research-article

Quantum resistant public key cryptography: a survey

Authors:
Ray A. Perlner

National Institute of Standards and Technology, Gaithersburg, Maryland

National Institute of Standards and Technology, Gaithersburg, Maryland
View Profile

,
David A. Cooper

National Institute of Standards and Technology, Gaithersburg, Maryland

National Institute of Standards and Technology, Gaithersburg, Maryland
View Profile

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the InternetApril 2009Pages 85–93https://doi.org/10.1145/1527017.1527028

Published:14 April 2009Publication History

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

Pages 85–93

ABSTRACT

Public key cryptography is widely used to secure transactions over the Internet. However, advances in quantum computers threaten to undermine the security assumptions upon which currently used public key cryptographic algorithms are based. In this paper, we provide a survey of some of the public key cryptographic algorithms that have been developed that, while not currently in widespread use, are believed to be resistant to quantum computing based attacks and discuss some of the issues that protocol designers may need to consider if there is a need to deploy these algorithms at some point in the future.

References

M. Ajtai. The shortest vector problem in L<sub>2</sub> is NP-hard for randomized reductions (extended abstract). In Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, pages 10--19, 1998. Google ScholarDigital Library
M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In STOC '97: Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, pages 284--293, 1997. Google ScholarDigital Library
E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid. Recommendation for key management -- part 1: General. NIST special publication 800-57, National Institute of Standards and Technology, Mar. 2007.Google Scholar
C. Bennett, E. Bernstein, G. Brassard, and U. Vazirani. Strengths and weaknesses of quantum computation. Special Issue on Quantum Computation of the Siam Journal of Computing, Oct. 1997. Google ScholarDigital Library
D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM J. of Computing, 32(3):586--615, 2003. Google ScholarDigital Library
D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In Advances in Cryptology -- ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, pages 514--532, 2001. Google ScholarDigital Library
J. Buchmann, C. Coronado, M. Döring, D. Engelbert, C. Ludwig, R. Overbeck, A. Schmidt, U. Vollmer, and R.-P. Weinmann. Post-quantum signatures. Cryptology ePrint Archive, Report 2004/297, 2004.Google Scholar
J. L. Carter and M. N. Wegman. Universal classes of hash functions (extended abstract). In STOC '77: Proceedings of the ninth annual ACM symposium on Theory of computing, pages 106--112, 1977. Google ScholarDigital Library
B. Chor and R. L. Rivest. A knapsack type public key cryptosystem based on arithmetic in finite fields. IEEE Transactions on Information Theory, 34(5):901--909, Sept. 1988.Google ScholarDigital Library
S. Cook. The importance of the P versus NP question. Journal of the ACM, 50(1):27--29, 2003. Google ScholarDigital Library
N. Courtois, M. Finiasz, and N. Sendrier. How to achieve a McEliece-based digital signature scheme. In Advances in Cryptology -- ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, pages 157--174, 2001. Google ScholarDigital Library
N. T. Courtois, L. Goubin, and J. Patarin. SFLASH<sup>v3</sup>, a fast asymmetric signature scheme. Cryptology ePrint Archive, Report 2003/211, 2003.Google Scholar
D. Deutsch and R. Jozsa. Rapid solution of problems by quantum computation. Proc Roy Soc Lond A, 439:553--558, Oct. 1992.Google ScholarCross Ref
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, Nov. 1976.Google ScholarDigital Library
V. Dubois, P.-A. Fouque, A. Shamir, and J. Stern. Practical cryptanalysis of SFLASH. In Advances in Cryptology -- CRYPTO 2007, 27th Annual International Cryptology Conference, pages 1--12, 2007. Google ScholarDigital Library
R. Feynman. Simulating physics with computers. International Journal of Theoretical Physics, 21(6&7):467--488, 1982.Google ScholarCross Ref
FIPS 186-2. Digital Signature Standard (DSS). National Institute of Standards and Technology, Jan. 2000.Google Scholar
N. Gama and P. Q. Nguyen. New chosen-ciphertext attacks on NTRU. In Public Key Cryptography -- PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, pages 89--106, 2007. Google ScholarDigital Library
T. E. Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology, Proceedings of CRYPTO '84, pages 10--18, 1984. Google ScholarDigital Library
L. C. C. García. On the security and the efficiency of the Merkle signature scheme. Cryptology ePrint Archive, Report 2005/192, 2005.Google Scholar
C. Gentry. Key recovery and message attacks on NTRU-composite. In Advances in Cryptology -- EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, pages 182--194, 2001. Google ScholarDigital Library
C. Gentry, J. Jonsson, J. Stern, and M. Szydlo. Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In Advances in Cryptology -- ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, pages 1--20, 2001. Google ScholarDigital Library
O. Goldreich, S. Goldwasser, and S. Halevi. Public-key cryptosystems from lattice reduction problems. In Advances in Cryptology -- CRYPTO '97, 17th Annual International Cryptology Conference, pages 112--131, 1997. Google ScholarDigital Library
L. K. Grover. A fast quantum mechanical algorithm for database search. In STOC '96: Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pages 212--219, 1996. Google ScholarDigital Library
J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. H. Silverman, and W. Whyte. NTRUSign: Digital signatures using the NTRU lattice. In Topics in Cryptology -- CT-RSA 2003, The Cryptographers' Track at the RSA Conference 2003, pages 122--140, 2003. Google ScholarDigital Library
J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. H. Silverman, and W. Whyte. NTRUEncrypt and NTRUSign: efficient public key algorithms for a post-quantum world. In PQCrypto 2006: International Workshop on Post-Quantum Cryptography, pages 141--158, May 2006.Google Scholar
J. Hoffstein, J. Pipher, and J. H. Silverman. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory (ANTS-III): Proceedings of the Third International Symposium on Algorithmic Number Theory, pages 267--288, June 1998. Google ScholarDigital Library
J. Hoffstein, J. Pipher, and J. H. Silverman. NSS: An NTRU lattice-based signature scheme. In Advances in Cryptology -- EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, pages 211--228, 2001. Google ScholarDigital Library
N. Howgrave-Graham. A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In Advances in Cryptology -- CRYPTO 2007, 27th Annual International Cryptology Conference, pages 150--169, 2007. Google ScholarDigital Library
N. Howgrave-Graham, J. H. Silverman, A. Singer, and W. Whyte. NAEP: Provable security in the presence of decryption failures.Google Scholar
É. Jaulmes and A. Joux. A chosen-ciphertext attack against NTRU. In Advances in Cryptology -- CRYPTO 2000, 20th Annual International Cryptology Conference, pages 20--35, 2000. Google ScholarDigital Library
N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203--209, 1987.Google ScholarCross Ref
L. Lamport. Constructing digital signatures from a one-way function. Technical Report CSL-98, SRI International, Oct. 1979.Google Scholar
R. J. McEliece. A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 42--44, Jet Propulsion Laboratory, California Institute of Technology, pages 114--116, 1978.Google Scholar
R. C. Merkle. Security, Authentication, and Public Key Systems. PhD thesis, Stanford University, June 1979. Google ScholarDigital Library
R. C. Merkle. A certified digital signature. In Advances in Cryptology -- CRYPTO '89, 9th Annual International Cryptology Conference, pages 218--238, 1989. Google ScholarDigital Library
R. C. Merkle and M. E. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Transactions on Information Theory, 24(5):525--530, Sept. 1978.Google ScholarDigital Library
T. Meskanen and A. Renvall. A wrap error attack against NTRUEncrypt. Discrete Applied Mathematics, 154(2):382--391, Feb. 2006.Google ScholarDigital Library
D. Micciancio. Improving lattice based cryptosystems using the Hermite normal form. In Cryptography and Lattices Conference --- CaLC 2001, pages 126--145, Mar. 2001. Google ScholarDigital Library
V. S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology -- CRYPTO '85, pages 417--426, 1986. Google ScholarDigital Library
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -- OCSP. RFC 2560 (Proposed Standard), June 1999. Google ScholarDigital Library
P. Q. Nguyen. A note on the security of NTRUsign. Cryptology ePrint Archive, Report 2006/387, 2006.Google Scholar
NTRU Announces Signature Algorithm, NTRUSign, viewed November 12, 2008, (http://www.ntru.com/cryptolab/intro_ntrusign.htm).Google Scholar
M. O. Rabin. Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, Jan. 1979. Google ScholarDigital Library
O. Regev. New lattice-based cryptographic constructions. Journal of the ACM, 51(6):899--942, Nov. 2004. Google ScholarDigital Library
R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120--126, Feb. 1978. Google ScholarDigital Library
S. Robinson. Emerging insights on limitations of quantum computing shape quest for fast algorithms. SIAM News, 36(1), January/February 2003.Google Scholar
C.-P. Schnorr and H. H. Hörner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Advances in Cryptology -- EUROCRYPT '95, International Conference on the Theory and Application of Cryptographic Techniques, pages 1--12, 1995. Google ScholarDigital Library
A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Advances in Cryptology: Proceedings of CRYPTO '82, pages 279--288, 1982.Google Scholar
C. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28(4):656--715, 1949.Google ScholarCross Ref
P. W. Shor. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Symposium on Foundations of Computer Science, pages 124--134, 1994. Google ScholarDigital Library
P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, University of Amsterdam, Department of Mathematics, Netherlands, 1981.Google Scholar
G. S. Vernam. US patent #1,310,719: Secret signaling system, July 1919.Google Scholar
W. Whyte. NTRUSign and P1363.1, Apr. 2006. http://grouper.ieee.org/groups/1363/WorkingGroup/presentations/P1363.1-2006-04.ppt.Google Scholar
H. C. Williams. A modification of the RSA public-key encryption procedure. IEEE Transactions on Information Theory, IT-26(6):726--729, Nov. 1980.Google ScholarDigital Library

Index Terms

Quantum resistant public key cryptography: a survey
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

Signcryption from randomness recoverable public key encryption

We propose a new generic construction for signcryption and show that it is secure under the security models which are comparable to the security against adaptive chosen ciphertext attacks for public key encryption and the existential unforgeability ...
Read More
Public‐key encryption indistinguishable under plaintext‐checkable attacks

Indistinguishability under chosen‐ciphertext attack (IND‐CCA) is now considered the de facto security notion for public‐key encryption. However, this sometimes offers a stronger security guarantee than what is needed. In this study, the authors consider a ...
Read More
Selective opening security of practical public‐key encryption schemes

The authors show that two well‐known and widely employed public‐key encryption schemes – RSA optimal asymmetric encryption padding (RSA‐OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one‐time pad, – are secure under (...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet
April 2009
131 pages
ISBN:9781605584744
DOI:10.1145/1527017
Editors:
Kent Seamons
Brigham Young University
,
Neal McBurnett
Internet2
,
Tim Polk
National Institute of Standards and Technology
Copyright © 2009 This paper is authored by an employee of the U.S. Government and is in the public domain.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 April 2009
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
public key cryptography
quantum computers
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 70
  Total Citations
  View Citations
- 2,463
  Total Downloads
- Downloads (Last 12 months)135
- Downloads (Last 6 weeks)23
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Quantum resistant public key cryptography: a survey

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

ABSTRACT

References

Cited By

Index Terms

Recommendations

Signcryption from randomness recoverable public key encryption

Public‐key encryption indistinguishable under plaintext‐checkable attacks

Selective opening security of practical public‐key encryption schemes