September 2024
·
4 Reads
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
September 2024
·
4 Reads
May 2024
·
14 Reads
·
23 Citations
March 2024
·
24 Reads
·
9 Citations
Science Advances
It is unclear to what extent quantum algorithms can outperform classical algorithms for problems of combinatorial optimization. In this work, by resorting to computational learning theory and cryptographic notions, we give a fully constructive proof that quantum computers feature a super-polynomial advantage over classical computers in approximating combinatorial optimization problems. Specifically, by building on seminal work by Kearns and Valiant, we provide special instances that are hard for classical computers to approximate up to polynomial factors. Simultaneously, we give a quantum algorithm that can efficiently approximate the optimal solution within a polynomial factor. The quantum advantage in this work is ultimately borrowed from Shor’s quantum algorithm for factoring. We introduce an explicit and comprehensive end-to-end construction for the advantage bearing instances. For these instances, quantum computers have, in principle, the power to approximate combinatorial optimization solutions beyond the reach of classical efficient algorithms.
August 2023
·
81 Reads
·
1 Citation
IACR Transactions on Cryptographic Hardware and Embedded Systems
At SAC 2016, Espitau et al. presented a loop-abort fault attack against lattice-based signature schemes following the Fiat–Shamir with aborts paradigm. Their attack recovered the signing key by injecting faults in the sampling of the commitment vector (also called masking vector) y, leaving its coefficients at their initial zero value. As possible countermeasures, they proposed to carry out the sampling of the coefficients of y in shuffled order, or to ensure that the masking polynomials in y are not of low degree. In this paper, we show that both of these countermeasures are insufficient. We demonstrate a new loop-abort fault injection attack against Fiat–Shamir with aborts lattice-based signatures that can recover the secret key from faulty signatures even when the proposed countermeasures are implemented. The key idea of our attack is that faulted signatures give rise to a noisy linear system of equations, which can be solved using integer linear programming. We present an integer linear program that recovers the secret key efficiently in practice, and validate the efficacy of our attack by conducting a practical end-to-end attack against a shuffled version of the Dilithium reference implementation, mounted on an ARM Cortex M4. We achieve a full (equivalent) key recovery in under 3 minutes total execution time (including signature generation), using only 5 faulted signatures. In addition, we conduct extensive theoretical simulations of the attack against Dilithium. We find that our method can achieve key recovery in under 5 minutes given a (sufficiently large) set of signatures where just one of the coefficients of y is zeroed out (or left at its initial value of zero). Furthermore, we find that our attack works against all security levels of Dilithium. Our attack shows that protecting Fiat–Shamir with aborts lattice-based signatures against fault injection attacks cannot be achieved using the simple countermeasures proposed by Espitau et al. and likely requires significantly more expensive countermeasures.
August 2023
·
49 Reads
·
6 Citations
Lecture Notes in Computer Science
The potential advent of large-scale quantum computers in the near future poses a threat to contemporary cryptography. One ubiquitous usage of cryptography is currently present in the vibrant field of cellular networks. The cryptography of cellular networks is centered around seven secret-key algorithms , aggregated into an authentication and key agreement algorithm set. Still, to the best of our knowledge, these secret key algorithms have not yet been subject to quantum cryptanalysis. Instead, many quantum security considerations for telecommunication networks argue that the threat posed by quantum computers is restricted to public-key cryptography. However, various recent works have presented quantum attacks on secret key cryptography that exploit quantum period finding to achieve more than a quadratic speedup compared to the best known classical attacks. Motivated by this quantum threat to symmetric cryptography, this paper presents a quantum cryptanalysis for the Milenage algorithm set, the prevalent instantiation of the seven secret-key algorithms that underpin cellular security. Building upon recent quantum cryptanalytic results, we show attacks that go beyond a quadratic speedup. Concretely, we provide quantum attack scenarios for all Milenage algorithms, including exponential speedups distinguishable by different quantum attack models. Our results do not constitute a quantum break of the Milenage algorithms, but they do show that Milenage suffers from structural weaknesses making it susceptible to quantum attacks.KeywordsQuantum cryptanalysisSimon’s AlgorithmQuantum SecurityMilenageCellular networkAKA protocolPost-quantum cryptography
December 2022
·
20 Reads
Combinatorial optimization - a field of research addressing problems that feature strongly in a wealth of scientific and industrial contexts - has been identified as one of the core potential fields of applicability of quantum computers. It is still unclear, however, to what extent quantum algorithms can actually outperform classical algorithms for this type of problems. In this work, by resorting to computational learning theory and cryptographic notions, we prove that quantum computers feature an in-principle super-polynomial advantage over classical computers in approximating solutions to combinatorial optimization problems. Specifically, building on seminal work by Kearns and Valiant and introducing a new reduction, we identify special types of problems that are hard for classical computers to approximate up to polynomial factors. At the same time, we give a quantum algorithm that can efficiently approximate the optimal solution within a polynomial factor. The core of the quantum advantage discovered in this work is ultimately borrowed from Shor's quantum algorithm for factoring. Concretely, we prove a super-polynomial advantage for approximating special instances of the so-called integer programming problem. In doing so, we provide an explicit end-to-end construction for advantage bearing instances. This result shows that quantum devices have, in principle, the power to approximate combinatorial optimization solutions beyond the reach of classical efficient algorithms. Our results also give clear guidance on how to construct such advantage-bearing problem instances.
May 2022
·
114 Reads
·
17 Citations
April 2022
·
84 Reads
·
15 Citations
The Open RAN architecture is a promising and future-oriented architecture. It is intended to open up the radio access network (RAN) and enable more innovation and competition in the market. This will lead to RANs for current 5G networks, but especially for future 6G networks, evolving from the current highly integrated, vendor-specific RAN architecture towards disaggregated architectures with open interfaces that will enable to better tailor RAN solutions to the requirements of 5G and 6G applications. However, the introduction of such an open architecture substantially broadens the attack possibilities when compared to conventional RANs. In the past, this has often led to negative headlines that in summary have associated Open RAN with faulty or inadequate security. In this paper, we analyze what components are involved in an Open RAN deployment, how to assess the current state of security, and what measures need to be taken to ensure secure operation.
April 2022
·
185 Reads
The Open-RAN architecture is a highly promising and future-oriented architecture. It is intended to open up the radio access network and enable more innovation and competition in the market. This will lead to RANs for current 5G networks, but especially for future 6G networks, to move away from the current centralised, provider-specific 3G RAN architecture and therefore even better meet the requirements for future RANs. However, the change in design has also created a drastic shift in the attack surface compared to conventional RANs. In the past, this has often led to negative headlines, which in summary have often associated O-RAN with faulty or inadequate security. In this paper, we analyze what components are involved in an Open-RAN deployment, how the current state of security is to be assessed and what measures need to be taken to ensure secure operation.
... Marzougui et al. [MUTS22] demonstrates a machine learning-assisted profiled sidechannel attack targeting the nonce y. The attack exploits a leakage in the function ExpandMask which is used for sampling y pseudo-randomly from a seed and a counter. ...
May 2024
... On the other hand, quantum computers use quantum algorithms such as QA, variational quantum eigensolver (VQE), and Quantum Approximate Optimization Algorithm (QAOA) to achieve optimal solutions. When it comes to solving combinatorial optimization problems, quantum computing has the potential to outperform classical computing [76]. ...
March 2024
Science Advances
... Advancements in quantum cryptanalysis have further demonstrated that symmetric-key cryptography can be efficiently compromised or significantly weakened using the capabilities of quantum computers [6][7][8][9][10][11][12] . However, the extent of compromise hinges on the expertise and capabilities of the potential attacker. ...
August 2023
Lecture Notes in Computer Science
... 5.1 the SUCI mechanism works with elliptic cryptography. In fact, [157] showed that the elliptic cryptography used for SUCI generation can be weak in case of quantum attacks performed by an active adversary, leading to potential SUPI disclosure and identity leakage. This vulnerability has been also discussed by other works [171][172][173][174], meaning that quantum attacks should be taken into consideration in the next mobile generations. ...
May 2022
... From an implementation perspective, our framework necessitates certain hardware and software capabilities. Vehicles must possess computational power to handle local model training, DUs need to be capable of managing communications and encrypting data, and the CU must handle data aggregation and decryption tasks efficiently [14]. While the development of vehicular technology and infrastructure has reached a stage where these requirements are generally feasible, discrepancies in hardware or software capabilities across the network could impact overall performance. ...
April 2022