Titulo Estágio
Post-Quantum Cryptographic Algorithms: Security Analysis and Prototype Implementations
Local do Estágio
DEI-FCTUC
Enquadramento
The advent of quantum computing presents a significant challenge to contemporary cryptographic systems, which are crucial to securing digital communication, financial transactions, and personal data. Classical cryptographic algorithms, such as RSA and ECC, rely on mathematical problems that are computationally infeasible to solve with current technology but could be efficiently tackled by quantum computers using algorithms like Shor's. As quantum computing progresses, the potential for breaking these cryptographic schemes becomes a real threat, thus leading to the need for the development of post-quantum cryptography. Post-quantum algorithms are designed to be secure against both classical and quantum attacks, ensuring long-term data security. Their relevance is underscored by the proactive need to protect sensitive information and maintain trust in digital systems. As industries prepare for the quantum era, integrating post-quantum cryptographic solutions becomes crucial for safeguarding future-proof security infrastructures.
Objetivo
This thesis proposal aims at providing a thorough evaluation of post-quantum cryptographic algorithms, as well as to provide a view on practical implementation aspects, thus contributing to this field of cryptography. No finished product is intended.
The goals of this dissertation are the following:
1. Comprehensive literature review:
- Conduct an in-depth survey of existing post-quantum cryptographic algorithms.
- Understand the theoretical foundations and mathematical principles underlying these algorithms.
2. Detailed analysis of algorithms:
- Provide an overview of various post-quantum cryptographic algorithms (e.g., lattice-based, code-based, hash-based, multivariate polynomial cryptography).
- Conduct a comparative analysis of their strengths, weaknesses, and theoretical security.
3. Security and performance evaluation:
- Examine known attacks and vulnerabilities for selected post-quantum algorithms.
- Evaluate the security proofs and robustness of these algorithms against quantum attacks.
- Analyze the efficiency and practicality of selected post-quantum algorithms.
- Compare their performance with traditional cryptographic algorithms (e.g., RSA, ECC) and other post-quantum candidates.
4. Implementation and prototyping:
- Develop prototypes of selected post-quantum cryptographic algorithms, using suitable programming languages and cryptographic libraries (e.g., C/C++, Python, liboqs, PQClean).
- Optimize implementations for performance and test them under various conditions.
5. Security and performance testing:
- Conduct rigorous security testing on the prototypes to evaluate their robustness against potential attacks.
- Perform detailed performance benchmarking to measure efficiency, speed, and resource usage.
- Analyze and interpret the results from security and performance tests.
- Draw conclusions about the practicality, efficiency, and security of the studied algorithms.
Plano de Trabalhos - Semestre 1
Phase 1: Research scope, literature review, and foundations (Weeks 1-8)
- Identify specific focus within post-quantum cryptography.
- Set clear research objectives and formulate the research question.
- Survey existing post-quantum cryptographic algorithms.
- Review foundational papers and current research trends.
- Study the mathematical foundations of selected post-quantum algorithms.
- Summarize various post-quantum algorithms (lattice-based, code-based, hash-based, multivariate polynomial cryptography)
Phase 2: Security analysis and study of implementations (Weeks 9-16)
- Examine strengths, known attacks and vulnerabilities for each algorithm.
- Review existing implementations of post-quantum algorithms.
- Select a set of post-quantum algorithms for detailed study.
- Perform a detailed security evaluation of selected algorithms.
Phase 3: Performance evaluation and preparation for prototyping (Weeks 15-21)
- Analyze the efficiency and practicality of the selected algorithms.
- Compare with traditional algorithms (e.g., RSA, ECC) and other post-quantum candidates.
- Plan the prototype development process.
- Set up development environment.
- Preparation for the intermediate presentation.
Note: Writing of intermediate thesis documentation should be done throughout the semester, in parallel with phases 1-3.
Plano de Trabalhos - Semestre 2
Phase 4: Prototype development (Weeks 22-36)
- Develop prototypes of selected algorithms.
- Refine code and optimize for performance.
- Test prototypes under various conditions and measure performance metrics.
- Optimise implementations for better efficiency.
Phase 5: Performance and security testing (Weeks 34-40)
- Develop a testing plan to evaluate the performance and security of the implemented algorithms.
- Conduct performance benchmarks and security tests.
- Document findings from security tests.
- Compare security performance with theoretical expectations.
- Analyze the results to identify strengths, weaknesses, and potential improvements.
Phase 6: Documentation and Thesis Writing (Weeks 39-42)
- Integrate all research, analysis, and implementation details into the thesis document.
- Revise the thesis, ensuring clarity, coherence, and academic rigor.
- Prepare the final presentation summarizing the thesis objectives, outcomes, findings, and recommendations.
Note: Writing of final thesis documentation should be done throughout the semester, in parallel with phases 4-6.
Condições
The project will explore existing libraries and frameworks that provide foundational implementations of post-quantum algorithms. This will save time and ensure that the work builds on solid, verified codebases.
Observações
Programming Languages:
C/C++: These languages are widely used in cryptographic implementations due to their efficiency and control over system resources.
Python: Useful for prototyping and testing due to its simplicity and extensive libraries.
Cryptographic Libraries:
liboqs (Open Quantum Safe):
A C library for quantum-resistant cryptographic algorithms. It provides implementations of algorithms that are candidates in the NIST post-quantum cryptography project.
Website: Open Quantum Safe
PQClean:
A collection of clean, portable implementations of post-quantum cryptographic algorithms, written in C.
GitHub: PQClean
OpenSSL:
While not exclusively for post-quantum cryptography, OpenSSL includes some post-quantum algorithms in its experimental branches.
Website: OpenSSL
Development and Testing Tools:
Git: For version control and collaboration.
Automated Testing Frameworks such as Google Test for C++ or pytest for Python can be used, to ensure the correctness and reliability of the code.
Orientador
Fernando Boavida
boavida@dei.uc.pt 📩