# Quantum computer impact on public

AI and Robotics

Nov 21, 2013 (4 years and 6 months ago)

61 views

Tallinn University of Technology

Quantum computer impact on public
key cryptography

Roman
Stepanenko

Agenda

Introduction

Explanation of RSA

Principles of quantum computers

Shor’s

factorization algorithm

Introduction

Most cryptography systems rely on the
difficulty of factoring large numbers.

No known efficient algorithm for number
factorization on classical computer.
Available algorithms take exponential time
in respect to input size. Factorization of
hundreds digits long numbers is
practically impossible.

Introduction

But what if there is a fast way to factor
large numbers…?

Explanation of RSA

To explain why big number factorization is
so important to cryptography we need to
analyze how RSA works.

After a brief explanation a short example
will follow which I took from the all
knowing Wikipedia.

It will be shown why RSA is vulnerable

Explanation of RSA

RSA algorithm consists of three steps: key
generation, encryption and decryption.
RSA uses a public and a private key.

Let’s look at how this is done.

Steps of RSA

randomly generate two distinct prime
numbers
p

and
q

of similar
length

compute
n =
pq

which will be used as
modulus for both private and public
keys

t
otient
*
function
φ
(
n
) = (
p

1)(
q

1)
needs to be
computed

*
Euler's totient of a positive integer
n

is
defined to be the number of positive
integers less than or equal to
n

that are
coprime to
n
.

Steps of RSA

choose an integer
e
so that

φ
(
n
) and
e
are
coprime

and 1
<
e

<
φ
(
n
),
n
umber
e
is the
public key
exponent

t
o
get the private key exponent
d
it is
necessary to calculate the multiplicative
inverse of
e

mod
φ
(
n
):

d
=
e
-
1
mod
φ
(
n
)

public
key consists of the modulus
n

and the
encryption exponent
e
, private
key consists
of the
decryption
exponent
d

Steps of RSA

message needs to be converted to an
integer
m

ciphertext

c

=
m
e

(mod
n
) is
computed

m

=
c
d
(mod
n
)
to decrypt

from
m

we recover the original message

Example of RSA encryption

taken from http://en.wikipedia.org/wiki/RSA#A_working_example

1.
Choose two distinct prime numbers,
such as
p
= 61 and q = 53
.

2.
Compute n = pq giving
n
= 61 ∙ 53 =
3233
.

3.
Compute the
totient

of the product as
ϕ
(n) = (p

1)(q

1) giving
ϕ
(3233
) =
(61

1)(53

1) = 3120.

Example of RSA encryption

taken from http://en.wikipedia.org/wiki/RSA#A_working_example

4.
Choose any number 1 < e < 3120 that is
coprime

to 3120. Choosing a prime
number for e leaves us only to check
that e is not a divisor of 3120.
Let
e =
17
.

5.
Compute d, the modular multiplicative
inverse of e (mod
φ
(n)) yielding
d
=
2753 (solved for example using the
extended Euclidean algorithm*).

*http://www.ahuwanya.net/blog/post/The
-
Extended
-
Euclidean
-
Algorithm.aspx

Example of RSA encryption

taken from http://en.wikipedia.org/wiki/RSA#A_working_example

The public key is (n = 3233, e = 17). For a
encryption function is m
17

(mod 3233).

The private key is (n = 3233, d = 2753).
For an encrypted
ciphertext

c, the
decryption function is c
2753

(mod 3233).

Example of RSA encryption

taken from http://en.wikipedia.org/wiki/RSA#A_working_example

For instance, in order to encrypt m = 65,
we
calculate

c
= 65
17

(mod 3233) = 2790.

To decrypt c = 2790, we
calculate

m
= 2790
2753

(mod 3233) = 65.

Both of these calculations can be
computed efficiently using the square
-
and
-
multiply algorithm for modular
exponentiation.

Factorization attack

If it was possible to efficiently factor the
integer
n
, which is stored in the public key,
it would be possible to find the
totient

φ
(
n
) = (
p

1)(
q

1). Knowing that and
the public exponent
e
, it is possible to
compute the private exponent using the
equality d =
e
-
1
mod
φ
(
n
).

Brief introduction into Quantum
Computing

Base of the classical memory register is
the bit.

Base of the quantum memory register is
the
qbit
.

Ideas how to implement a
qbit
: using a
quantum particle’s spin value, using
hydrogen atom’s electron state and so on.

Brief introduction into Quantum
Computing

Bit can be either in 0 or 1 state

Qbit

exists in a superposition of 0 and 1
base states, it can be represented
as a
linear
combination:

where
α

and

β

are probability
amplitudes and are complex numbers.

Brief introduction into Quantum
Computing

What do the
α

and

β

coefficients actually
mean?

If measured a
qbit

will be either 0 with
probability |
α
|
2

or 1 with probability
|
β
|
2
.

|
α
|
2
+
|
β
|
2
= 1

A
qbit

while left alone exists in a combination
of 0 and 1 states, however when measured it
becomes strictly 0 or 1 with certain
probability.

Brief introduction into Quantum
Computing

We are not limited to one
qbit

systems.

A
quantum system composed of
m

qbits

requires 2
m

complex
numbers to
describe.

A
classical register with
n

bits requires only
n

integers
to describe.

Theoretically
a quantum register can store exponentially greater
amount of information than a classical register with the same
amount of bits
.

A
quantum register exists in the superposition of base states. From
this quality something called quantum parallelism arises.

Each
component of the superposition may be considered as an
argument to a function, so a function performed on the
superposition of states is in turn performed on each component of
the superposition
.

The
larger the number of possible states is, however, the smaller
the probability that you will measure any particular state becomes.

Shor’s

algorithm

In 1994 Peter
Shor

who was working as a
scientist in Bell Labs devised a polynomial
time
quantum algorithm
for big integer
factorization. This became a great driving
force for quantum computer research.

Shor’s

algorithm

F(a) =
x
a

mod

n
is a periodical function
with some period
r
.

It
is clear that
x
0

mod
n

= 1,
therefore

x
r

mod
n

= 1,
x
2r

mod
n

= 1 and so on.

Shor’s

algorithm

x
r

mod

n

=

1
,

x
r

1

mod

n
,

(
x
r/
2
)
2

1

mod

n,

(
x
r/
2
)
2

1

0

mod

n,

and

if

r

is

an

even

number

(
x
r/
2

1
)

(
x
r/
2

+

1
)

0

mod

n
.

From the last identity it can be seen that
(
x
r
/2

1) (
x
r
/2

+ 1)
is an integer multiple of n. If |
x
r
/2
| ≠ 1, then at least one of
(
x
r
/2

1), (
x
r
/2

+ 1) will have a non
-
trivial factor in common
with n. Then by computing the
gcd
(
x
r
/2

1, n) and
gcd
(
x
r
/2

+ 1,
n),
we
will obtain a factor of n.
We can use the Euclidean
algorithm for that.

Shor’s

algorithm

Shor‘s

algorithm is designed to find
r
.

1.
A quantum
memory register with two
parts has to be
created.

2.
A number
q

is chosen so that

n
2

q
<2
n
2

and
q

is the power of two
.

3.
The first part of the memory register is
loaded with a superposition of the
integers which are to be
a
‘s in the

x
a

mod

n
function. The
a
‘s are chosen to
be integers 0 through
q

1.

Shor’s

algorithm

4.
The algorithm calculates
x
a

mod

n
with
the superposition of the states
a

placed
in the first part of the memory register,
and places the result in the second part
of the register.

5.
If measured the state of
the second part
of the
register will collapse into some
value
k
.

Shor’s

algorithm

6.
T
he
first part of the quantum register
will collapse into a superposition of the
base states consistent with the value
observed in the second part.

It will
contain values
c
,
c + r, c + 2r...
and so on,
where
c

is the lowest value that would
produce
x
c

mod

n
=
k.

7.
In the next step a discrete quantum
Fourier transform is performed on the
contents of the first part of the register.

Shor’s

algorithm

8.
It
peaks
the probability amplitudes of
the first part of the register at integer
multiples of the quantity
q
/
r.

Shor’s

algorithm

9.
Measuring the first part of the register
will yield an
integer multiple of the
inverse of the period with high
probability.

10.
Analysis of this number is done on a
classical computer to get the period
r
.

Conclusion

Based on the ideas stated before it can be
said that the invention of a quantum
computer will put public key
cryptography systems that rely on
difficulty to factor large numbers (RSA,
DSA, ECDSA) in danger.

Conclusion

There are many important classes of
cryptographic
systems beyond RSA and DSA and ECDSA
:

Hash
-
based cryptography

Code
-
based cryptography

Lattice
-
based cryptography

Multivariate
-
-
equations cryptography

Secret
-
key cryptography

All of these systems are believed to resist classical
computers and
quantum computers
.