TOP
Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Seminars
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Publishing
Within this website:
External resources:
dblp
Within this website:
External resources:
  • the dblp Computer Science Bibliography


Dagstuhl Seminar 21421

Quantum Cryptanalysis

( Oct 17 – Oct 22, 2021 )

(Click in the middle of the image to enlarge)

Permalink
Please use the following short url to reference this page: https://www.dagstuhl.de/21421

Organizers

Contact



Schedule

Motivation

Quantum cryptanalysis is at the crossroad between quantum computing and cryptography, and this Dagstuhl Seminar aims to study quantum attacks against cryptographic solutions that are deployed or considered for standardization. Apart from algorithmic insights, we are interested in software tools that support the quantum cryptanalyst in optimizing and quantifying (quantum) resources. We plan to explore the security of symmetric and asymmetric cryptographic solutions against quantum attacks.

The seminar is a sequel to Dagstuhl Seminars Nº 11381, Nº 13371, Nº 15371, Nº 17401, and Nº 19421 with the same title. This sixth installment of the Quantum Cryptanalysis series intends to focus on deployed schemes and more mature post-quantum cryptographic schemes, such as Round 3 candidates in NIST’s standardization effort. The envisioned emphasis is on quantum cryptanalysis, which includes learning about software tools to improve cost analyses.

For the technical program, we are particularly interested in

  1. Quantum algorithmic innovations to attack cryptographic building blocks.
    How can we levarage quantum algorithms to improve cryptanalytic capabilities, and how can we optimize the best available cryptanalytic results in meaningful quantum attack models? We want to fully leverage state-of-the-art quantum computing.
  2. Techniques and software tools to optimize and quantify resources for such attacks.
    Can we establish reasonably precise quantum resource counts for cryptanalytic attacks, especially for problem instances and parameter choices that are actually deployed or considered for standardization for future deployment?

Quantum attacks against today’s RSA or elliptic-curve based cryptography, and against AES are naturally part of this conversation. This is needed to have reliable estimates for when a transition to new algorithms is needed. We are no less interested in quantum attacks on mature post-quantum proposals, so that standardized parameters can stand the test of time without impeding on performance more than necessary.

Complementing theoretical investigations, we are interested in presentations on existing tools to analyze quantum algorithms/circuits in software. The composition of the seminar group should help to identify which tools/features cryptanalysts are lacking most to reliably quantify the cost of advanced quantum cryptanalytic attacks.

As in the past, the seminar brings together researchers who work in the field of quantum computing with experts in classical cryptography, taking into account the latest advances in both fields, and we aim at a group composition with about 50% of the participants having strong roots in each of these two fields.

Copyright Stacey Jeffery, Michele Mosca, Maria Naya-Plasencia, and Rainer Steinwandt

Summary

Motivation and scope

Owing to the ongoing pandemic, this (sixth) installment of the Dagstuhl Seminar series on Quantum Cryptanalysis was held in a hybrid format. The focus of this seminar was on deployed schemes and more mature post-quantum cryptographic schemes, such as Round~3 candidates in NIST's standardization effort. For the technical program of the seminar, we encouraged research on

Quantum algorithmic innovations to attack cryptographic building blocks, leveraging state-of-the-art quantum computing. How can we leverage quantum algorithms to improve cryptanalytic capabilities, and how can we optimize the best available cryptanalytic results in meaningful quantum attack models?

echniques and software tools to optimize and quantify resources for such attacks. Can we establish reasonably precise quantum resource counts for cryptanalytic attacks, especially for problem instances and parameter choices that are actually deployed or considered for standardization for future deployment?

Quantum attacks against today's RSA or elliptic-curve based cryptography and against modern block ciphers, which help us understand the urgency for transitioning to post-quantum solutions, fall in the seminar scope. As in the past, the seminar brought together researchers who work in the field of quantum computing with experts in classical cryptography, taking into account the latest advances in both fields. With 26 participants on site and 29 remote participants, Schloss Dagstuhl hosted a broad group of leading experts from across the globe.

Organization

The ongoing pandemic impacted the organization of the seminar, which for the first time was offered in a hybrid format. Thanks to the available technology at Schloss Dagstuhl and the efficient support of two volunteers (Shaun Kepley and Galina Pass), integrating remote presentations into the schedule worked smoothly.

The scheduling accounted for time zone differences and, as in the past, we left ample time for discussions and collaboration -- for a typical day, we scheduled no more than four presentations. Following the Dagstuhl tradition and in line with prior seminars in the Quantum Cryptanalysis series, there was no technical program during Wednesday afternoon, leaving participants time for exploring the surroundings, spending time on research, or taking care of testing requirements for upcoming international travel.

Results and next steps

The collaboration between cryptographers and experts in quantum computing has come a long way, and it seems fair to say that this Dagstuhl Seminar series has contributed to this positive development. The quantum cryptanalytic progress in symmetric cryptography is very noticeable. This was evidenced by the number and quality of presentations on this subject offered by seminar participants. On the asymmetric side, the presentations demonstrated fascinating research progress on understanding computational problems related to lattices and codes. At the same time, a need remains to better quantify the potential of quantum algorithms for tackling hardness assumptions as used in state-of-the-art post-quantum proposals.

Copyright Stacey Jeffery, Michele Mosca, Maria Naya-Plasencia, and Rainer Steinwandt

Participants
On-site
  • Marco Baldi (Polytechnic University of Marche, IT) [dblp]
  • Jean-François Biasse (University of South Florida - Tampa, US) [dblp]
  • Xavier Bonnetain (University of Waterloo, CA) [dblp]
  • André Chailloux (INRIA - Paris, FR) [dblp]
  • Thomas Debris-Alazard (Ecole Polytechnique - Palaiseau, FR) [dblp]
  • Yfke Dulek (CWI - Amsterdam, NL) [dblp]
  • Martin Ekerå (KTH Royal Institute of Technology - Stockholm, & Swedish NCSA, SE) [dblp]
  • Stacey Jeffery (CWI - Amsterdam, NL) [dblp]
  • Antoine Joux (CISPA - Saarbrücken, DE) [dblp]
  • Stavros Kousidis (BSI - Bonn, DE) [dblp]
  • Nils Gregor Leander (Ruhr-Universität Bochum, DE) [dblp]
  • Frédéric Magniez (CNRS - Paris, FR) [dblp]
  • Maria Naya-Plasencia (INRIA - Paris, FR) [dblp]
  • Phong Nguyen (INRIA & ENS Paris, FR) [dblp]
  • Alexandru Paler (Aalto University, FI) [dblp]
  • Galina Pass (CWI - Amsterdam, NL) [dblp]
  • Edoardo Persichetti (Florida Atlantic University - Boca Raton, US) [dblp]
  • Stephanie Reinhardt (BSI - Bonn, DE)
  • Paolo Santini (Polytechnic University of Marche, IT) [dblp]
  • Claus Peter Schnorr (Goethe-Universität - Frankfurt am Main, DE) [dblp]
  • André Schrottenloher (CWI - Amsterdam, NL) [dblp]
  • Nicolas Sendrier (INRIA - Paris, FR) [dblp]
  • Yixin Shen (Royal Holloway University of London, GB) [dblp]
  • Jana Sotáková (University of Amsterdam, NL) [dblp]
  • Rainer Steinwandt (University of Alabama in Huntsville, US) [dblp]
  • Jean-Pierre Tillich (INRIA - Paris, FR) [dblp]
Remote:
  • Andris Ambainis (University of Latvia - Riga, LV) [dblp]
  • Shi Bai (Florida Atlantic University - Boca Raton, US) [dblp]
  • Aleksandrs Belovs (University of Latvia - Riga, LV) [dblp]
  • Daniel J. Bernstein (University of Illinois - Chicago, US) [dblp]
  • Jintai Ding (Tsinghua University - Beijing, CN) [dblp]
  • Philippe Gaborit (University of Limoges, FR) [dblp]
  • András Gilyén (Alfréd Rényi Institute of Mathematics - Budapest, HU) [dblp]
  • Maria Isabel González Vasco (King Juan Carlos University - Madrid, ES) [dblp]
  • Akinori Hosoyamada (NTT - Tokyo, JP) [dblp]
  • Tetsu Iwata (Nagoya University, JP) [dblp]
  • Samuel E. Jaques (University of Oxford, GB) [dblp]
  • Floyd Johnson (Florida Atlantic University - Boca Raton, US) [dblp]
  • Elena Kirshanova (Immanuel Kant Baltic Federal Univ.- Kaliningrad, RU) [dblp]
  • Péter Kutas (University of Birmingham, GB) [dblp]
  • Tanja Lange (TU Eindhoven, NL) [dblp]
  • François Le Gall (Nagoya University, JP) [dblp]
  • Dustin Moody (NIST - Gaithersburg, US) [dblp]
  • Michele Mosca (University of Waterloo, CA) [dblp]
  • Ludovic Perret (Sorbonne University - Paris, FR) [dblp]
  • Rachel Player (Royal Holloway University of London, GB) [dblp]
  • Thomas Pöppelmann (Infineon Technologies AG - Neubiberg, DE) [dblp]
  • Angela Robinson (NIST - Gaithersburg, US) [dblp]
  • Yu Sasaki (NTT - Tokyo, JP) [dblp]
  • John M. Schanck (Portland, US) [dblp]
  • Daniel C. Smith-Tone (NIST - Gaithersburg, US) [dblp]
  • Fang Song (Portland State University, US) [dblp]
  • Adriana Suárez Corona (University of León, ES) [dblp]
  • Dániel Szabó (University Paris Diderot, FR)
  • Bo-Yin Yang (Academia Sinica - Taipei, TW) [dblp]

Related Seminars
  • Dagstuhl Seminar 11381: Quantum Cryptanalysis (2011-09-18 - 2011-09-23) (Details)
  • Dagstuhl Seminar 13371: Quantum Cryptanalysis (2013-09-08 - 2013-09-13) (Details)
  • Dagstuhl Seminar 15371: Quantum Cryptanalysis (2015-09-06 - 2015-09-11) (Details)
  • Dagstuhl Seminar 17401: Quantum Cryptanalysis (2017-10-01 - 2017-10-06) (Details)
  • Dagstuhl Seminar 19421: Quantum Cryptanalysis (2019-10-13 - 2019-10-18) (Details)
  • Dagstuhl Seminar 23421: Quantum Cryptanalysis (2023-10-15 - 2023-10-20) (Details)

Classification
  • Cryptography and Security
  • Emerging Technologies

Keywords
  • quantum computing
  • post-quantum cryptography
  • quantum resource estimation
  • computational algebra