Faculty of Science, Technology and Medicine
Faculty of Law, Economics and Finance
Faculty of Humanities, Education and Social Sciences
Interdisciplinary Centre for Security, Reliability and Trust
Luxembourg Centre for Systems Biomedicine
Luxembourg Centre for Contemporary and Digital History
Luxembourg Centre for European Law
Luxembourg Centre for Socio-Environmental Systems
The Doctoral School in Science and Engineering is happy to invite you to Jan OUPICKÝ’s defence entitled
On Migration to Quantum Safe Cryptography
Supervisor: Prof. Peter Y A RYAN
In 1994, Peter Shor developed a quantum algorithm that can efficiently solve the factorization and discrete logarithm problems. These problems are the foundation of modern cryptographic algorithms and the existence of an efficient algorithm for solving them threatens their security. Although large-scale quantum computers capable of breaking current cryptographic algorithms are not yet available, advances in quantum technology and the risk of “store now, decrypt later” attacks make it essential to prepare for migration to quantum-safe cryptography today.
For the past decade, the cryptographic community has been actively developing algorithms that are not exploitable by Shor’s algorithm; such algorithms are said to be “quantum-safe” or “post-quantum.” However, cryptographic algorithms do not exist in isolation—they are components of larger cryptographic systems, such as protocols or other cryptographic primitives. Migrating these systems to use quantum-safe algorithms is therefore a complex task. This thesis studies the migration of several widely used cryptographic systems to post-quantum cryptography.
In particular, we consider the migration of the public-key infrastructure (PKI), the TLS protocol, the XML Encryption and XML Signature standards, the SAML security framework, the Advanced Electronic Signature (AdES) standard, and the password-authenticated public-key encryption (PAPKE) primitive. For each topic, we analyze how the presence of quantum adversaries affects the security of existing constructions and identify components that rely on cryptographic assumptions vulnerable to quantum attacks. Based on this analysis, we propose approaches for adapting these systems to use post-quantum cryptographic algorithms.
The proposed solutions are considered in two main forms: purely post-quantum and hybrid post-quantum. Purely post-quantum approaches rely exclusively on post-quantum algorithms, while hybrid post-quantum approaches combine classical and post-quantum mechanisms in order to provide security as long as at least one of the underlying assumptions remains secure. Hybrid post-quantum approaches are primarily motivated by uncertainty regarding the security of post-quantum algorithms. For each proposal, we discuss the advantages and disadvantages of the design, including deployment complexity, compatibility with existing systems, and performance considerations. In several cases, we also provide proof-of-concept implementations and evaluate their performance through benchmarks.
We study post-quantum public-key infrastructures, which form a fundamental component of many other cryptographic systems. We show that constructing a purely post-quantum PKI does not fundamentally differ from constructing a classical PKI. For hybrid deployments, we propose two approaches—the composite hybrid and the parallel hybrid—which differ primarily in their implementation complexity. We also survey and analyze existing proposals for post-quantum TLS. In contrast, systems such as XML encryption and XML signatures, the SAML security framework, and the eIDAS-related AdES standard have received little attention in the context of post-quantum migration. For these systems, we outline possible migration approaches and provide proof-of-concept implementations.
In addition, we present an example migration plan for a Trust Service Provider that relies on all of the discussed cryptographic systems, together with the methodology used to develop it. Finally, we consider the migration of the cryptographic primitive PAPKE. We propose a novel construction that replaces an ideal cipher with a half-ideal cipher, resulting in more efficient quantum-safe constructions and motivating the study of a new public-key encryption property called decryption robustness.