Quantum information in security protocols
Loading...
Date
2022-01-18
Authors
Verschoor, Sebastian Reynaldo
Journal Title
Journal ISSN
Volume Title
Publisher
University of Waterloo
Abstract
Information security deals with the protection of our digital infrastructure.
Achieving meaningful real-world security requires powerful cryptographic models
that can give strong security guarantees and it requires accuracy of the model.
Substantial engineering effort is required to ensure that a deployment
meets the requirements imposed by the model.
Quantum information impacts the field of security in two major ways.
First, it allows more efficient cryptanalysis of currently widely deployed systems.
New "post-quantum" cryptographic algorithms are designed to be secure against quantum attacks,
but do not require quantum technology to be implemented.
Since post-quantum algorithms have different properties,
substantial effort is required to integrate these in the existing infrastructure.
Second, quantum cryptography leverages quantum-mechanical properties to
build new cryptographic systems with potential advantages,
however these require a more substantial overhaul of the infrastructure.
In this thesis I highlight the necessity of both the mathematical rigour and
the engineering efforts that go into security protocols in the context of quantum information.
This is done in three different contexts.
First, I analyze the impact of key exhaustion attacks against quantum key distribution,
showing that they can lead to substantial loss of security.
I also provide two mitigations that thwart such key exhaustion attacks by computationally bounded adversaries, without compromising the information theoretically secure properties of the protocol output.
I give various security considerations for secure implementation of the mitigations.
Second, I consider how quantum adversaries can successfully attack quantum distance bounding protocols
that had previously been claimed to be secure by informal reasoning.
This highlights the need for mathematical rigour in the analysis of quantum adversaries.
Third, I propose a post-quantum replacement for the socialist millionaire protocol in secure messaging.
The protocol prevents some of the usability problems that have been observed in other key authentication ceremonies.
The post-quantum replacement utilizes techniques from private set intersection to build a protocol from
primitives that have seen much scrutiny from the cryptographic community.
Description
Keywords
quantum information, information security, quantum key distribution, distance bounding, key authentication