Post Quantum Communication Over the Internet Infrastructure

The need for a post-quantum Internet is emerging, and this is a great opportunity to re-examine the legacy of public key infrastructure. There is a need for perspective on the evolution of cryptography over the years, including the perfect information theoretical secure schemes and the computationally secure schemes, in particular. There is also a need to examine the evolved Internet infrastructure to identify and design efficient and secure cryptographic schemes over the existing Internet infrastructure. A combination of overlay security, Blockchain, and Merkle trees with Lamport’s signatures implies such an easily implementable post quantum Internet. The tutorial covers the basics of post-quantum techniques, one-time-pad (OTP), secret-sharing (SS), secure multi-party computation (SMPC), zero-knowledge proof (ZKP) based on SMPC in the head, Hash (SHA) based stateless signature (HBSS), Symmetric encryption (AES), Asymmetric encryption (SVP), and post-quantum Blockchain.


INTRODUCTION
The interest in post-quantum cryptography has significantly grown in recent years.NIST (National Institute of Standards and Technology) authors wrote an overview on the subjects in 2009 [26], the activity expanded dramatically, having dedicated conferences on the subject [28].The most challenging component of Internet security that needs to be considered is replacing the existing asymmetric encryption scheme, namely, to replace RSA [30].For this, there are several candidates: Lattice-based cryptography (e.g., Shortest Vector Problem, Closest Vector Problem), code-based cryptography (e.g., McEliece, Niederreiter), and more see e.g., [25].The second challenging task is a replacement for the signature scheme; here hash based Lamport's one-time signature together with Merkle tree are believed to address the need, see [41] for an overview.Integrating the post-quantum cryptographic ingredients in a complete infrastructure is also challenging, as we detail in the sequel.
We present a design for post-quantum communication over the existing Internet infrastructure.No hardware changes are required, only software updates over the heterogeneous Internet architecture.Different aspects of the solution are presented in the sequel.

QUANTUM COMPUTING TODAY
The emergence of quantum computers is a fact [12], beyond the commercial non-universal commercial quantum computer of several thousand qubits of DWave [11], IBM commercializes 50 qubits quantum computers [18].The quantum computers race leads to exponential growth in the number of qubits, where in 2018, Intel presented 49 qubits quantum computer [19], and Google announced 72 qubits computers [16].In addition, several startups, including Rigetti, announced a 36 qubits quantum computer [29] and a Quantum Processing Unit (QPU), see also IonQ [20] and QCI [33].
Many Quantum computers restrict the qubits that participate as inputs for quantum gate operations and employ qubits teleportation to allow quantum gate operations over non-neighboring quantum bits, e.g., [8,38].The advance in techniques for producing entangled qubits and teleportation [31,40] may assist in using several quantum computers to cooperate on a task by teleporting qubits from one to the other.Thus yielding a virtual quantum computer with the needed qubits for the task.In particular, for breaking the asymmetric encryption schemes in use almost immediately, much earlier than estimated.

QUANTUM ALGORITHMS
Shor's algorithm [36] designed for quantum computers, changed the way modern cryptography and Internet security is captured.Additional algorithms for quantum computers are frequently invented [4,32].
Computationally secure cryptography is based on the unproven assumption of a one-way function, which can be computed easily but is hard to invert.There always exists the risk that an algorithm that breaks such a considered one-way function is found, e.g., [1].Even one-way functions proposed for post-quantum cryptosystems are at risk of the discovery of new efficient inverse algorithms.One famous example of an open problem for decades is the primality test, which had no polynomial deterministic algorithm until [2]; surprisingly, just such an algorithm was found.

PERSPECTIVE ON ENCRYPTION
Asymmetric encryption schemes, proposed by Merkle [24], Diffie Helman [9] and Rivest Shamir and Addelman [30], formed a revolution in cryptography.Asymmetric encryption enabled the creation of a symmetric key among communicating parties over tapped communication links [9,24] and is even able to identify the intervention of malicious parties in the communication [30].The identification of such malicious parties was due to the capability of [30] to sign certificates that monolithically associated a public key with the entity identity description to which the public key belongs.A trusted third party issues the signature, the certificate authority.This public key infrastructure is the de-facto security infrastructure today, securing Internet activity, including military, governmental, social, financial, and, in fact, all activities on the Internet.
Thus, the appearance of quantum computers and fitting quantum algorithms that may break the basic mathematical foundations of [9,30], have great implications.Post-quantum cryptosystems [27] are examined, e.g., [15] replacing the believed one-way functions currently used by other functions, also believed to be one-way functions.Provable perfect encryption does exist, namely, encryption based on the classical one-time pad [35], as long as the one-time pad is a true random sequence.True random sequences are possibly produced using quantum effects, e.g., [17].
The other difficulty in using a one-time pad, is the need to share the one-time pad prior to communication.The one-time pad can be shared prior to communication by physically delivering a copy of the one-time pad.Distribution of a on-time pad to many users may risk the loss or duplication of one copy of the one-time pad, nullifying the secrecy of the encryption.
Quantum key distribution [3] suggests using quantum entanglement for detecting a tapper in the communication of random bits; however, this scheme can only be used in direct links of at most 100 kilometers.Recently, [22] succeeded in using satellites to share a key over longer distances.This key in fact, can be viewed as a short one-time pad, as the rate of the received random bits is limited.

OVERLAY SECURITY
Occasionally, one must send a credit number electronically, sending one email with the first digits of the credit card and another email with the rest.Still, the email servers and the internet server providers may act as a man in the middle or tap in, capturing part or all of the digits of the credit card.It is possible to send a random string via WhatsApp (owned by Facebook) and the bitwise xor of the credit card with the random string via Gmail.On the one hand, this resembles sending entangled bits in two channels.On the other hand, just like content distribution networks (CDN), e.g., Akamai, that uses overlay network of the Internet ISPs as their source for extra reliability and services, overlay security uses the accumulated secrecy, authenticity, and identification of the diverse capabilities of the communication channels, applications, and protocols.
The maturity and evolvement of the Internet technology enabled the CDN company to use the Internet infrastructure as a playground for delivering content at will.In the last decades, more and more communication channels identify, authenticate and secure the communication between entities.Email, SMS, push notifications, and messengers (WhatsApp, Facebook Messenger, Skype, Snapchat, LINE, Linkedin, Telegram, Weibo, Slack...) form logical (as opposed to physical) separate secured channels.Each channel, even if they use the same physical channel, implies already built trust in the identification and authentication of the entity communicated through the channel.Moreover, the maintenance and repair of the security of each channel are guaranteed by the channel supplier.Still, each channel may act as a man-in-the-middle, accumulating the communications transmitted through the channel servers.The use of a random one-time pad over channels nullifies information accumulated by the server of each channel.This is the current playground used by the overlay security concept, to create a symmetric key based on a perfectly secure information theoretical-secure scheme, namely, post-quantum replacements for asymmetric encryption.In addition, the security of new channels can be obtained inductively by the security of existing channels, employing them to create a random shared key for the new channel.

REDUNDANCY AND SECRET SHARING
Overlay security uses several channels and random numbers to obtain a high level of confidence in identification, authentication, and secrecy, a level implied by all the used channels.However, if one of the channels, say Android push notification, is unavailable (possibly in China), then the communication is blocked.Secret sharing [5,34] schemes imply a tunable threshold for the number of channels needed to reconstruct the secret.Shamir secret sharing is based on polynomials over a finite field, where each participant, in our case channel, receives one point of the polynomial, and the secret is the free coefficient of the polynomial.For example, if the polynomial is a random linear function with the secret being the free coefficient, any two participants/channels can reveal the secret, but a single participant/channel has absolutely no information on the secret.Polynomials with greater degrees used over many channels may imply more trust in the aggregated identification, authentication, and secrecy while allowing several of the channels to be blocked or even corrupt the information conveyed through them.

DISTRIBUTED TRUST, BLOCKCHAIN, BEYOND SOCIAL IDENTITY
Certificate authorities are a major source of trust for the public key infrastructure.The certificate authority identifies an entity and signs a certificate that associates a public key with the entity description.To communicate with an entity, a search of several participants in the distributed ledger returns contact information for the entity.Using the communication channels in the contact information and secret sharing enables the creation of a symmetric key.The newly created random symmetric key may, in turn, be used in employing efficient advanced encryption standards (AES) over a single communication link.Unlike the functions used in asymmetric encryption, AES is crafted and believed to imply post-quantum encryption.The key length should still be carefully selected to accommodate the quadratic speedup of the search of Gorover's algorithm [13].Note that secure hash algorithms (SHA) are crafted similarly to AES and are also believed to be post-quantum, reducing the risk of finding an efficient number theory solution for a natural problem, such as discrete logarithm.

POST-QUANTUM SIGNATURES
The ability to perform a transaction in an undeniable fashion over the Internet is important, especially when financial transactions are executed.Lamport's one-time signature [10,21] is not tied to a particular one-way function.Thus, Lamport's signature can employ a secure hash function, such as SHA.Merkle trees with many private keys in the leaves (leaves that several nested hash functions can also produce) and the tree's root serving as the public key yield an efficient post-quantum signature scheme.The root value may be stored with the contact information that resides in the Blockchain.The contact information with the public value of the root will be added to the distributed ledger after the Blockchain participants verify and approve the identity of the contact information and root value owner.

CONCLUSION
Overlay security combined with distributed trust forms an immediate post-quantum alternative to the public key infrastructure.The existing technologies enable (1) the use of multi-logical/physical channels to create a random secret at will, (2) use of the Blockchain distributed ledger as a replacement for a single point of failure trusted authority, and (3) produce post-quantum signatures.
The suggested change can gradually, seamlessly, and smoothly emerge over the existing infrastructure without the need to restructure any Internet component.
The history of the Internet testifies to examples of the vulnerability of the trust associated with certificate authorities.