06.09.15 - 11.09.15, Seminar 15371

Quantum Cryptanalysis

The following text appeared on our web pages prior to the seminar, and was included as part of the invitation.

Press Room


While it has been known for some time that quantum computers could in principle undermine the security of many schemes—including RSA and elliptic curve based digital signatures—significantly less is known on actual estimates about the required resources that would be needed to carry out such quantum attacks. This leaves the providers and consumers of cryptographic methods in a fundamental dilemma, namely to estimate the impact of future quantum computers on the landscape of currently deployed cryptography and on the landscape of potential quantum-safe alternatives.

  • Is it reasonable to assume that quantum computers pose a threat for currently deployed cryptography? What are concrete implications for the security level of currently deployed cryptographic schemes? In particular, does the threat of a quantum computer at the horizon require the change of key sizes now or in the near future?
  • What is the time horizon until when a physical quantum computer capable of say breaking a discrete logarithm problem on a 163-bit binary elliptic curve will be available?
  • To what extent are the proposed post-quantum cryptosystems truly resistant to quantum attacks? And what are appropriate key sizes and security parameters?

Questions like these are pertinent to this third installation of a quantum cryptanalysis seminar at Schloss Dagstuhl. We seek to leverage the full potential of quantum attacks on today’s cryptographic schemes and at the same time to identify plausible quantum computational assumptions for their replacements. We are particularly interested in

  • Algorithmic Innovation: computational assumptions, recent trends and innovations in cryptography and quantum algorithms, new ideas to attack classical cryptography.
  • Resource Estimation: quantify the quantum hardware resources required to carry out attacks against classical schemes. We intend to hold a “hardware day” devoted to circuit-level discussions and quantum hardware/implementation survey talks.
  • The seminar aims to be interdisciplinary with participation of colleagues from classical cryptography and quantum computing. The general organization will follow its predecessors in that we plan to have ample time for discussions and personal interactions.