My question is very simple. Can I use Post-Quantum encryption/decryption algorithms in IoT devices such as RaspberryPi, Arduino etc, or should the hardware infrastructure obey in quantum logic?
Asked
Active
Viewed 425 times
0
-
1NTRU is post quantum, but doesn't need a quantum computer to run it – SamG101 Jan 09 '20 at 23:30
-
4Do you know the difference between Quantum cryptography (cryptography exploiting quantum mechanics) and Post-Quantum cryptography (cryptography running on "normal" computers resisting attack of Quantum computers (computers exploiting quantum mechanics))? – j.p. Jan 10 '20 at 07:10
2 Answers
3
Can I use Quantum encryption/decryption algorithms in IoT devices such as RaspberryPi, Arduino etc, or should the hardware infrastructure obey in quantum logic?
The question needs to be reformulated as:
Can I use Post-Quantum encryption/decryption algorithms in IoT devices (..) ?
Yes. They can use such encryption/decryption/key exchange algorithms, designed for security against attacks by quantum computers. Such algorithms are an active research topic, with current candidates currently in a public selection process by NIST. They run on classical computers, and perform the same tacks as today's algorithms. The main functional difference is hopefully increased resistance to cryptanalysis.
Post-Quantum Cryptography tends to be more resource-intensive than the current generation of cryptography: slower computations, larger keys and messages, especially if we compare current parametrization of current algorithms to PKC with their proposed parametrization. But all RaspberryPi and I guess all except the most low-end Arduinos are adequate for many of the Post-Quantum algorithms under consideration.
The skeptical will say: why bother now?
- Post-Quantum cryptography does not solve the actual security problems that pleague IoT: sometime abysmally poor security architecture, poor software quality, backdoors, implementation mistakes, side-channel and fault-injection attacks.
- Post-Quantum cryptography algorithms are new (with few, not very practical exceptions). And the history of cryptography suggests that it sometime takes years of public exposure to uncover theoretical problems, and that implementation never get entirely safe to side-channel and fault-injection attacks if the attacker is invasive enough.
- With parameters in the upper range of current crypto (AES-256 for block ciphers, SHA-512 for hashes, RSA-4096 or ECC cryptography on a large safe curve), current-generation crypto is safe from both classical and quantum computers in the foreseeable future: classical computers currently surpass quantum computers on nearly all tasks (with a few claimed exceptions in simulation of physical phenomena), and there are reasons to believe that cryptanalysis, because it requires exact results on large quantities, is among the problems that require the most difficult advances in quantum computers.
Addition: Quantum Key Distribution (which has next to nothing to do with PKC) is not feasible with the hardware available on current computers and network gear. It does not solve the problem of initial key distribution, nor of recovering from a complete state compromise, and has a poor security track record (see this). It is pointless in an IoT context in the foreseable future.
Advances in quantum technologies impact practical uses of crytography in other ways than Quantum cryptanalysis, QKD and PKC:
- They enable increasingly fast, dense, and power-efficient devices, both using crypto and trying to break it. Except for password hashing, the net long term effect is more security against offline attacks.
- But sensors based on quantum effects conceivably can be used for improved side-channel attacks extracting the secrets embedded in devices, including IoT and Smart Cards.
fgrieu
- 140,762
- 12
- 307
- 587
-
Does Post-Quantum Cryptography go faster as far as encryption/decryption is concerned comparing to ECC, RSA? – just_learning Jan 12 '20 at 20:05
-
1@just_learning: PQC faster than ECC, rather no, especially if we compare current ECC parametrization to projected PQC parametrization. Faster than RSA, sometime for decryption and signature computation, no for encryption and signature verification. That varies a lot with the PQC considered. – fgrieu Jan 12 '20 at 20:10
-
Thanks!! And comparing to key management schemes for wireless nodes, it is the same rationale as far as speed is concerned? – just_learning Jan 12 '20 at 20:28
-
1@just_learning : PQC key management is functionally similar to classical (symmetric and asymmetric), with the minor issue that keys are often bigger. I now briefly discuss QKD: a marvelous achievement with no practical benefit and a poor security track record. – fgrieu Jan 13 '20 at 07:29
0
Quantum Cryptography uses quantum mechanics to complete tasks such as running Shor's Algorithm or Grover's algorithm. You need a quantum computer to do this, as it leverages quantum mechanics.
Post quantum cryptography is safe from quantum computers, i.e. there's no known algorithm that can run on quantum computers to break the algorithm. NTRU is an example - there's no known algorithm that can break the shortest vector problem, even running on a quantum computer, but NTRU doesn't need a quantum computer in order to be used. NTRU can be run on classical computers
HeatfanJohn
- 342
- 6
- 17
SamG101
- 613
- 4
- 12
-
3
-
1https://en.m.wikipedia.org/wiki/Quantum_key_distribution suggests that it harnesses quantum mechanics.. how does a classical computer do this? – SamG101 Jan 10 '20 at 13:01
-
1@SamG101 We don't have a quantum computer yet but we have QKD. Analogy; You don't need to build a PC to use AND and OR gate. – kelalaka Jan 10 '20 at 13:04
-
1Ohh right I understand now, I'll update answer.. the analogies are really helpful btw, thanks – SamG101 Jan 10 '20 at 13:16
-
1You need a quantum computer to do this, No You need a quantum
circuitto do this – kelalaka Jan 10 '20 at 15:28 -
Which (quantum circuits) do not exist...and can only be simulated, right? – just_learning Jan 10 '20 at 15:32