NIST's Post-Quantum Cryptography Project
Dr. Daniel Apon
National Institute of Standards and Technology,
Cryptographic Technologies Group
April 26st, 2019
In recent years, there has been a substantial amount of research on quantum computers -- machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional (classical/digital) computers. If large-scale quantum computers are built, they will be able to break many of the public-key cryptosystems currently in use, such as RSA and other systems based on the hardness of computing discrete logarithms. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. (If such a machine potentially came into being this Wednesday, Facebook would break; Amazon and Uber would break; your Bank of America credit card would break; the worldwide stock market would crumble.) The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.
The question of WHEN some nation-state will build a large-scale quantum computer is a complicated one. Current estimates range from 10 years to 15 years. Nonetheless, our past experience suggests that we need to decide on standard cryptographic protocols at least one decade before potential attacks come to fruition. Consider, for example, the task of deploying new cryptographic software to the entire community of devices maintained by Department of Defense, which numbers at least in the many (hundreds of) millions. Realistically, this task alone could take 3-5 years. Moreover, it is not simply enough to deploy defenses immediately prior to some new cryptanalytic attack emerging. A clever adversary could intercept and store ciphertexts sent across the Internet for many years, waiting for the point in time at which it gained the technical resources to unlock the underlying messages. When you pay for a gallon of milk with your credit card, how long should you reasonably expect that credit card number to remain private between you, your grocery store, and your bank?
In this talk, I will survey the truly-worldwide effort to develop, standardize, and deploy quantum-safe cryptographic protocols to the Internet infrastructure, led by NIST. My talk will be designed to be approachable by a broad assortment of Computer Science and Computer Engineering researchers. The primary goal is to enlighten the broader community about the challenges that we will jointly face over the next decade or two, and what NIST’s role is in helping us all prepare for them.
Daniel Apon received his high school diploma from Fayetteville High School in 2004. He received his Bachelor's in Business Management -- with significant work in economics, mathematics, and computer science -- from the University of Arkansas in 2008. He received his Master's Degree in Computer Science from the University of Arkansas in 2011, advised by Wing-Ning Li. He then moved to the University of Maryland, where later received his Ph.D. in Computer Science and Cryptography in early 2017, advised by Jonathan Katz. He then held a postdoctoral position at the University of California, Berkeley from 2017-2018, hosted by Sanjam Garg, winner of the ACM Doctoral Dissertation of the Year award in 2013. Recently, Daniel joined the National Institute of Standards and Technology's (NIST's) Cryptographic Technologies Group in early 2018, as a member of the Post-Quantum Cryptography (PQC) standardization project (see: https://www.nist.gov/pqcrypto for more information). In particular, the future cryptographic primitives deployed in fundamental Internet protocols such as TLS 1.3, and running on Google Chrome, etc., will depend on the output of NIST's current PQC standards process.
Daniel's research interests include all theoretical aspects of modern cryptography and cybersecurity, with an emphasis on lattice-based cryptography (which is a leading candidate for "post-quantum crypto" -- that is, classically-computable cryptography that remains secure in a world with adversaries who have large-scale quantum computers) and cryptanalysis (i.e. the algorithmic means to break candidate cryptographic systems). Additionally, he is interested in quantum algorithms, quantum protocols, and quantum cryptography, as well as practical issues related to the real-world deployment of post-quantum cryptography, such as the implementation of lattice-based cryptography on hardware (i.e. FPGAs, ASICs, and further-constrained devices such as smart cards).