N. O. Pozhar

S. E. Yunakovsky, M. Kot, N. O. Pozhar et al.

Quantum computing technologies pose a significant threat to the currently employed public-key cryptography protocols. In this paper, we discuss the impact of the quantum threat on public key infrastructures (PKIs), which are used as a part of security systems for protecting production environments. We analyze security issues of existing models with a focus on requirements for a fast transition to post-quantum solutions. Although our primary focus is on the attacks with quantum computing, we also discuss some security issues that are not directly related to the used cryptographic algorithms but are essential for the overall security of the PKI. We attempt to provide a set of security recommendations regarding the PKI from the viewpoints of attacks with quantum computers.

E. O. Kiktenko, A. A. Bulychev, P. A. Karagodin et al.

Many commonly used public key cryptosystems will become insecure once a scalable quantum computer is built. New cryptographic schemes that can guarantee protection against attacks with quantum computers, so-called post-quantum algorithms, have emerged in recent decades. One of the most promising candidates for a post-quantum signature scheme is SPHINCS$^+$, which is based on cryptographic hash functions. In this contribution, we analyze the use of the new Russian standardized hash function, known as Streebog, for the implementation of the SPHINCS$^+$ signature scheme. We provide a performance comparison with SHA-256-based instantiation and give benchmarks for various sets of parameters.

E. O. Kiktenko, A. O. Malyshev, M. A. Gavreev et al.

Quantum key distribution (QKD) enables unconditionally secure communication between distinct parties using a quantum channel and an authentic public channel. Reducing the portion of quantum-generated secret keys, that is consumed during the authentication procedure, is of significant importance for improving the performance of QKD systems. In the present work, we develop a lightweight authentication protocol for QKD based on a `ping-pong' scheme of authenticity check for QKD. An important feature of this scheme is that the only one authentication tag is generated and transmitted during each of the QKD post-processing rounds. For the tag generation purpose, we design an unconditionally secure procedure based on the concept of key recycling. The procedure is based on the combination of almost universal$_2$ polynomial hashing, XOR universal$_2$ Toeplitz hashing, and one-time pad (OTP) encryption. We demonstrate how to minimize both the length of the recycled key and the size of the authentication key, that is required for OTP encryption. As a result, in real case scenarios, the portion of quantum-generated secret keys that is consumed for the authentication purposes is below 1\%. Finally, we provide a security analysis of the full quantum key growing process in the framework of universally composable security.

A. V. Duplinskiy, E. O. Kiktenko, N. O. Pozhar et al.

Quantum key distribution (QKD) provides theoretic information security in communications based on the laws of quantum physics. In this work, we report an implementation of quantum-secured data transmission in the infrastructure of Sberbank of Russia in standard communication lines in Moscow. The experiment is realized on the basis of already deployed urban fiber-optics communication channels with significant losses. We realize the decoy-state BB84 QKD protocol using the one-way scheme with polarization encoding for generating keys. Quantum-generated keys are then used for continuous key renewal in the hardware devices for establishing a quantum-secured VPN Tunnel between two offices of Sberbank. The hybrid approach used offers possibilities for long-term protection of the transmitted data; it is promising for integrating into the already existing information security infrastructure.

E. O. Kiktenko, N. O. Pozhar, M. N. Anufriev et al.

Blockchain is a distributed database which is cryptographically protected against malicious modifications. While promising for a wide range of applications, current blockchain platforms rely on digital signatures, which are vulnerable to attacks by means of quantum computers. The same, albeit to a lesser extent, applies to cryptographic hash functions that are used in preparing new blocks, so parties with access to quantum computation would have unfair advantage in procuring mining rewards. Here we propose a possible solution to the quantum era blockchain challenge and report an experimental realization of a quantum-safe blockchain platform that utilizes quantum key distribution across an urban fiber network for information-theoretically secure authentication. These results address important questions about realizability and scalability of quantum-safe blockchains for commercial and governmental applications.

E. O. Kiktenko, N. O. Pozhar, A. V. Duplinskiy et al.

We report the results of the implementation of a quantum key distribution (QKD) network using standard fibre communication lines in Moscow. The developed QKD network is based on the paradigm of trusted repeaters and allows a common secret key to be generated between users via an intermediate trusted node. The main feature of the network is the integration of the setups using two types of encoding, i.e. polarisation encoding and phase encoding. One of the possible applications of the developed QKD network is the continuous key renewal in existing symmetric encryption devices with a key refresh time of up to 14 s.