Tallinn University of Technology
Quantum computer impact on public
key cryptography
Roman
Stepanenko
Agenda
Introduction
Explanation of RSA
Principles of quantum computers
Shor’s
factorization algorithm
Introduction
Most cryptography systems rely on the
difficulty of factoring large numbers.
No known efficient algorithm for number
factorization on classical computer.
Available algorithms take exponential time
in respect to input size. Factorization of
hundreds digits long numbers is
practically impossible.
Introduction
But what if there is a fast way to factor
large numbers…?
Explanation of RSA
To explain why big number factorization is
so important to cryptography we need to
analyze how RSA works.
After a brief explanation a short example
will follow which I took from the all
knowing Wikipedia.
It will be shown why RSA is vulnerable
Explanation of RSA
RSA algorithm consists of three steps: key
generation, encryption and decryption.
RSA uses a public and a private key.
Let’s look at how this is done.
Steps of RSA
randomly generate two distinct prime
numbers
p
and
q
of similar
length
compute
n =
pq
which will be used as
modulus for both private and public
keys
t
otient
*
function
φ
(
n
) = (
p
–
1)(
q
–
1)
needs to be
computed
*
Euler's totient of a positive integer
n
is
defined to be the number of positive
integers less than or equal to
n
that are
coprime to
n
.
Steps of RSA
choose an integer
e
so that
φ
(
n
) and
e
are
coprime
and 1
<
e
<
φ
(
n
),
n
umber
e
is the
public key
exponent
t
o
get the private key exponent
d
it is
necessary to calculate the multiplicative
inverse of
e
mod
φ
(
n
):
d
=
e

1
mod
φ
(
n
)
public
key consists of the modulus
n
and the
encryption exponent
e
, private
key consists
of the
decryption
exponent
d
Steps of RSA
message needs to be converted to an
integer
m
(padding scheme is used)
ciphertext
c
=
m
e
(mod
n
) is
computed
m
=
c
d
(mod
n
)
to decrypt
from
m
we recover the original message
Example of RSA encryption
taken from http://en.wikipedia.org/wiki/RSA#A_working_example
1.
Choose two distinct prime numbers,
such as
p
= 61 and q = 53
.
2.
Compute n = pq giving
n
= 61 ∙ 53 =
3233
.
3.
Compute the
totient
of the product as
ϕ
(n) = (p
−
1)(q
−
1) giving
ϕ
(3233
) =
(61
−
1)(53
−
1) = 3120.
Example of RSA encryption
taken from http://en.wikipedia.org/wiki/RSA#A_working_example
4.
Choose any number 1 < e < 3120 that is
coprime
to 3120. Choosing a prime
number for e leaves us only to check
that e is not a divisor of 3120.
Let
e =
17
.
5.
Compute d, the modular multiplicative
inverse of e (mod
φ
(n)) yielding
d
=
2753 (solved for example using the
extended Euclidean algorithm*).
*http://www.ahuwanya.net/blog/post/The

Extended

Euclidean

Algorithm.aspx
Example of RSA encryption
taken from http://en.wikipedia.org/wiki/RSA#A_working_example
The public key is (n = 3233, e = 17). For a
padded plaintext message m, the
encryption function is m
17
(mod 3233).
The private key is (n = 3233, d = 2753).
For an encrypted
ciphertext
c, the
decryption function is c
2753
(mod 3233).
Example of RSA encryption
taken from http://en.wikipedia.org/wiki/RSA#A_working_example
For instance, in order to encrypt m = 65,
we
calculate
c
= 65
17
(mod 3233) = 2790.
To decrypt c = 2790, we
calculate
m
= 2790
2753
(mod 3233) = 65.
Both of these calculations can be
computed efficiently using the square

and

multiply algorithm for modular
exponentiation.
Factorization attack
If it was possible to efficiently factor the
integer
n
, which is stored in the public key,
it would be possible to find the
totient
φ
(
n
) = (
p
–
1)(
q
–
1). Knowing that and
the public exponent
e
, it is possible to
compute the private exponent using the
equality d =
e

1
mod
φ
(
n
).
Brief introduction into Quantum
Computing
Base of the classical memory register is
the bit.
Base of the quantum memory register is
the
qbit
.
Ideas how to implement a
qbit
: using a
quantum particle’s spin value, using
hydrogen atom’s electron state and so on.
Brief introduction into Quantum
Computing
Bit can be either in 0 or 1 state
Qbit
exists in a superposition of 0 and 1
base states, it can be represented
as a
linear
combination:
where
α
and
β
are probability
amplitudes and are complex numbers.
Brief introduction into Quantum
Computing
What do the
α
and
β
coefficients actually
mean?
◦
If measured a
qbit
will be either 0 with
probability 
α

2
or 1 with probability

β

2
.
◦

α

2
+

β

2
= 1
◦
A
qbit
while left alone exists in a combination
of 0 and 1 states, however when measured it
becomes strictly 0 or 1 with certain
probability.
Brief introduction into Quantum
Computing
We are not limited to one
qbit
systems.
A
quantum system composed of
m
qbits
requires 2
m
complex
numbers to
describe.
A
classical register with
n
bits requires only
n
integers
to describe.
Theoretically
a quantum register can store exponentially greater
amount of information than a classical register with the same
amount of bits
.
A
quantum register exists in the superposition of base states. From
this quality something called quantum parallelism arises.
Each
component of the superposition may be considered as an
argument to a function, so a function performed on the
superposition of states is in turn performed on each component of
the superposition
.
The
larger the number of possible states is, however, the smaller
the probability that you will measure any particular state becomes.
Shor’s
algorithm
In 1994 Peter
Shor
who was working as a
scientist in Bell Labs devised a polynomial
time
quantum algorithm
for big integer
factorization. This became a great driving
force for quantum computer research.
Shor’s
algorithm
F(a) =
x
a
mod
n
is a periodical function
with some period
r
.
It
is clear that
x
0
mod
n
= 1,
therefore
x
r
mod
n
= 1,
x
2r
mod
n
= 1 and so on.
Shor’s
algorithm
x
r
mod
n
=
1
,
x
r
≡
1
mod
n
,
(
x
r/
2
)
2
≡
1
mod
n,
(
x
r/
2
)
2
–
1
≡
0
mod
n,
and
if
r
is
an
even
number
(
x
r/
2
–
1
)
(
x
r/
2
+
1
)
≡
0
mod
n
.
From the last identity it can be seen that
(
x
r
/2
–
1) (
x
r
/2
+ 1)
is an integer multiple of n. If 
x
r
/2
 ≠ 1, then at least one of
(
x
r
/2
–
1), (
x
r
/2
+ 1) will have a non

trivial factor in common
with n. Then by computing the
gcd
(
x
r
/2
–
1, n) and
gcd
(
x
r
/2
+ 1,
n),
we
will obtain a factor of n.
We can use the Euclidean
algorithm for that.
Shor’s
algorithm
Shor‘s
algorithm is designed to find
r
.
1.
A quantum
memory register with two
parts has to be
created.
2.
A number
q
is chosen so that
n
2
≤
q
<2
n
2
and
q
is the power of two
.
3.
The first part of the memory register is
loaded with a superposition of the
integers which are to be
a
‘s in the
x
a
mod
n
function. The
a
‘s are chosen to
be integers 0 through
q
–
1.
Shor’s
algorithm
4.
The algorithm calculates
x
a
mod
n
with
the superposition of the states
a
placed
in the first part of the memory register,
and places the result in the second part
of the register.
5.
If measured the state of
the second part
of the
register will collapse into some
value
k
.
Shor’s
algorithm
6.
T
he
first part of the quantum register
will collapse into a superposition of the
base states consistent with the value
observed in the second part.
It will
contain values
c
,
c + r, c + 2r...
and so on,
where
c
is the lowest value that would
produce
x
c
mod
n
=
k.
7.
In the next step a discrete quantum
Fourier transform is performed on the
contents of the first part of the register.
Shor’s
algorithm
8.
It
peaks
the probability amplitudes of
the first part of the register at integer
multiples of the quantity
q
/
r.
Shor’s
algorithm
9.
Measuring the first part of the register
will yield an
integer multiple of the
inverse of the period with high
probability.
10.
Analysis of this number is done on a
classical computer to get the period
r
.
Conclusion
Based on the ideas stated before it can be
said that the invention of a quantum
computer will put public key
cryptography systems that rely on
difficulty to factor large numbers (RSA,
DSA, ECDSA) in danger.
Conclusion
There are many important classes of
cryptographic
systems beyond RSA and DSA and ECDSA
:
◦
Hash

based cryptography
◦
Code

based cryptography
◦
Lattice

based cryptography
◦
Multivariate

quadratic

equations cryptography
◦
Secret

key cryptography
All of these systems are believed to resist classical
computers and
quantum computers
.
Enter the password to open this PDF file:
File name:

File size:

Title:

Author:

Subject:

Keywords:

Creation Date:

Modification Date:

Creator:

PDF Producer:

PDF Version:

Page Count:

Preparing document for printing…
0%
Comments 0
Log in to post a comment