Are security proofs for cryptographic protocols still valid in a world where the attackers have quantum computers? Which new ways of securing the confidentiality of the internet traffic are offered by quantum communication? How can a random oracle operate if an adversary can ask all information in just one single query with the help of quantum effects?
These were some of the questions addressed at the 11th BIU Winter School on Cryptography, which was dedicated to Cryptography in a Quantum World. Like every year, the renowned Center for Research in Applied Cryptography and Cyber Security at the Bar-Ilan University invited to a scientific exchange about hot topics in cryptography during a time of the year, when the weather in Israel is already enjoyable while many areas in the world still have freezing winter. Except of course that this year everything had to be organized virtually.
At SAP Security Research, our focus is to assess both, the chances but also the threats emerging from quantum technologies. One important pillar in our strategic agenda is post-quantum cryptography that deals with how to make SAP products quantum-safe.
It is well-known that quantum computers threaten established cryptographic protocols like RSA or DSA used ubiquitously to secure today’s internet traffic. People are aware of this, which led to the development of so-called post-quantum secure methods that can withstand such attacks. So far, so good. But “what is not known to many”, said Limacher, “is that the situation becomes entirely different when now also the interaction between two parties goes beyond classical communication channels.” As a matter of fact, when allowing an attacker to use quantum communication for his queries on a server, many well-established security proofs from the classical world lose their validity, and even a post-quantum secure protocol can become quantum-insecure. “The reason for this”, explained Limacher, “is that many classical security assumptions don’t hold anymore when quantum effects like superposition or entanglement come into play. Luckily, many theorems from classical cryptography can be augmented to keep their validity also in the regime of quantum cryptography, albeit often at significantly enhanced mathematical complexity. But there are notable exceptions to this like bit commitment, where the adversary gains a quantum-advantage in biasing a coin flip, an advantage that is not there in the classical setting.”
The insights from the BIU Winter School will have an impact on our mission at SAP Security Research to guide SAP into a quantum-safe future. Or with the words of Dr. Limacher: “The conference really managed to point out differences between classical and quantum security, to provide answers to certain problems that cryptography has in a quantum setting, but even more so to raise lots of open questions that will keep inspiring the creativity of security researchers for decades to come.”
Contact for further information:
Dr. Peter Limacher, senior Quantum Security Researcher Peter Limacher
Discover how SAP Security Research serves as a security thought leader at SAP,
continuously transforming SAP by improving security.