Quantum-Resistant Network for Classical Client Compatibility

and these remain unrealistic with classical computers. In transitioning to a mature quantum world, developing a quantum-resistant mechanism becomes a stringent problem. In this research, we innovatively tackled this challenge using a non-computational difficulty scheme with zero-knowledge proof in order to achieve repellency against quantum computing cryptanalysis attacks for universal classical clients.


Introduction
Computing can occur in any location and using a wide range of devices. The path to this accomplishment has passed through mainframe and personal computing, and then to Internet computing. Computation operates in an increasingly distributed manner; thus, data leakage threats have become ubiquitous. The current

Paper Organization and Contributions
This paper is organized as follows: Section 1 gives a brief overview of quantum cryptography and reviews research related to quantum resistance. Section 2 provides a detailed analysis of the important methods used for the proposed scheme. In Section 3, we further explain the methods in Section 2 and depict how we transform Zero-Knowledge Proof system concept to concrete proving/ verifying steps which suffice to support the idea of replacing public key exchange, to establish a quantum-resistant network. The algorithms comprising the scheme are given in Section 3, and the algorithm is summarized in Figure 4. The scheme extends the capability of traditional homomorphic encryption for addressing the vulnerability that quantum computers may bring. We offer a different perspective as an alternative to placing all bets on PKI improvements. We tested the real quantum computing provided by IBM Q experience of factorization and simulated the scheme algorithms in Section 4. The paper is summarized and concluded in Section 5.
Our main contributions are summarized below: _ The proposed scheme is compatible with classical computers and networks, allowing them to be quantum-resistant without the need for augmented quantum preparations. _ The novelty of the proposed scheme is how it achieves no public key-exchange during the entire protocol so that it greatly reduces the risk of quantum computing attacks. _ We establish an initiative that combines ZKP and FHE methods to reduce possible breaches caused by third-party validation.

Quantum Cryptography
Similar to quantum computing from the principles of quantum mechanics, quantum cryptography takes advantage of qubit states with its un-trackable and no perfect cloning nature. Suppose there is an existing state of a quantum system A, denoted as |ψ⟩A, which we wish to clone without any prior knowledge. Then we take another independent quantum system, A', of initial state with identical Hilbert Space [17], denoted as |e⟩A'. If we try to perform a measurement on A, the measurement immediately collapses the system into a certain eigenstate of the observable, totally corrupting the information contained in the original qubit. The alternative is to entangle the state of A and A' as a pair; these two systems can be seen as a composite object described by the tensor product A⊗A' of two vector spaces A and A', and its composite state is |ψ⟩A |e⟩A'. Next, to perform a unitary linear transformation (U) on quantum states to approximate the state |ψ⟩A, this cloning can be denoted as U |ψ⟩A |e⟩A' = |ψ⟩A |ψ⟩A'. (1) The imperfection that the theoretical bounds were derived on the fidelity of cloned quantum states has been proved. In classical communication channels, we use public key/ private key pair and a trusted third party to promise the cryptographic key distribution is assured, based on computational intractability. In a quantum communication channel, the proven limitation that guarantees no eavesdropper cannot create an exact copy of a quantum cryptography key is critical. The feature can be useful in Quantum Key Distribution (QKD) protocol, by which a private key can be generated between two parties over a public channel. QKD is provably secure [4] because the eavesdropper, Eve, cannot gain the exact information from the qubits transmitted from Alice to Bob without interfering with their state. By calibrating the threshold of the error rate, it is easy for Alice and Bob to be aware of whether eavesdropping is happening. Once the error rate is higher than pre-defined threshold, they can abandon the key and re-initialize the key-negotiation process until the low error rate is met. The shared key can then be used to encrypt and decrypt the classical information for communicating parties as we do now. The first famous QKD scheme, invented by Charles Bennett and Gilles Brassard in 1984, is known as BB84 [3,4].
QKD is rigorously secure (many researchers consider it unconditionally secure) [1,12,18], but it requires quantum network infrastructure and quantum devices at both sides to transmit quantum bits and generate their shared key. QKD has emerged from the laboratory but remains in the preliminary implementation stage [8]. It is not widely adopted for most communicators due to noise interfering and performance and cost concerns [13,19]. The aforementioned limits entail little compatibility with the current classical client running infrastructure.

Previous Quantum Resistance Research
In 2012, the Computer Security Resource Center in National Institute of Standards and Technology (NIST) initiated a project called Post-Quantum Cryptography standards [22], for reviewing contemporary technologies to develop effective new algorithms for protecting electronic information from attack by the computers of both tomorrow and today. The goal is simple-keeping existing public key infrastructure intact in a future era of quantum computing. The most promising replacements of public key infrastructure are proposed and analyzed; these fall into a couple of large algorithm families: lattices-based, code-based, multivariate-based, hash-based, and isogenies-based. Each has its own pros and cons. The comparison of each main family, today versus PQC effectiveness, is listed in the following table (see Table 1). Some other modernized implementations, such as Post-Quantum Yao and PQ-QT [6], still fall in the main family here.
The common and noteworthy merit of these algorithms is compatibility with classical clients, without the need for augmented quantum preparation, qubits measurement, or quantum channel transmission. In contrast to quantum augmentations and quantum channels, the cost of the above algorithms is quite acceptable; however, except hash-based family, the security promises of the remaining rely heavily on the mathematical difficulty barrier, i.e., computational In this paper, we emphasize that a PQC scheme whose security commitment relies on none of three hard mathematical problems (i.e., the integer factorization problem, the discrete logarithm problem, and the elliptic-curve discrete logarithm problem) finding a path in the isogeny graph of super-singular elliptic curves.

Proof System for Authentication
The essential disparity between quantum computing and classical computing is computing speed. With that in mind, instead of complexity confrontation, devising a scheme that is radically independent of the mathematical difficulty barrier may be the best way to avoid quantum attacking. The Zero-Knowledge Proof (ZKP) method is one of the problem-solving candidates.
A ZKP is a system to prove the authenticity of a statement without leaking extra information of statement. A famous metaphor, Ali Baba's Cave [25], is quite a good example to show the ZKP philosophy intuitively. The cave layout is illustrated as in Figure 1, with the entrance on one side (Point E) and the magic door blocking in the middle walkway at the cave's opposite side; only the person who knows the secret word of a magic spell can unlock the door. The verifier (V) wants to know whether the prover (P) holds the secret word (w); P also wants to prove his awareness of w, but he does not want to reveal his knowledge (i.e., w) to V or to reveal his knowledge to other observers (O). To achieve this with ZKP, they can label the left and right paths as A and B and set some ground rules. First, V waits outside the cave at E as P goes in. P chooses either path A or B. Second, V is not allowed to see which path P takes. Then, V enters the cave and stands at point M, shouting the name of the path via which that V wants P to return, either A or B, chosen at random. Providing P really does know the magic word; this is easy: P opens the door using w, if necessary, and returns along the desired path. However, suppose P did not know the magic word, w, then P would only be able to return via the same path by which he had entered. Since V would choose A or B at random, P would have a 50 percent chance of guessing correctly. If they continued the round many times, say 20 times in a row, P's chance of successfully anticipating all of V's requests would become extremely low (i.e., 1/220, about one in a million). Thus, if P repeatedly appears at the exit V requests, then V can conclude that it is very likely that P does know w. From start to finish, w is unknown to the V and the other observers, O, and this embodies zero-knowledge.

Homomorphic Encryption System for Confidentiality
An intuitive approach for preserving the privacy of user information in cloud-based services is to encrypt everything before sending it to the cloud. This is secure, but the cloud service cannot operate on data to provide computing advantages before decryption. The dilemma is that we can never securely transmit a conventional decrypting key. Thus, we wonder whether there exist encryption schemes that allow some computation to be performed directly on encrypted data (without first decrypting it). The birth of homomorphic encryption (HE) was exactly to this end, computation on ciphertexts without decrypting sensitive data. This empowers the users to outsource their computing work to cloud service providers securely or to chain different services (secure multi-party computation) together. A general HE scheme, ε, is primarily characterized by four operating phases: KeyGen ε , Enc ε , Dec ε , and Eval ε , as shown in Figure 2. Let plaintext m ∈ M, ciphertext c ∈ C, and a key pair k ∈ K, where K is a secret key space for encryption and decryption. In KeyGen ε , we design a specific algorithm to generate a key pair used for the next encryption, decryption, and evaluation phases.
The output of KeyGen ε can be denoted as k = (k e , k d ). It is known as symmetric HE if k e = k d ; asymmetric HE if k e ≠ k d . Here, we use the symmetric key and deem it the same as P's secret key (a simplified w). To avoid some sophisticated attacks, the actual k e is a hashed mixture of a random oracle and an initial vector composed to-gether as a dynamic key generating process. We will elaborate on the mechanism further in Section 3.
In phase Enc ε , the inputs are k and m, so the output, c, can be denoted as c = Enc ε (k e , m). (2) In phase Dec ε , the inputs are k and c, so the output, m, can be denoted as In the phase Eval ε (a.k.a. re-encryption), it is correlated with a set of operating functions F ε and the output can be denoted as Eval ε (k e , f, c1, c2, … ct,) = f (m1, m2, … mt) (4) for every Boolean function f ∈ F ε and arbitrary ciphertext c1, c2, … ct, where ci = Enc ε (k e , mi).
Thus, the correctness of the scheme is satisfied when C←Eval ε (k e , f, c) ↔ f (m1, m2, … mt) = Dec ε (k d , c). (6) In short, the operation F ε in ciphertext space, C, which is constructed by the encryption after the completion of f on its corresponding plaintext space, M, can be denoted as where f is usually a time-consuming/ compute-intensive task, with HE, since f (M) and C are homomorphic, any F ε operation executing on C by the third-party service provider is equivalent to its counterpart, Enc ε (f (M)).
As a result, decrypt the F ε (C), and we get f (M), so we are allowed to delegate Enc ε (f (M)) to any third-party service providers securely.
In the early version, Enc ε is classified as a Partially Homomorphic Encryption (PHE) algorithm of f, because f can only operate addition or multiplication under encryption, but not both; then, an advanced version scheme comes in and is classified as Somewhat Homomorphic Encryption (SHE) since f can operate both addition and multiplication with limited rounds. Finally, f can operate both addition and multiplication with no infinite rounds, so the Enc ε scheme is deemed a Fully Homomorphic Encryption (FHE), which was implemented in 2009 based on PHE and SHE by Gentry [31].
FHE cryptosystems have better practical implications in the outsourcing of private data computations. An intuitive example is a line of assembling gold or diamonds into rings. A piece of gold (data) is locked inside a glovebox (encrypted by FHE) so that a worker (the cloud service provider) may transform it into a ring (the computed result). The ring is later taken out by the ring owner (data owner) when the glovebox is unlocked by the ring owner's key (data owner's secret key). This prevents the key from transmitting risk (hacking/ embezzled) and the possibility of gold stolen (data stolen), shown as the following figure 3.

Figure 3
Glovebox idea and FHE [20] (1) _ The eavesdropper, E: Eve, the eavesdropper who is spying on the classical channel between Alice and Bob. Eve can be an imposter and conducts MITM attacks. Furthermore, Eve can delegate her computing tasks to any cloud service provider, even attainable to the quantum grade. _ The statement, x: Since Alice uses w to encrypt the data to be processed, the statement is that Alice knows the valid data owner's secret key w. _ The proof, π: It is related to the parameters x and w, i.e., π ← Prove (x, w); without revealing w to V, P has to convince V that her knowledge of w to hold the inequality 1 ← Verify (x, π) true. _ The private data set was pre-processed by a specific FHE algorithm, ε, before transmitting to the verifier, V. The encryption key, w, needs to be generated in the phase, KeyGen ε , and used to encrypt the data set.
For the entire proving protocol, V can learn nothing about P's knowledge of w.

Proposed Scheme
Based on the above-elaborated analysis on currently known methods, we can merge the two systems into a new scheme in a novel way.
Instead of relying on public key infrastructure, we transform the data privacy problem of outsourcing cloud computing into a zero-knowledge proof manner. The scheme mixes ZKP and FHE, acting as Ali Baba's cave with an FHE glovebox in-between the classical client (Alice) and her cloud service provider (Bob). We name the scheme ZKP-Cave after this philosophy (as shown in Figure 4).

Figure 4
ZKP-Cave -a fully homomorphic encryption scheme that conforms with zero-knowledge proof and is compatible with classical parties ZKP-Cave elements: _ The prover, P: Alice, the cloud service consumer who has her secret key, w, to encrypt her data and plans to outsource her computing tasks to the cloud service provider, Bob. Before Bob accepts Alice's tasks, Alice must prove she really is the secret key owner who uses the key to encrypt the data within the tasks. _ The verifier, V: Bob, the cloud service provider who has sufficient computing and memory resources, even attainable to the quantum-grade. Bob verifies the consumer's identity and ownership before processing the computing tasks.

Initialized inputs:
rounds: the rounds of executing the dummy test task randNum : a random integer number generated from a Random class

Incorporate with Improved Fully Homomorphic Symmetric Encryption
The version of Fully Homomorphic Encryption (FHE) has two main classes: asymmetric and symmetric. In the early version of the asymmetry-based approach, the size of encrypted data proliferates rapidly. It is inevitable for a bootstrapping framework, which accumulates noise of a large number of keys per computation [9]. Most as-is schemes are devoted to decreasing growing data size and processing overhead; the papers [5,7,20,23,29] present the improved version of FHE without Gentry's bootstrapping prerequisite.
However, almost all asymmetry-based approaches are based on the same assumption (i.e., the large integer factorization remains a hard problem). Given the evolving maturity of quantum computing, the exposure of a public key can lead to the compromise of its private key used in the first place.
Our scheme sets the symmetric version FHE as the basis for encryption/ decryption-sensitive data to become immune to the above attacking problems in a quasi-quantum cloud computing world. Per the KeyGen ε process discussed in the section of methods analysis, caution taken with the use of symmetric FHE in our scenario should design to be resistant to chosen and known-plaintext attacks from on-premises network interceptors, although the threat has nothing to do with the initial proposition of quantum-power attacks from the cloud or internet eavesdroppers. Our solution to this type of attack is incorporating every time dynamic key generation and dynamic block encryption while executing homomorphic encryption. Likewise, the extra inversed process should be involved during the decryption process of symmetric FHE, referring to P's secret key (i.e., w). Hariss et al. [9,10] have proposed the detailed implementation of dynamic key generation and dynamic block encryption.

Test and Evaluation
To analyze as-is quantum attacking force and the proposed scheme capability, we conducted several tests and evaluations to evaluate its effectiveness.

Factorization Attack Test on IBM Quantum Cloud Computers
The implementations are done with Python, Jupyter Notebooks, and IBM QISKit [11,24], which allow developers to explore IBM Q Experience [14,15] -a real cloud-enabled platform of quantum processors. In this work, the Shor Factorizing algorithm has been executed on IBM's quantum computer, as shown in Figure 5. In earlier research, the theoretical circuits of Shor's algorithm use 2n+3 qubits for factoring [2], yet the circuits consume 4n+2 qubits for factoring with IBM Q Experience in practice, according to our observation. We infer that the overhead comes from auxiliary quantum registers used in addition and multiplication of algorithm implementation. Furthermore, our test result shows that burst time in quantum processors consumes rapidly when the slow rise of small integer factorization. The trend has self-explained enough, even with IBM's state-of-the-art 53-qubit quantum computer [21], still hard to deal with the length of 13-bit integer factorization in a flash time, not to say threaten 1024-bit or 2048-bit key length in which we found commonly used by cryptographic algorithms today. However, should Moore's Law or even Neven's Law [28] be applied to the number of quantum computing power qubits growth, in less than two decades, the factoring run chart result would be quite different.

Scheme Effectiveness Simulation
Referring back to the definitions of the ZKP-Cave elements in the section of the proposed scheme, we can simulate the interactions of proving steps and verifying steps.
ZKP-Cave Proving Steps: _ A cloud service consumer P first generates a dummy test task that includes random plaintext numbers(operands). P chooses a small number of plaintext numbers and calculates them with a random Boolean operator, either multiplication or addition. _ P encrypts the chosen plaintext operands and their Boolean operational result, respectively, with P's secret key (i.e., w). P keeps these ciphertexts as a set of dummy test task results. _ P repeats the above process for t rounds and hence gets t sets of dummy task results. Within the dummy task results, there are two kinds of groups; one is the operand set, another is the operational result set. Every operand set has a corresponding operational result in the operational result sets. _ Next, P submits ciphertexts of operand sets and operational result in scrambled order to V over a classical channel.

ZKP-Cave Verifying Steps:
A cloud service provider V receives and stores the ciphertexts of operand and operational result sets from P for later processing and verification. _ V verifies P, who claims to be authentic, by sending an encrypted operand pair that is randomly picked up out of the stored operand sets and asks for the correct encrypted operational result repeatedly. Once V gets the response, regardless of whom, he immediately compares whether that matches anything in the operational result sets sent from the authentic P in the very beginning. _ When an eavesdropper, E, tries to trick V into believing that E = P since E has no idea of which operand set (encrypted) is corresponding to which operational result set (encrypted), she can only respond the challenge by guessing one from the set pairs earlier sent by P. As the examining rounds grow, V will find the hit rate abnormally decreased as the number of dummy test rounds increases. From the scene, V knows there must be someone in the middle who is trying a hack engineering; thus, V can discard the rest of the verifying process and invalidate any request by the session. The soundness can be achieved since the cheating P can always be rejected by the honest V. _ After t rounds of operand sets have been traversed with a high hit rate, V would have a high confidence level that 1 ← Verify (x, π) holds true to accept as P; otherwise, V invalidates the session. The completeness can thereby be achieved.
The evaluation result is summarized in Table 2. With several rounds of dummy test execution generated by cloud service consumers, we can observe that the scope for a cloud service provider is merely executing massive instructions on the operation result in ciphertext with pre-defined FHE evaluate algorithm of ZKP-Cave. Notice that the data-in-process always stays in a ciphered manner during the protocol. ZKP-Cave prevents malicious cloud service providers from spying on sensitive content. The scheme promises zero-knowledge commitment against its secret knowledge processors and any other eavesdroppers.
The effectiveness of our scheme maintains a simulator to produce a scrambled and indistinguishable output to avoid linkage with any meaning during the interaction between the prover and the verifier. In the case of a malicious adversary/ service provider armed with quantum computing power, since there is no key-exchange during ZKP-Cave protocol, there is no PKI computational vulnerability that can be breached by quantum computation.

Discussions
When dealing with issues such as secure multi-party computation, the approach of simulation is most commonly used. The critical key of simulation is to build an undistinguishable carrier to an adversary that interacts with all parties involved. In our scheme, we see the nature of quantum computing, i.e., the result is a measuring state with higher probability; in other words, there is always a chance of lower probability to get wrong answers. Our scheme promises data pri-vacy based on FHE, and symmetric key encryption casts away the asymmetric keys and artfully builds an example of this carrier on top of the proving and verifying processes to reject possible quantum eavesdroppers who always have a slight chance to respond wrong answers. However, the challenge is, we now have very limited knowledge of the internal space of quantum adversaries about their all generic quantum states, actions, and communications behaviors. We need to carry on with modeling quantum adversary's attacking capability. The success of continuously proving quantum security heavily relies on the completeness of modeling works [27,30]. These questions remain open, and their model structure analysis will be covered in our future research interests.

Conclusions
In this paper, after introducing quantum computing, quantum cryptography, and discussing various post-quantum cryptography schemes and limits, we propose an original scheme to include a zero-knowledge system and FHE symmetric encryption. The proposed method is an instance to combine the authentication of ZKP and the confidentiality of FHE in a communicating system to preserve data privacy in the scenario of immature quantum computation. Quantum computers will eventually be helpful to solve innovation problems as well as giving rise to various trusted computing issues. Convergence of technology is one direction for achieving this, which deserves to long, hard contemplation among academics.
We look forward to motivating more possibilities in the quantum resistance field and continual improvements for cloud computing security. Coupling different measures to a certain extent of secure diversity are our suggested way to sustain safety under uncertain quantum computing attacks.