’intrication. Les corrélations des états intriqués ne peuvent pas être reproduites par des moyens classiques, ce qui permet d’effectuer des tâches (par exemple la téléportation et le codage super-dense) qui sont autrement impossibles. Il est donc d’une importance majeure d’être capables de vérifier si un état quantique est intriqué. Dans cette thèse, nous montrons comment vérifier efficacement si une source physique peut créer des états intriqués multipartites et les partager avec de nombreuses parties, dont certains sont malhonnêtes et collaborent avec la source. Ce protocole pourrait s’avérer essentiel pour tout type de calcul quantique entre les parties méfiantes et pourrait aussi faciliter la délégation sécurisée des tâches de calcul aux serveurs quantiques puissants qui ne sont pas fiables. Finalement, nous étudions le lien entre la théorie des jeux et la non-localité quantique, dans le cadre de jeux bayésiens. Nous examinons comment l’intrication partagé aide les joueurs gagner un jeu avec une probabilité plus élevée que les ressources classiques pourraient atteindre
This thesis stands at the interface between quantum theory and experiments, focusing on practical protocols that can be implemented using present-day technology. Our goal is to build a general framework for the design and implementation of quantum cryptographic schemes that will improve the safety of future telecommunication networks. In addition, this thesis aims to advance research on quantum physics and computer science, by improving our understanding of entanglement. The correlations of entangled states can not be reproduced by conventional means, allowing to perform tasks (eg teleportation and superdense coding) that are otherwise impossible. It is therefore of major importance to be able to check whether a quantum state is entangled. In this thesis, we show how to efficiently check whether a physical source can create multi-party entangled states and share them with many parties, some of which are dishonest and work with the source. This protocol could prove essential for quantum computation between suspicious parties and could also facilitate the secure delegation of tasks to powerful untrusted quantum servers. Finally, we study the link between game theory and quantum non-locality, in the context of Bayesian games. We examine how the shared entanglement helps players win a game with a higher probability than the conventional resources could achieve

Atualmente, podemos perceber que uma grande dependência dos sistemas desenvolvidos sob a seara da criptografia foi instaurada em todos nós. Principalmente no tocante dos sistemas criptográficos de chave pública, que são vastamente utilizados na Internet. No entanto, a criptografia de chave pública viu-se ameaçada e começou a investigar novas fontes de problemas para seus sistemas quando Shor em 1997 desenvolveu um algoritmo de tempo polinomial para fatorar inteiros e para calcular o logaritmo discreto em um computador quântico. Neste contexto, Patarin propõe a função alçapão HFE (Hidden Field Equations), uma trapdoor baseada nos Problemas MQ (Multivariate Quadratic) e IP (Isomorfismo de Polinômios). Tais problemas não são afetados pelo algoritmo de Shor, além disto o Problema MQ foi demonstrado por Patarin e Goubin como sendo NP-completo. Apesar do HFE ter sua versão básica quebrada, ele apresenta variações -- obtidas através de modificadores genéricos -- resistentes aos principais ataques da atualidade. O Quartz -- esquema de assinatura digital baseado no HFEv-, com escolha especial de parâmetros -- é um bom exemplo desta resistência a ataques algébricos que visem a recuperação da chave privada, pois até hoje permanece seguro. Além de também se destacar por gerar assinaturas curtas. Todavia, Joux e Martinet -- baseados em axiomas do Ataque pelo Paradoxo de Aniversário -- provaram que o Quartz é maleável, demonstrando que caso o adversário possua um par (mensagem, assinatura) válido, ele conseguirá obter uma segunda assinatura com 2^(50) computações e 2^(50) chamadas ao oráculo de assinatura, logo muito abaixo dos padrões de segurança atuais que são de, no mínimo, 2^(112). Desta forma, baseado no Quartz, apresentamos um novo esquema de assinatura digital resistente a ataques adaptativos de mensagem escolhida que realizem chamadas ao oráculo aleatório, com um nível de segurança estimado em 2^(112). Nosso criptossistema proporciona, ainda, um ganho de eficiência no algoritmo de verificação de assinatura e na inicialização dos vetores que serão utilizados pelos algoritmos de assinatura e verificação. Além de, também, disponibilizarmos uma implementação do Quartz Original e do Quartz Aprimorado, na linguagem de programação Java.
Today, we can see that a large dependence of the systems developed under the cryptography was introduced in all of us. Especially in terms of public key cryptosystems, which are widely used on the Internet. However, public key cryptography was threatened and began to investigate new sources of problems for their systems when Shor in 1997 developed a polynomial time algorithm for factoring integers and to compute the discrete logarithm in a quantum computer. In this context, Patarin proposed Hidden Field Equations (HFE), a trapdoor based on MQ (Multivariate Quadratic) and IP (Isomorphism of Polynomials) problems. Such problems are not affected by the Shor algorithm, moreover MQ Problem was demonstrate by Patarin and Goubin as NP-complete. Despite the basic HFE has broken, it varies secure, obtained by generic modification. The Quartz -- digital signature scheme based on HFEv-, with special choice of parameters -- is a good example of this resistance to algebraic attacks aimed at the recovery of the private key, because even today remains secure. Furthermore, it also generates short signatures. However, Joux and Martinet -- based on axioms of Birthday Paradox Attack -- proved that Quartz is malleable, showing that if the adversary has a pair (message, signature) valid, he can get a second signature with 2^(50) computations and 2^(50) calls to the signing oracle, so far the current security standards that are at least 2^(112). Thus, based on Quartz, we present a new digital signature scheme, achieving the adaptive chosen message attacks that make calls to the random oracle, with a secure level estimated at 2^(112). Our cryptosystem also provides an efficiency gain in signature verification algorithm and initialization vectors that will be used for signing and verification algorithms. Further we provide an implementation of Original Quartz and Enhanced Quartz in the Java programming language.

Os sistemas criptográficos de chave pública amplamente utilizados hoje em dia tem sua segurança baseada na suposição da intratabilidade dos problemas de fatoração de inteiros e do logaritmo discreto, sendo que ambos foram demonstrados inseguros sob o advento dos computadores quânticos. Sistemas criptográficos baseados em Multivariáveis Quadráticas (MQ) utilizam como base o problema MQ, que consiste em resolver um sistema de equações polinomiais multivariáveis quadráticas sobre um corpo finito. O problema MQ foi provado como sendo NP-completo e até hoje não se conhece algoritmo, nem mesmo quântico, de tempo polinomial que possa resolver o problema, fazendo com que sistemas criptográficos baseados nesta primitiva mereçam ser investigados e desenvolvidos como reais candidatos a proverem nossa criptografia pós-quântica. Durante a CRYPTO\'2011 Sakumoto, Shirai e Hiwatari introduziram dois novos protocolos de identificação baseados em polinômios multivariáveis quadráticos, os quais chamamos de MQID-3 e MQID-5, e que em especial e pela primeira vez, tem sua segurança reduzida apenas ao problema MQ. Baseados nestas propostas iremos apresentar uma versão aprimorada do protocolo MQID-3 na qual teremos uma redução da comunicação necessária em aproximadamente 9%.
The public-key cryptography widely used nowadays have their security based on the assumption of the intractability of the problems of integer factorization and discrete logarithm, both of which were proven unsafe in the advent of quantum computers. Cryptographic systems based on Multivariate Quadratic polynomials (MQ) are based on the MQ problem, which consists in solve a system of multivariate quadratic polynomials over a finite field. The MQ problem has been proven NP-complete and so far no polynomial time algorithm is known, not even quantum, which would resolve this problem, making worthwhile to be investigated and developed as a real candidate to provide post-quantum cryptography. In CRYPTO\'2011 Sakumoto, Shirai and Hiwatari introduced two new identification protocols based on multivariate quadratic polynomials, which we call MQID-3 and MQID-5, in particular, for the first time, their security is based only on the MQ problem. Using these proposals, we will present an improved version of the protocol MQID-3 that reduces communication by approximately 9%.

L'avènement de l'informatique quantique permet de réétudier les primitives cryptographiques avec une sécurité inconditionnelle, c'est à dire sécurisé même contre des adversaires tout puissants. En 1984, Bennett et Brassard ont construit un protocole quantique de distribution de clé. Dans ce protocole, deux joueurs Alice et Bob coopèrent pour partager une clé secrète inconnue d'une tierce personne Eve. Ce protocole a une sécurité inconditionnelle et n'a pasd'équivalent classique.Dans ma thèse, j'ai étudié les primitives cryptographiques à deux joueurs où ces joueurs ne se font pas confiance. J'étudie principalement le pile ou face quantique et la mise-en-gage quantique de bit. En informatique classique, ces primitivessont réalisables uniquement avec des hypothèses calculatoires, c'est-à-dire en supposant la difficulté d'un problème donné. Des protocoles quantiques ont été construits pour ces primitives où un adversaire peut tricher avec une probabilité constante strictement inférieure à 1, ce qui reste impossible classiquement. Néanmoins, Lo et Chau ont montré l'impossibilité de créer ces primitives parfaitement même en utilisant l'informatique quantique. Il reste donc à déterminer quelles sont les limites physiques de ces primitives.Dans une première partie, je construis un protocole quantique de pile ou face où chaque joueur peut tricher avec probabilité au plus 1/racine(2) + eps pour tout eps > 0. Ce résultat complète un résultat de Kitaev qui dit que dans un jeu de pile ou face quantique, un joueur peut toujours tricher avec probabilité au moins 1/racine(2). J'ai également construit un protocole de mise-en-gage de bit quantique optimal où un joueur peut tricher avec probabilité au plus 0,739 + eps pour tout eps > 0 puis ai montré que ce protocole est en fait optimal. Finalement, j'ai dérivé des bornes inférieures et supérieures pour une autre primitive: la transmission inconsciente, qui est une primitive universelle.Dans une deuxième partie, j'intègre certains aspects pratiques dans ces protocoles. Parfois les appareils de mesure ne donnent aucun résultat, ce sont les pertes dans la mesure. Je construis un protocole de lancer de pièce quantique tolérant aux pertes avec une probabilité de tricher de 0,859. Ensuite, j'étudie le modèle dispositif-indépendant où on ne suppose plus rien sur les appareils de mesure et de création d'état quantique.Finalement, dans une troisième partie, j'étudie ces primitives cryptographiques avec un sécurité computationnelle. En particulier, je fais le lien entre la mise en gage de bit quantique et les protocoles zero-knowledge quantiques.

Les croissances constantes de l’Internet et des services associés ont conduit à des problématiques naturellement liées au domaine de la cryptographie, parmi lesquelles l’authentification et le respect de la vie privée des utilisateurs. L’utilisation désormais commune d’appareils connectés (smartphone, tablette, montre, …) comme moyen d’authentification amène à considérer la génération et/ou la gestion de clés cryptographiques par de tels appareils pour répondre à ces besoins. Les résonances cryptographiques identifiées de ces deux cas d’étude sont respectivement le domaine des Fuzzy Extractors (« Extracteurs de Flous » en français) et les schémas de signature de groupe. D’une part, cette thèse présente alors le premier Fuzzy Extractror non basé sur la distance de Hamming à être réutilisable (dans le modèle de l’oracle aléatoire non programmable). Ce faisant, nous avons alors pu concevoir un module de génération de clés cryptographiques permettant d'authentifier un utilisateur à partir des ses appareils. D’autre part, deux schémas de signature de groupe basés sur la théorie des codes, respectivement en métrique de Hamming et en métrique rang sont également proposés. Ces deux schémas constituent des alternatives crédibles aux cryptosystèmes post-quantiques équivalents basés sur les réseaux euclidiens
Internet constant growth has naturally led to cryptographic issues such as authentication and privacy concerns. The common usage of connected devices (smartphones, tablet, watch, …) as authentication means made us consider cryptographic keys generations and/or managements from such devices to address aforementioned needs. For such a purpose, we identified fuzzy extractors and group signature schemes. On the one hand, this thesis then presents the first reusable fuzzy extractor based on set difference metric (in the nonprogrammable random oracle). In so doing, we were able to design a key generation module performing authentication from users’ devices. On the other hand, we came up with two group signature schemes, respectively based on Hamming and rank metrics, that seriously compete with post-quantum concurrent schemes based on lattices

This thesis concerns the analysis of the unconditional security of quantum cryptographic protocols using convex optimization techniques. It is divided into the study of coin-flipping and oblivious transfer. We first examine a family of coin-flipping protocols. Almost all of the handful of explicitly described coin-flipping protocols are based on bit-commitment. To explore the possibility of finding explicit optimal or near-optimal protocols, we focus on a class which generalizes such protocols. We call these $\BCCF$-protocols, for bit-commitment based coin-flipping. We use the semidefinite programming (SDP) formulation of cheating strategies along the lines of Kitaev to analyze the structure of the protocols. In the first part of the thesis, we show how these semidefinite programs can be used to simplify the analysis of the protocol. In particular, we show that a particular set of cheating strategies contains an optimal strategy. This reduces the problem to optimizing a linear combination of fidelity functions over a polytope which has several benefits. First, it allows one to model cheating probabilities using a simpler class of optimization problems known as second-order cone programs (SOCPs). Second, it helps with the construction of point games due to Kitaev as described in Mochon's work. Point games were developed to give a new perspective for studying quantum protocols. In some sense, the notion of point games is dual to the notion of protocols. There has been increased research activity in optimization concerning generalizing theory and algorithms for linear programming to much wider classes of optimization problems such as semidefinite programming. For example, semidefinite programming provides a tool for potentially improving results based on linear programming or investigating old problems that have eluded analysis by linear programming. In this sense, the history of semidefinite programming is very similar to the history of quantum computation. Quantum computing gives a generalized model of computation to tackle new and old problems, improving on and generalizing older classical techniques. Indeed, there are striking differences between linear programming and semidefinite programming as there are between classical and quantum computation. In this thesis, we strengthen this analogy by studying a family of classical coin-flipping protocols based on classical bit-commitment. Cheating strategies for these ``classical $\BCCF$-protocols'' can be formulated as linear programs (LPs) which are closely related to the semidefinite programs for the quantum version. In fact, we can construct point games for the classical protocols as well using the analysis for the quantum case. Using point games, we prove that every classical $\BCCF$-protocol allows exactly one of the parties to entirely determine the outcome. Also, we rederive Kitaev's lower bound to show that only ``classical'' protocols can saturate Kitaev's analysis. Moreover, if the product of Alice and Bob's optimal cheating probabilities is $1/2$, then at least one party can cheat with probability $1$. The second part concerns the design of an algorithm to search for $\BCCF$-protocols with small bias. Most coin-flipping protocols with more than three rounds have eluded direct analysis. To better understand the properties of optimal $\BCCF$-protocols with four or more rounds, we turn to computational experiments. We design a computational optimization approach to search for the best protocol based on the semidefinite programming formulations of cheating strategies. We create a protocol filter using cheating strategies, some of which build upon known strategies and others are based on convex optimization and linear algebra. The protocol filter efficiently eliminates candidate protocols with too high a bias. Using this protocol filter and symmetry arguments, we perform searches in a matter of days that would have otherwise taken millions of years. Our experiments checked $10^{16}$ four and six-round $\BCCF$-protocols and suggest that the optimal bias is $1/4$. The third part examines the relationship between oblivious transfer, bit-commitment, and coin-flipping. We consider oblivious transfer which succeeds with probability $1$ when the two parties are honest and construct a simple protocol with security provably better than any classical protocol. We also derive a lower bound by constructing a bit-commitment protocol from an oblivious transfer protocol. Known lower bounds for bit-commitment then lead to a constant lower bound on the bias of oblivious transfer. Finally, we show that it is possible to use Kitaev's semidefinite programming formulation of cheating strategies to obtain optimal lower bounds on a ``forcing'' variant of oblivious transfer related to coin-flipping.

In this thesis we develop a methodology for the modeling and analysis of quantum security protocols, and apply it to a cheat sensitive quantum bit commitment protocol. Our method consists of a formalization of the protocol in the process algebra CQP, a conversion to the PRISM modeling language, verification of security properties, and the quantitative analysis of optimal cheat strategies for a dishonest party. We also define additional syntax and operational semantics for CQP to add decision making capability. For a two party protocol involving Alice committing a bit to Bob, we show that the protocol favors a dishonest Alice over a dishonest Bob. When only one party is dishonest, and uses an optimal cheat strategy, we also show that the probability of cheat detection is bounded at 0.037 for Bob and 0.076 for Alice. In addition, a dishonest Alice is able to reveal an arbitrary commit bit with probability 1 while a dishonest Bob is only able to extract the correct bit before it is revealed with probability 0.854. This bias is interesting as it gives us insight into how the overall protocol functions and where its weaknesses are. By identifying these weaknesses we provide a foundation for future improvements to the protocol to reduce cheating bias or increase cheat detection. Finally, our methodology reveals the weakness of PRISM in modeling quantum variables to their full power and as a result we propose the development of a new modeling tool for quantum protocols.

This work explores two methods for practical cryptography on mobile devices. The first method is a quantum-resistant key-exchange protocol proposed by Jao et al.. As the use of mobile devices increases, the deployment of practical cryptographic protocols designed for use on these devices is of increasing importance. Furthermore, we are faced with the possible development of a large-scale quantum computer in the near future and must take steps to prepare for this possibility. We describe the key-exchange protocol of Jao et al. and discuss their original implementation. We then describe our modifications to their scheme that make it suitable for use in mobile devices. Our code is between 18-26% faster (depending on the security level). The second is an highly optimized implementation of Miller's algorithm that efficiently computes the Optimal Ate pairing over Barreto-Naehrig curves proposed by Grewal et al.. We give an introduction to cryptographic pairings and describe the Tate pairing and its variants. We then proceed to describe Grewal et al.'s implementation of Miller's algorithm, along with their optimizations. We describe our use of hand-optimized assembly code to increase the performance of their implementation. For the Optimal Ate pairing over the BN-446 curve, our code is between 7-8% faster depending on whether the pairing uses affine or projective coordinates.

Quantum cryptography is arguably the most successfully applied area of quantum information theory. In this work, We invsetigate the role of quantum indistinguishability in random number generation, quantum temporal correlations, quantum nonlocality and counterfactuality for quantum cryptography. We study quantum protocols for key distribution, and their security in the conventional setting, in the counterfactual paradigm, and finally also in the device-independent scenario as applied to prepare-and-measure schemes. We begin with the interplay of two essential non-classical features like quantum indeterminism and quantum indistinguishability via a process known as bosonic stimulation is discussed. It is observed that the process provides an efficient method for macroscopic extraction of quantum randomness. Next, we propose two counterfactual cryptographic protocols, in which a secret key bit is generated even without the physical transmission of a particle. The first protocol is semicounterfactual in the sense that only one of the key bits is generated using interaction-free measurement. This protocol departs fundamentally from the original counterfactual key distribution protocol in not encoding secret bits in terms of photon polarization. We discuss how the security in the protocol originates from quantum single-particle non-locality. The second protocol is designed for the crypto-task of certificate authorization, where a trusted third party authenticates an entity (e.g., bank) to a client. We analyze the security of both protocols under various general incoherent attack models. The next part of our work includes study of quantum temporal correlations. We consider the use of the Leggett-Garg inequalities for device-independent security appropriate for prepare-and-measure protocols subjected to the higher dimensional attack that would completely undermine standard BB84. In the last part, we introduce the novel concept of nonlocal subspaces constructed using the graph state formalism, and propose their application for quantum information splitting. In particular, we use the stabilizer formalism of graph states to construct degenerate Bell operators, whose eigenspace determines the nonlocal subspace, into which a quantum secret is encoded and shared among an authorized group of agents, or securely transmitted to a designated secret retriever. The security of our scheme arises from the monogamy of quantum correlations. The quantum violation of the Bell-type inequality here is to its algebraic maximum, making this approach inherently suitable for the device-independent scenario.

Quantum cryptography is arguably the most successfully applied area of quantum information theory. In this work, We invsetigate the role of quantum indistinguishability in random number generation, quantum temporal correlations, quantum nonlocality and counterfactuality for quantum cryptography. We study quantum protocols for key distribution, and their security in the conventional setting, in the counterfactual paradigm, and finally also in the device-independent scenario as applied to prepare-and-measure schemes. We begin with the interplay of two essential non-classical features like quantum indeterminism and quantum indistinguishability via a process known as bosonic stimulation is discussed. It is observed that the process provides an efficient method for macroscopic extraction of quantum randomness. Next, we propose two counterfactual cryptographic protocols, in which a secret key bit is generated even without the physical transmission of a particle. The first protocol is semicounterfactual in the sense that only one of the key bits is generated using interaction-free measurement. This protocol departs fundamentally from the original counterfactual key distribution protocol in not encoding secret bits in terms of photon polarization. We discuss how the security in the protocol originates from quantum single-particle non-locality. The second protocol is designed for the crypto-task of certificate authorization, where a trusted third party authenticates an entity (e.g., bank) to a client. We analyze the security of both protocols under various general incoherent attack models. The next part of our work includes study of quantum temporal correlations. We consider the use of the Leggett-Garg inequalities for device-independent security appropriate for prepare-and-measure protocols subjected to the higher dimensional attack that would completely undermine standard BB84. In the last part, we introduce the novel concept of nonlocal subspaces constructed using the graph state formalism, and propose their application for quantum information splitting. In particular, we use the stabilizer formalism of graph states to construct degenerate Bell operators, whose eigenspace determines the nonlocal subspace, into which a quantum secret is encoded and shared among an authorized group of agents, or securely transmitted to a designated secret retriever. The security of our scheme arises from the monogamy of quantum correlations. The quantum violation of the Bell-type inequality here is to its algebraic maximum, making this approach inherently suitable for the device-independent scenario.

Dissertação de mestrado em Computer Science
With the possibility of quantum computers making an appearance, possibly capable of breaking several well established and widespread crytposystems (especially those that implement public key cryptography), necessity has arisen to create new cryptographic algorithms which remain safe even against adversaries using quantum computers. Several algorithms based on different mathematical problems have been proposed which are considered to be hard to solve with quantum computers. In recent years, a new lattice-based mathematical problem called Learning With Errors (and its variant Ring - Learning With Errors) was introduced, and several cryptosystems based on this problem were introduced, some of which are becoming practical enough to compete with traditional schemes that have been used for decades. The primary focus in this work is the implementation of two Ring - Learning With Errors based schemes (one key exchange mechanism and one digital signature scheme) on the TLS protocol via the OpenSSL library as a way of checking their overall viability in real-world scenarios, by comparing them to classical schemes implementing the same functionalities.
Com a possibilidade do surgimento dos primeiros computadores quânticos, possivelmente capazes de quebrar muitos dos cripto-sistemas bem difundidos e considerados seguros, tornou-se necessário tomar precauções com a criação de novas técnicas criptográficas que visam manter as suas propriedades de segurança mesmo contra adversários que usem computadores quânticos. Existem já muitas propostas de algoritmos baseados em problemas matemáticos distintos que são considerados difíceis de resolver recorrendo a computadores quânticos. Recentemente, foi introduzido um novo problema baseado em reticulados denominado de Learning With Errors (e a sua variante Ring - Learning With Errors), e consequentemente foram propostos vários cripto-sistemas baseados nesse problema, alguns dos quais começam já a ser utilizáveis ao ponto de poderem ser comparados com os esquemas clássicos usados há décadas. O foco principal neste trabalho é a implementação de dois esquemas baseados no problema Ring - Learning With Errors (mais precisamente, um esquema de troca de chaves e uma assinatura digital) no protocolo TLS através da sua integração no OpenSSL como forma de verificar a sua viabilidade em contextos reais, comparando-os com esquemas clássicos que implementem as mesmas funcionalidades.

Τα Αποτυπώματα αποτελούν μια κομψή και αποτελεσματική λύση στο Πρόβλημα της Ισότητας στην Πολυπλοκότητα Επικοινωνίας. Τα Κβαντικά τους αντίστοιχα είναι ένα παράδειγμα της εκθετικής μείωσης στο κόστος επικοινωνίας που είναι εφικτή όταν χρησιμοποιείται κβαντική αντί για κλασσική πληροφορία. Το πλεονέκτημα αυτό οδήγησε σε αρκετά χρόνια έρευνας με ενδιαφέροντα αποτελέσματα. Επιπλέον, πρόσφατες δημοσιεύσεις υποδεικνύουν αποδοτικούς τρόπους για πειραματική υλοποίηση των Κβαντικών Αποτυπωμάτων. Τέλος, τα Κβαντικά Αποτυπώματα αποδεικνύονται ισχυρά εργαλεία στο χώρο της Κβαντικής Κρυπτογραφίας, επειδή διαθέτουν δυνατότητα αξιόπιστης απόκρυψης πληροφορίας. Σε αυτήν την εργασία εξετάζουμε τα Κβαντικά Αποτυπώματα στο πλαίσιο της Κβαντικής Κρυπτογραφίας και διερευνούμε τη χρήση τους για την κατασκευή πειραματικώς υλοποιήσιμων Κβαντικών Χρημάτων.
Fingerprints provide an elegant and cost-e ective solution to the Equality Problem in communication complexity. Their quantum counterpart is one example where an exponential gap exists between classical and quantum communication cost. Moreover, recent publications have proposed e cient ways to construct and work with quantum ngerprints in practice. Apart from the savings in communication cost, quantum ngerprints have an additional, inherent feature, namely the ability to hide information, which renders them a perfect candidate for Quantum Cryptography. This thesis reviews quantum ngerprints both as a communication complexity asset as well as a crypto-primitive and investigates the use of Quantum Fingerprinting to implement experimentally feasible Quantum Money schemes. We propose a public-key Quantum Money scheme comprising Quantum Fingerprints as well as an experimental implementation of it, feasible with current technology.