Foundations of quantum-safe cryptography

Mathematical proof of security

In modern cryptography, one uses rigorous mathematical language to capture the objectives of a cryptographic scheme, the capabilities of an attacker, and the desired security properties, and goal then is to provide a (conditional) security proof, which rigorously shows that breaking the scheme is at least as difficult as solving some well-studied hard computational problem that is believed to be infeasible to solve. In order to offer provably quantum-security, i.e. security against quantum attacks, it is necessary that the underlying computational problem is infeasible to solve also by a quantum computer - but this is not sufficient: also the security proofs need to take into account the quantum nature of the attacker. In many cases, this requires new mathematical techniques that bridge between cryptography and quantum information science. Developing such techniques, and using them to prove quantum-security of cryptographic schemes, with a particular focus on schemes relevant to HAPKIDO, is the main objective of work package 5.

Dilithium

Several results of work package 5 have been published as peer-reviewed articles in conferences of global importance. One particular highlight is a paper published at CRYPTO 2023, where the security of the digital signature scheme Dilithium (which is to be standardized by NIST) is analyzed: in collaboration with international colleagues, the HAPKIDO team identified a flaw in Dilithium's previously published security proof, and then developed a new security proof that re-establishes Dilithium's provable quantum-security with no adjustment of (the parameters of) Dilithium required.