The advent of practical quantum computing will break all commonly used public key cryptographic algorithms. In response, NIST is researching cryptographic algorithms for public key-based key agreement and digital signatures that are not susceptible to cryptanalysis by quantum algorithms. NIST is holding this workshop to engage academic, industry, and government stakeholders. The Post Quantum Workshop will be held on April 2-3, 2015, immediately following the 2015 International Conference on Practice and Theory of Public-Key Cryptography. NIST seeks to discuss issues related to post-quantum cryptography and its potential future standardization.
Presentations are linked within the agenda.
Thursday, April 2, 2015
|9:00am - 9:10am||Opening Remarks|
Donna F. Dodson, ITL Associate Director, Chief Cybersecurity Advisor, and Director of the National Cybersecurity Center of Excellence
|9:10am - 10:30am|
Session I: Multivariate and Code-based Cryptosystems
|10:30am - 11:00am||Coffee Break|
|11:00am - 11:50am|
Session II: Invited talk by Bart Preneel, Katholieke Universiteit Leuven
|11:50pm - 12:50pm|
Session III: Higher level protocols
|12:50pm - 2:00pm||Lunch|
|2:00pm - 2:50pm|
Session IV: Invited Talk by David McGrew, Cisco Systems
|2:50pm - 3:20pm||Coffee Break|
|3:20pm - 4:20pm|
Session V: Hash-based Signature Schemes
|4:20pm - 5:20pm|
Session VI: Panel: Shoring up the Infrastructure: A strategy for Standardizing Hash Signatures
Friday, April 3, 2015
|9:00am - 11:00am|
Session VII: Topics in Post-Quantum Cryptography
|11:00am - 11:30am||Coffee Break|
|11:30am - 12:20pm|
Session VIII: Invited talk by Michele Mosca, University of Waterloo
|12:20pm - 1:20pm||Lunch|
|1:20pm - 3:00pm|
Session IX: Key Management, and Lattice-based Cryptography
|3:00pm - 3:30pm||Coffee Break|
|3:30pm - 5:00pm|
Session X: Quantum and classical cryptanalysis
|5:00pm - 5:10pm|
Paul Lopata Laboratory for Physical Sciences
Topic: Experimental Quantum Computing Progress in a Pre-Quantum World
ABSTRACT: The anticipated promise of the field of quantum computing depends upon two major theoretical results: the construction of high-quality quantum algorithms; and the development of reasonable methods for noise-reduction through fault-tolerant operations. In addition, the continued success of the field relies on steady progress in experimental demonstrations of quantum computing primatives. This talk provides a survey of recent experimental successes, and places these results in the context of what needs to be achieved to someday experimentally demonstrate fault-tolerant operations and demonstrate quantum algorithms.
David McGrew Cisco Systems
Topic: Living with Post-Quantum Cryptography
ABSTRACT: This presentation outlines a systems engineering approach that makes it easier to live with postquantum cryptography. There are asymmetric encryption and signature algorithms that will be secure even in the postquantum era, but they bring baggage: big signatures and ciphertexts, really big keys, costly key generation, and stateful signing. Adopting these algorithms into standard protocols in a straightforward way is possible, but is suboptimal. A better approach is to consider the overall security goals and adapt protocols to make good use of the capabilities of postquantum algorithms. This approach brings an important benefit: it eliminates the pressure to trade off security against systems constraints like computation and communication cost.
Michele Mosca Institute for Quantum Computing, University of Waterloo, Canada
Topic: Cybersecurity in a quantum world: will we be ready?
ABSTRACT: Emerging quantum technologies will break currently deployed public-key cryptography which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that are quantum-safe before large-scale quantum computers are built. For systems protecting medium-term or long-term secrets, this migration should occur sufficiently many years before the current quantum-vulnerable tools are broken.
Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat.
There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. A broad community of stakeholders will need to work together to quantum-proof our cyber systems within the required timeframe.
Bart Preneel Electrical Engineering Department, Katholieke Universiteit Leuven, Belgium
Topic: Public Key Cryptography: the next 4 decades