πŸ”¬ Quantum Computing & Cryptography β€” Deep Dive

β€œIf you think you understand quantum mechanics, you don’t understand quantum mechanics.” β€” Richard Feynman
”The only way to prove you understand quantum cryptography is to actually break RSA with a quantum computer.” β€” Anonymous cryptographer

πŸ“– Overview

Quantum computing represents a paradigm shift from classical bits to qubits that exploit superposition, entanglement, and interference. This note covers the full spectrum: from qubit fundamentals and quantum gates through Shor’s and Grover’s algorithms, the NIST PQC standardization process, post-quantum cryptographic primitives (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, SPHINCS+), quantum key distribution (BB84, satellite QKD), quantum error correction using surface codes, hardware modalities (superconducting, trapped ion, photonic, topological), the Y2Q threat timeline, crypto agility, and migration strategies including hybrid certificates and PQ/TLS. Written in Bahasa Indonesia campur English for a bilingual technical audience.


πŸ“‹ Daftar Isi

  1. 1 Qubit Fundamentals β€” Superposition, Entanglement, Measurement
  2. 2 Quantum Gates β€” Pauli, Hadamard, CNOT, Toffoli, SWAP
  3. 3 Quantum Circuit dan Quantum State Representation
  4. 4 Shor’s Algorithm β€” RSA/DH/ECDSA Breakdown
  5. 5 Grover’s Algorithm β€” Symmetric Key Speedup
  6. 6 Post-Quantum Cryptography β€” NIST PQC Overview
  7. 7 CRYSTALS-Kyber β€” Key Encapsulation Mechanism
  8. 8 CRYSTALS-Dilithium β€” Digital Signature
  9. 9 FALCON β€” Fast Fourier Lattice-Based Signature
  10. 10 SPHINCS+ β€” Stateless Hash-Based Signature
  11. 11 NIST PQC Standardization Timeline
  12. 12 Quantum-Safe Migration β€” Hybrid Certificates dan PQ/TLS
  13. 13 Quantum Key Distribution (QKD) β€” BB84 Protocol
  14. 14 Satellite QKD β€” Micius dan Beyond
  15. 15 Quantum Hardware β€” Superconducting Qubits
  16. 16 Quantum Hardware β€” Trapped Ion dan Photonic
  17. 17 Quantum Hardware β€” Topological Qubits dan Majorana
  18. 18 Quantum Error Correction β€” Surface Codes
  19. 19 Logical Qubits dan Fault-Tolerant Threshold
  20. 20 Threat Timeline Y2Q β€” Kapan RSA-2048 Jatuh?
  21. 21 Crypto Agility β€” Hybrid Key Exchange dan Migration
  22. 22 Quantum Random Number Generators (QRNG)
  23. 23 Quantum-Safe TLS dan Internet Standards
  24. 24 Summary dan Next Steps

1. Qubit Fundamentals β€” Superposition, Entanglement, Measurement

1.1 Konsep Dasar Qubit

Unlike classical bit yang hanya bisa bernilai 0 atau 1, sebuah qubit (quantum bit) bisa berada dalam superposition β€” kombinasi linear dari kedua state:

di mana dan adalah basis states (biasanya basis Z / computational basis), dan dengan kondisi normalisasi:

KonsepAnalogi KlasikPenjelasan Quantum
Bit vs Qubit0 atau 10, 1, atau superposition keduanya sekaligus
MeasurementInstant readCollapse superposition, destroy informasi
GateAND/OR/NOTUnitary transformation, reversible
CopyMudahNo-Cloning Theorem β€” qubit tidak bisa dicopy

1.2 Superposition

Superposition memungkinkan qubit mengeksplorasi banyak jalur komputasi secara simultan. Ini adalah sumber quantum parallelism:

Setelah Hadamard gate, qubit berada di superposition equal. Ketika diukur, probabilitas 50% untuk dan 50% untuk .

⚠️ Measurement Collapse

Mengukur qubit menghancurkan superposition. Hasil yang didapat adalah 0 atau 1 dengan probabilitas atau . Setelah measurement, qubit berada di basis state sesuai hasil measurement β€” semua informasi tentang fase hilang.

1.3 Entanglement

Entanglement adalah fenomena quantum di mana dua atau lebih qubit menjadi berkorelasi secara instant β€” tidak peduli seberapa jauh jarak mereka. Einstein menyebutnya β€œspooky action at a distance”.

Pasangan Bell states yang umum:

Bell StateFormulaPenggunaan
QKD, teleportation
QKD variant
Superdense coding
Error detection

Ketika dua qubit entangled, mengukur satu qubit secara instant menentukan state qubit lainnya:

# Classical XOR vs Quantum Entanglement
def classical_entangled():
    # Classically correlated, not truly entangled
    import random
    b1 = random.choice([0, 1])
    b2 = b1  # correlated, tapi bukan quantum
    return b1, b2
 
def quantum_entangled():
    # True Bell state entanglement
    # Setelah CNOT + Hadamard, qubit 0 dan 1:
    # measuring 0 -> instantly know 1
    return "50% (|00⟩ or |11⟩) β€” instant collapse"

1.4 Measurement Problem dan Interpretasi

Measurement dalam quantum mechanics masih menjadi topik debat filosofis:

InterpretasiPenjelasanProponent
CopenhagenCollapse terjadi saat observasiBohr, Heisenberg
Many-WorldsSemua outcome terjadi β€” parallel universesEverett
Pilot-WaveDeterministic dengan hidden variablesde Broglie, Bohm
QBismInformasi subjektif dari agentFuchs, Caves

Untuk tujuan komputasi, Copenhagen interpretation paling pragmatis: measurement collapse, get classical output.


2. Quantum Gates β€” Pauli, Hadamard, CNOT, Toffoli, SWAP

2.1 Families of Quantum Gates

Quantum gates adalah unitary operators (memenuhi ) β€” artinya semua quantum computing bersifat reversible kecuali measurement.

2.2 Single-Qubit Gates

GateMatrixActionSimbol
Pauli-X (NOT)Flip: βŠ•
Pauli-YBit + phase flipβ€”
Pauli-ZPhase flip: βŠ™
Hadamard (H)Create superpositionH
Phase (S)90Β° phase rotationS
T Gate45Β° phase rotationT

2.3 Multi-Qubit Gates

GateInput β†’ OutputMatrixPenggunaan
CNOT (controlled-X)Entanglement generator
Toffoli (CCNOT)Universal reversible computing
SWAPQubit routing
Fredkin (CSWAP)Controlled SWAPReversible circuit

2.4 Quantum Gate Decomposition β€” Universal Gate Sets

Setiap unitary operation bisa didekomposisi menjadi set universal quantum gates:

Universal sets:

  1. {H, CNOT, T} β€” Clifford + T (paling umum untuk fault-tolerant)
  2. {Toffoli} β€” single gate universal (tapi praktisnya expensive)
  3. {CNOT, single-qubit rotations} β€” untuk NISQ devices
# Quantum Gate Simulation (classical statevector simulator)
import numpy as np
 
def hadamard(qstate, qubit_idx):
    """Apply Hadamard gate on statevector"""
    H = np.array([[1, 1], [1, -1]]) / np.sqrt(2)
    if qubit_idx == 0:
        full_gate = np.kron(H, np.identity(2))
    else:
        full_gate = np.kron(np.identity(2), H)
    return full_gate @ qstate
 
def cnot(qstate, control=0, target=1):
    """Apply CNOT gate"""
    CNOT = np.array([
        [1, 0, 0, 0],
        [0, 1, 0, 0],
        [0, 0, 0, 1],
        [0, 0, 1, 0]
    ])
    return CNOT @ qstate
 
# Create Bell state
psi0 = np.array([1, 0, 0, 0])  # |00>
psi = hadamard(psi0, 0)
psi = cnot(psi, 0, 1)
print(f"Bell state: {psi}")  # [1/√2, 0, 0, 1/√2]

2.5 Gate Fidelity dan Error Rates

PlatformSingle-Qubit Gate FidelityTwo-Qubit Gate Fidelity
Superconducting (IBM)99.9%99.0-99.7%
Trapped Ion (Quantinuum)99.99%99.8%
Photonic (Xanadu)99.0%97.0%
Neutral Atom (QuEra)99.5%98.5%

πŸ’‘ Gate fidelity adalah ukuran seberapa dekat gate actual dengan gate ideal. Dihitung dari process fidelity β€” perbandingan output state aktual vs theoretical.


3. Quantum Circuit dan Quantum State Representation

3.1 Representasi State dalam Komputasi Quantum

Sebuah quantum state dengan qubit direpresentasikan sebagai vector di Hilbert space berdimensi :

di mana dan adalah basis computational ( sampai ).

3.2 Quantum Circuit Model

Quantum circuit terdiri dari:

  • Qubit lines (horizontal lines)
  • Gates (applied sequentially left-to-right)
  • Measurement (akhir circuit, collapse ke classical bit)
  • Classical registers (untuk output)
Visual representation (simplified):
   |0⟩ ---H---●---M ⟩ 0
   |0⟩ -----X-----M ⟩ 0

3.3 Noise Models β€” Depolarizing, Amplitude Damping

NISQ (Noisy Intermediate-Scale Quantum) devices punya noise signifikan:

Noise ChannelEffectParameter
DepolarizingRandomly replace state with maximally mixedError rate
Amplitude DampingEnergy relaxation ( decay) time
DephasingPhase randomization ( decay) time
Readout ErrorWrong classification saat measurementReadout fidelity

Quantum simulations di classical computer tidak mengalami noise β€” salah satu alasan kenapa simulator tidak bisa menggantikan quantum hardware untuk validasi algoritma noise-sensitive.


4. Shor’s Algorithm β€” RSA/DH/ECDSA Breakdown

4.1 Mengapa Shor’s Algorithm Revolusioner?

Shor’s Algorithm (Peter Shor, 1994) adalah algoritma quantum polynomial-time untuk:

  1. Integer factorization β€” memecah (basis RSA)
  2. Discrete logarithm β€” memecah DH dan ECDSA

4.2 Analisis Kompleksitas

AlgoritmaComplexity KlasikComplexity Quantum
Factor RSA-2048~ tahun (GNFS)~ detik (dengan error correction)
Discrete Log (256-bit EC)~~ Grover
Goldilocks (448-bit EC)~~ Grover

4.3 Shor’s Algorithm β€” Langkah-langkah

  1. Reduction: Cari period dari
  2. Quantum Phase Estimation (QPE): Gunakan Quantum Fourier Transform (QFT) untuk extract period
  3. Continued Fraction: Classical post-processing untuk extract (period)
  4. GCD Calculation: Dari period , cari faktor nontrivial:
# High-level pseudocode untuk Shor's Algorithm
def shor_factor(n: int):
    """Find a non-trivial factor of n using Shor's algorithm"""
    assert n % 2 != 0, "n must be odd"
 
    # Step 1: random a < n
    a = random.randint(2, n-1)
    if gcd(a, n) != 1:
        return gcd(a, n)  # lucky
 
    # Step 2: Quantum period finding
    # |0βŸ©βŠ—m|0βŸ©βŠ—L ─HβŠ—m─► 1/√(2^m) Ξ£_x |x⟩ |0⟩
    # ─ Controlled-U^{x} ─► 1/√(2^m) Ξ£_x |x⟩ |a^x mod n⟩
    # ─ IQFT ─► measure ─► period r
 
    # Step 3: Classical post-processing
    # Measure phase Ο† β‰ˆ s/r, use continued fraction to find r
 
    # Step 4: Extract factor
    # If r is even and a^(r/2) β‰  Β±1 mod n:
    #   factor = gcd(a^(r/2) - 1, n) or gcd(a^(r/2) + 1, n)
    # Else: retry with different a
 
    r = quantum_period_finding(a, n)
 
    if r % 2 == 0 and pow(a, r//2, n) != n-1:
        return gcd(pow(a, r//2, n) - 1, n)
    else:
        return shor_factor(n)  # retry

4.4 Resource Requirements untuk Memecah RSA-2048

ResourceEstimasi
Logical qubits~20 million
Physical qubits (surface code, d=27)~20 billion
T gates~
Runtime (dengan parallelization)~8 jam β€” 8 hari
Magic state factoriesRibuan

4.5 Impact untuk Kriptografi Asymmetric

CryptosystemKey Size Aman KlasikKey Size Aman Pasca-Quantum
RSA3072-bitBroken by Shor
DH3072-bitBroken by Shor
ECDSA / EdDSA256-bitBroken by Shor
ECDH (X25519)256-bitBroken by Shor

☒️ Implikasi

Semua kriptografi public-key klasik (RSA, ECDSA, DH, DSA) akan runtuh total ketika quantum computer dengan ~20 juta logical qubits tersedia. Tidak ada peningkatan key size yang bisa menyelamatkan β€” algoritmanya sendiri yang inherently insecure terhadap Shor.


5. Grover’s Algorithm β€” Symmetric Key Speedup

5.1 Quantum Search β€” Quadratic Speedup

Grover’s Algorithm (Lov Grover, 1996) memberikan quadratic speedup untuk unstructured search:

5.2 Implikasi untuk Symmetric Cryptography

AlgoritmaKey Length KlasikKey Length Pasca-Quantum (Grover)
AES-128128-bit (~)~ β€” tidak aman
AES-192192-bit (~)~ β€” masih aman
AES-256256-bit (~)~ β€” aman
SHA-256 (digest)256-bit (~)~ β€” collision
SHA-384384-bit (~)~ β€” aman

5.3 Grover’s Algorithm Steps

  1. Initialize: Superposition equal dari semua states
  2. Oracle: Mark target state dengan phase flip ()
  3. Diffusion operator: Amplify amplitude dari target
  4. Iterate: Ulangi ~ kali
  5. Measure: Collapse ke target dengan probabilitas tinggi
# Grover's Algorithm β€” Simplified Circuit Logic
def grover_search(N, oracle):
    """
    Find marked element in N items in O(√N) quantum queries.
 
    Args:
        N: Number of items (must be power of 2)
        oracle: Function that returns 1 for target, 0 otherwise
    """
    iterations = int(np.pi/4 * np.sqrt(N))
 
    # Step 1: Uniform superposition
    state = hadamard_on_all(N)
 
    for _ in range(iterations):
        # Step 2: Apply oracle (phase flip target)
        state = phase_oracle(state, oracle)
        # Step 3: Diffusion operator (inversion about mean)
        state = diffusion_operator(state)
 
    return measure(state)

5.4 Mitigation Strategy

Untuk mitigasi Grover pada symmetric crypto:

  • Gandakan key size: AES-128 β†’ AES-256 (double key, double cost untuk classical, double cost untuk quantum)
  • Gunakan hash dengan output lebih panjang: SHA-256 β†’ SHA-384
  • Post-quantum MAC: Gunakan key panjang (256+ bit) untuk HMAC

6. Post-Quantum Cryptography β€” NIST PQC Overview

6.1 Definisi dan Scope

Post-Quantum Cryptography (PQC) adalah kriptografi yang running di classical computer tetapi aman terhadap quantum attacker. Beda dengan QKD yang butuh quantum hardware β€” PQC purely matematis.

6.2 Enam Kandidat Terpilih NIST (2022-2024)

FamilyKEM (Key Encapsulation)SignatureBasis Matematis
CRYSTALSKyber πŸ”’Dilithium ✍️Module Learning With Errors (MLWE)
FALCONβ€”FALCON πŸ¦…NTRU / Lattice (Gaussian)
SPHINCS+β€”SPHINCS+ 🌲Stateless Hash-Based
BIKEBIKEβ€”QC-MDPC Codes
Classic McElieceClassic McElieceβ€”Goppa Codes
HQCHQCβ€”Quasi-Cyclic Codes

6.3 Families Matematis

Lattice-based (Kyber, Dilithium, FALCON):

  • Basis: Learning With Errors (LWE), Module-LWE, NTRU
  • Keamanan direduksi ke shortest vector problem (SVP) β€” believed quantum-hard
  • Efisien, key size moderate, signatures compact

Hash-based (SPHINCS+):

  • Basis: Keamanan dari cryptographic hash functions
  • Stateless (tidak perlu maintain state)
  • Signature besar, tapi proven security

Code-based (Classic McEliece, BIKE, HQC):

  • Basis: Syndrome decoding β€” NP-hard problem
  • Key size sangat besar (Classic McEliece: ~1MB), BIKE dan HQC lebih kecil
  • Security track record panjang (McEliece dari 1978)

7. CRYSTALS-Kyber β€” Key Encapsulation Mechanism

7.1 Overview

CRYSTALS-Kyber (ditulis sebagai Kyber) adalah KEM (Key Encapsulation Mechanism) yang dipilih NIST untuk standar PQC KEM. Berbasis Module-LWE (Learning With Errors) dengan parameter modul dan modulus .

7.2 Parameter Sets

ParameterKyber-512Kyber-768Kyber-1024
Security LevelNIST 1 (128-bit)NIST 3 (192-bit)NIST 5 (256-bit)
(module rank)234
(polynomial degree)256256256
(modulus)332933293329
Public Key Size800 B1,184 B1,568 B
Ciphertext Size768 B1,088 B1,568 B
Shared Secret256 bit256 bit256 bit

7.3 Cara Kerja Simplified

# CRYSTALS-Kyber β€” High-Level (extremely simplified)
class KyberKEM:
    def __init__(self, k=3):  # Kyber-768
        self.k = k
        self.n = 256
        self.q = 3329
 
    def keygen(self):
        """
        Key Generation:
        1. Sample random s (secret) dari small polynomial distribution
        2. Generate public matrix A (uniform random) ∈ R_q^(kΓ—k)
        3. Compute t = A*s + e (where e is small error)
        4. Public key: (t, seed_A), Secret key: s
        """
        A = self.sample_uniform_matrix()
        s = self.sample_small_polynomial()  # secret
        e = self.sample_small_polynomial()  # error
        t = A @ s + e
        return (t, A), s
 
    def encaps(self, pk):
        """
        Encapsulation:
        1. Sample random secret s' and error e', e''
        2. Compute u = A^T * s' + e'
        3. Compute v = t^T * s' + e'' + encode(message)
        4. Hash v β†’ shared secret
        """
        t, A = pk
        s_prime = self.sample_small_polynomial()
        e_prime = self.sample_small_polynomial()
        u = A.T @ s_prime + e_prime
        v = t @ s_prime + ...  # + encoded message
        return (u, v), shared_secret
 
    def decaps(self, sk, ct):
        """Decapsulation β€” decrypt ciphertext back to shared secret"""
        (u, v) = ct
        s = sk
        # Decrypt: m' = v - u^T * s
        # Then re-encrypt to verify (K-PKE.Encrypt with implicit reject)
        return shared_secret

7.4 Kelebihan dan Kekurangan

AspectRatingNotes
Key sizeβœ… Moderat800-1568 bytes β€” acceptable untuk TLS
Performanceβœ… Cepat~50-100 Β΅s untuk key gen/encap
Securityβœ… ProvenReduction to Module-LWE
Maturityβœ… StandardizedNIST FIPS 203 (draft)
Side-channel⚠️ Perlu hati-hatiConstant-time implementation critical

7.5 Standardization Code

  • NIST FIPS 203: ML-KEM (Kyber)
  • IETF: X25519Kyber768 hybrid (draft)
  • OQS Provider: OpenSSL 3 provider hybrid

8. CRYSTALS-Dilithium β€” Digital Signature

8.1 Overview

CRYSTALS-Dilithium adalah digital signature scheme berbasis Module-LWE β€” dipilih NIST sebagai primary PQC signature standard.

8.2 Parameter Sets

ParameterDilithium-2Dilithium-3Dilithium-5
Security LevelNIST 2 (128-bit)NIST 3 (192-bit)NIST 5 (256-bit)
8,380,4178,380,4178,380,417
Public Key Size1,312 B1,952 B2,592 B
Signature Size2,420 B3,293 B4,595 B
Signing Speed2Γ— ECDSA1.5Γ— ECDSA~ECDSA

8.3 Fiat-Shamir with Abort

Dilithium menggunakan Fiat-Shamir transform dengan abort β€” ciri khas lattice-based signatures:

  1. Commit: Sample masking , compute
  2. Challenge:
  3. Response:
  4. Check & Abort: Jika terlalu besar β†’ abort dan retry
# Dilithium Signature β€” Simplified
def dilithium_sign(sk, msg):
    """Fiat-Shamir with Abort signature"""
    A, s1, s2 = sk  # secret: small s1, s2
    k, ell = len(A), len(s1)
 
    while True:
        # Masking
        y = sample_uniform_gamma1()  # large masking value
        w = decompose_polynomial(A @ y, alpha=2*gamma2)
        w1 = high_bits(w)  # keep high bits
 
        # Challenge
        c = shake256_extend(w1, msg)
 
        # Response
        z = y + c * s1
 
        # Abort condition - check infinity norm
        if max_norm_inf(z) > gamma1 - beta:
            continue  # abort, retry
        if max_norm_inf(w - c * s2) > gamma2 - beta:
            continue  # abort, retry
 
        return (c, z)  # signature
 
def dilithium_verify(pk, msg, sig):
    """Verify Fiat-Shamir signature"""
    t1, A = pk  # t1 = high bits of t = As1 + s2
    c, z = sig
 
    # Recompute challenge
    w_prime = high_bits(A @ z - c * t1, alpha=2*gamma2)
    c_prime = shake256_extend(w_prime, msg)
 
    return c == c_prime

8.4 Standardization

  • NIST FIPS 204: ML-DSA (Dilithium)
  • Kompatibel dengan FIPS 186-5 (EC-DSA) untuk hybrid mode

9. FALCON β€” Fast Fourier Lattice-Based Signature

9.1 Overview

FALCON menggunakan NTRU lattice dengan Gaussian sampling dan Fast Fourier Trapping. Signature compact β€” terkecil di antara kandidat PQC NIST.

9.2 Perbandingan Signature Sizes

SchemePublic KeySignatureCatatan
FALCON-512897 B666 Bβœ… Tersignature terkecil
FALCON-10241,793 B1,280 BUntuk level 5
Dilithium-21,312 B2,420 BSignatures lebih besar
SPHINCS+-128s32 B7,856 BSignature jauh lebih besar

9.3 NTRU Trapdoor Sampling β€” Kompleksitas

FALCON men-sampling short vector dari NTRU lattice tanpa abort (berbeda dari Fiat-Shamir):

# FALCON signature β€” conceptually simplified
def falcon_sign(sk, msg):
    """
    Trapdoor Gaussian sampling on NTRU lattice.
    Uses fast Fourier transform (FFT) over polynomial ring.
    """
    f, g, F, G = sk  # NTRU trapdoor basis
 
    # Compute salt + hash
    salt, c = hash_to_point(msg)
 
    # Solve:
    # s1 = r - c*f (mod q)
    # s2 = r - c*g (mod q)
    # where r is sampled using F, G as trapdoor
 
    # Gaussian sampling with FFT-based rejection
    # (much faster than naive lattice sampling)
 
    s1, s2 = ntru_fft_sampling(f, g, F, G, c)
    return (salt, s1_compressed, s2_compressed)

9.4 Kapan Pakai FALCON vs Dilithium?

ScenarioRecommendedReason
TLS handshakeKyber + DilithiumBetter ecosystem support
Blockchain (small TX)FALCONSignature size critical
Embedded / IoTFALCONCompact signatures
High-throughput serverDilithiumFaster verification
Regulatory complianceKeduanyaNIST supports both

10. SPHINCS+ β€” Stateless Hash-Based Signature

10.1 Overview

SPHINCS+ adalah signature scheme hash-based tanpa state. Tidak bergantung pada lattice assumptions β€” hanya membutuhkan secure hash function.

10.2 Hyper-Tree Structure

SPHINCS+ hierarchy:
        Root PK
           |
    β”Œβ”€β”€ WOTS+ Tree ──┐  (Few-time signatures)
    β”‚    FORS Tree   β”‚  (Forest of Random Subsets)
    β”‚                 β”‚
   Many WOTS+ trees   β”‚  (Multiple layers, L-trees)
    β”‚                 β”‚
   Leaves = one-time  β”‚  (Each leaf signs exactly once)
    β”‚                 β”‚
   ──── Hyper-tree β”€β”€β”€β”˜  (Multiple levels for many signatures)

10.3 Parameter Sets

ParameterSPHINCS+-128sSPHINCS+-128fSPHINCS+-256s
SecurityNIST 2 (128)NIST 2 (128)NIST 5 (256)
Signature Size7,856 B16,960 B29,792 B
Public Key32 B32 B64 B
Private Key64 B64 B128 B
Signing SpeedSlow (slow mode)Fast (fast mode)Slow

10.4 Kelebihan

  • Minimal assumptions: Hanya butuh secure hash β€” quantum-safe selama hash function aman
  • Proven security: Conservative security model
  • Stateless: Tidak perlu state tracking untuk WOTS+ β€” ideal untuk distributed systems

10.5 Kekurangan

  • Signature besar (~8-30 KB) β€” bisa jadi masalah untuk bandwidth-limited environments
  • Signing lambat (terutama slow mode) β€” butuh banyak iterasi hash
  • Better suited untuk code signing, firmware updates (low frequency signing)

11. NIST PQC Standardization Timeline

11.1 Timeline Lengkap

TahunEventDetail
2016NIST Call for ProposalsPQC standardization dimulai
2017Round 169 submissions (diterima)
2019Round 226 kandidat lanjut
2020Round 315 kandidat finalis + alternates
Jul 2022Round 3 SelectionKyber dan Dilithium terpilih untuk standardisasi
2023Round 4BIKE, Classic McEliece, HQC, SIKE (SIKE broken oleh Castryck-Decru)
Aug 2024FIPS 203, 204, 205 FinalML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+), FN-DSA (FALCON) di finalize
2025FIPS PublicationFIPS 203, 204, 205 resmi diterbitkan
2026+Additional SignaturesNIST call for additional signature schemes (beyond lattice)

11.2 SIKE β€” Ketika Kandidat NIST PQC Dihancurkan

SIKE (Supersingular Isogeny Key Encapsulation) adalah kandidat NIST Round 4 yang dihancurkan total oleh Castryck-Decru attack (2022):

  • Attack: Ekstrak secret key dari public key dalam waktu ~1 jam di single-core
  • Implikasi: SIDH/SIKE tidak lagi viable untuk PQC
  • Pelajaran: Security reduction tidak cukup β€” cryptanalysis harus diuji dalam praktik

⚠️ Pelajaran dari SIKE

Jangan deploy kriptografi baru tanpa bertahun-tahun cryptanalysis publik. SIKE memiliki security proof yang bagus, tetapi implementasi supersingular isogeny memiliki struktur matematis yang bisa dieksploitasi.

11.3 Current Standardization Status (Mid-2026)

StandardAlgorithmStatus
FIPS 203ML-KEM (Kyber)βœ… Published (2024-08-13)
FIPS 204ML-DSA (Dilithium)βœ… Published (2024-08-13)
FIPS 205SLH-DSA (SPHINCS+)βœ… Published (2024-10-30)
FIPS 206FN-DSA (FALCON)βœ… Published (2025-03)
NIST SP 800-227Hybrid SchemesIn progress
IETF CFRGX25519Kyber768Experimental RFC

12. Quantum-Safe Migration β€” Hybrid Certificates dan PQ/TLS

12.1 Strategi Hybrid

Hybrid approach: Gunakan kedua kriptografi β€” klasik (ECDH/ECDSA) + PQC (Kyber/Dilithium) β€” dalam satu session:

TLS 1.3 Hybrid Handshake (Conceptual):

ClientHello
  + key_share: [X25519, Kyber-768]
  + signature_algos: [ECDSA, ML-DSA-65]

ServerHello
  + key_share: [X25519, Kyber-768]

Key Schedule:
  shared_secret = HKDF(X25519(ss)) || HKDF(Kyber(ss))
  β†’ combined: attacker must break BOTH to decrypt

12.2 Hybrid Certificate Chains

Hybrid X.509 Certificate Structure:

Subject: example.com
SubjectPublicKeyInfo:
  - algorithm: Composite (OID for hybrid)
  - public_key:
      - X25519 (classical)
      - ML-KEM-768 (post-quantum)

Certificate Signature:
  - signed_with: ECDSA (classical)
  - signed_with: ML-DSA-65 (post-quantum)

12.3 OQS Provider β€” OpenSSL 3 Integration

OpenQuantumSafe (OQS) menyediakan OpenSSL 3 provider untuk hybrid TLS:

# Install OQS Provider
git clone https://github.com/open-quantum-safe/oqs-provider.git
cd oqs-provider
cmake -DOPENSSL_ROOT_DIR=/usr/local/ssl ..
make -j$(nproc)
make install
 
# Test Kyber + X25519 hybrid
openssl s_server -cert server-cert.pem \
  -groups x25519_kyber768 \
  -provider oqsprovider \
  -provider default

12.4 Migration Roadmap

PhaseTimelineAction
AwarenessNow β€” 2026Inventory crypto inventory systems, identify RSA/DH/ECDSA usage
Hybrid Integration2026 β€” 2028Deploy hybrid certs (X.509 composite), enable PQ/TLS in browsers
Migration2028 β€” 2032Default ke PQC-only, deprecate classical key exchange
Hardening2032+Remove classical fallback, PQC-only infrastructure

13. Quantum Key Distribution (QKD) β€” BB84 Protocol

13.1 Apa Itu QKD?

Quantum Key Distribution menggunakan foton untuk mendistribusikan cryptographic key antara dua pihak (Alice dan Bob) dengan information-theoretic security. Keamanan dijamin oleh quantum mechanics β€” bukan computational hardness.

13.2 BB84 Protocol (Bennett-Brassard 1984)

BB84 adalah protokol QKD pertama dan paling terkenal:

  1. Preparation: Alice mengirim foton dengan basis acak ( atau )
  2. Measurement: Bob mengukur dengan basis acak
  3. Basis Reconciliation: Alice dan Bob publikkan basis yang dipakai (bukan nilai bit)
  4. Sifting: Hanya bit dengan basis matching yang dipakai β€” discard sisanya
  5. Parameter Estimation: Cek error rate β€” jika > threshold β†’ eavesdropping detected
  6. Error Correction: Cascade atau LDPC untuk koreksi error pada sifted key
  7. Privacy Amplification: Hash function untuk kompres informasi leaked ke Eve
# BB84 Protocol Simulation (Simplified)
import random
 
def bb84_protocol(n_bits=100):
    """Simulasi BB84 QKD"""
    alice_bits = [random.randint(0, 1) for _ in range(n_bits)]
    alice_bases = [random.choice(['+', 'x']) for _ in range(n_bits)]
    bob_bases = [random.choice(['+', 'x']) for _ in range(n_bits)]
 
    # Bob measurement (simulate photon detection)
    bob_bits = []
    for ab, bb, bit in zip(alice_bases, bob_bases, alice_bits):
        if ab == bb:
            bob_bits.append(bit)  # correct measurement
        else:
            bob_bits.append(random.randint(0, 1))  # random if basis mismatch
 
    # Basis reconciliation (public discussion)
    matching_indices = [i for i in range(n_bits)
                        if alice_bases[i] == bob_bases[i]]
 
    # Sifted key: matching bits only
    alice_sifted = [alice_bits[i] for i in matching_indices]
    bob_sifted = [bob_bits[i] for i in matching_indices]
 
    # Error estimation (subset)
    sample = random.sample(range(len(alice_sifted)), min(10, len(alice_sifted)))
    qber = sum(alice_sifted[i] != bob_sifted[i] for i in sample) / len(sample)
 
    if qber > 0.11:  # 11% threshold for BB84 with decoy states
        return None, qber  # Eavesdropping detected!
 
    # Error correction + privacy amplification
    final_key = privacy_amplification(
        error_correction(alice_sifted, bob_sifted)
    )
    return final_key, qber

13.3 Decoy State Protocol

BB84 asli rawan Photon Number Splitting (PNS) attack untuk practical photon sources. Decoy state (Hwang, 2003; Lo-Ma-Chen, 2005) mengirim foton dengan intensitas berbeda:

  • Signal state: Intensitas normal (ΞΌ)
  • Decoy states: Intensitas berbeda (v < ΞΌ, w, dll.)
  • Vacuum: No photon

Dengan membandingkan gain dan error rate dari different intensitas, Alice-Bob bisa mendeteksi PNS attack.

ParameterNilaiCatatan
Sekret key rate (50 km fiber)~1-10 MbpsState-of-art
Sekret key rate (100 km fiber)~100 kbpsHarga fiber loss
Sekret key rate (satellite-ke-ground)~1-10 kbpsDipengaruhi cuaca
Dark count rate~10⁻⁢ per gateDetektor SPAD
QBER threshold~11%Decoy BB84

14. Satellite QKD β€” Micius dan Beyond

14.1 Micius Satellite (China)

Micius (2016) adalah satelit QKD pertama di dunia:

AchievementDetail
Satelit-ke-ground QKDKirim key dari 500 km orbit
Intercontinental QKDChina β†’ Austria (7,600 km)
Quantum entanglement distribution1,200 km (jarak terjauh)
Microwave-based QKDFirst demonstration
Key rate~1 kbps dari space-ke-ground

14.2 Arsitektur QKD Satelit

          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚   Micius Satellite   β”‚
          β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”   β”‚
          β”‚  β”‚ Entangled     β”‚   β”‚
          β”‚  β”‚ Photon Source β”‚   β”‚
          β”‚  β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜   β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                    β”‚
      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
      β”‚                           β”‚
   Ground A                   Ground B
   (Beijing)                  (Vienna)

14.3 Tantangan Satellite QKD

ChallengeIssueMitigation
Atmospheric turbulenceBeam distortion, phase noiseAdaptive optics
Daytime backgroundSolar noiseNarrow filters, tracking
Pointing stabilityMicro-vibrationsActive tracking (AOD)
Cloud coverBlocked line-of-sightMultiple ground stations
Key rateLimited by diffractionLarger telescope apertures

14.4 Next-Generation Satellite QKD

  • Eagle-1 (ESA, 2024-2025): Low-cost microsat QKD demonstrator
  • QKDSat (UK): Space-to-ground QKD network
  • QUARC (Japan): Quantum satellite constellation
  • Klystrone (USA): Entanglement-based satellite network

15. Quantum Hardware β€” Superconducting Qubits

15.1 Bagaimana Superconducting Qubit Bekerja

Superconducting qubits adalah circuit QED β€” menggunakan Josephson junction sebagai nonlinear inductor:

# Superconducting qubit Hamiltonian (Transmon)
# H = 4E_c n^2 - E_J cos(Ο†)
# E_c = charging energy, E_J = Josephson energy
# Ratio E_J/E_c >> 1 β†’ Transmon regime (less sensitive to charge noise)

15.2 Major Players

CompanyPlatformQubits (2026)Rekor
IBMSuperconducting (Falcon β†’ Condor)1,121+Condor (1,121 qubit), Heron (133, improved gate)
GoogleSuperconducting (Sycamore β†’ Willow)105+ (Willow)Beyond-classical (2019), Willow error correction breakthrough
RigettiSuperconducting (Ankaa)84-336Multi-chip modular
IQMSuperconducting (Adonis)20-54Co-design approach

15.3 Google Willow (2024-2025)

Google’s Willow processor adalah milestone besar:

  • 105 qubits dengan error correction surface code
  • Below threshold: Error rate menurun secara eksponensial ketika surface code scale bertambah
  • Beyond 10^6 year computation: Random circuit sampling dalam ~5 menit β€” classical Frontier supercomputer dalam 10²⁡ tahun
  • Density and T1: Qubit dengan coherence time ~100 Β΅s

15.4 IBM Quantum Roadmap

YearProcessorKey Feature
2023Condor (1,121) + Heron (133)High qubit count + improved gate
2024Heron (improved)5,000+ 2-qubit gates before error
2025FlamingoMulti-chip QPU interconnect
2026β€”Parallel multi-QPU, 100+ logical qubits
2027+β€”~200 logical qubits, error correction scaling

16. Quantum Hardware β€” Trapped Ion dan Photonic

16.1 Trapped Ion β€” Quantinuum dan IonQ

Trapped ion menggunakan ion yang terperangkap di Paul trap, dimanipulasi dengan laser:

AspectKarakteristik
Gate fidelityTertinggi β€” 99.99% single, 99.8% two-qubit
Coherence timeSangat panjang (menit hingga jam)
ConnectivityAll-to-all (karena ion bisa bergerak)
ScalabilityChallenging β€” ion count limited

Quantinuum H2: 56 trapped ion qubits dengan all-to-all connectivity. IonQ Aria dan Forte: 36 qubit generasi terbaru.

16.2 Photonic Quantum Computing β€” Xanadu dan PsiQuantum

Photonic menggunakan photon sebagai qubit:

AspectKarakteristik
Qubit implementationFoton dalam optical waveguide/silicon photonics
Temperatur operasiRoom temperature (tapi detektor perlu cryogenic)
EntanglementBerbasis beam splitter dan nonlinear optics
Lost mechanismPhoton loss β€” tantangan terbesar

16.3 Perbandingan Modalitas Hardware

ParameterSuperconductingTrapped IonPhotonicNeutral Atom
Qubit count100+ (1,000+)30-60216 (Xanadu)256+ (QuEra)
Gate fidelity99.9%99.99%99.0%99.5%
Coherence time~100 Β΅s~10 min~ms~1 s
Temperatur~15 mKRoom temp (trap) + laserRoom temp / cryogenic~10 Β΅K (laser cooling)
ScalabilityChip fabricationIon transport challengesLoss scaling+1D/2D arrays

17. Quantum Hardware β€” Topological Qubits dan Majorana

17.1 Konsep Topological Qubits

Topological qubits menggunakan anyons β€” quasipartikel dalam 2D β€” untuk encoding informasi dalam topological states yang inherently protected dari noise lokal. Ini adalah holy grail quantum computing:

  • Inherent error protection: Topological state tidak terpengaruh oleh local perturbations
  • Braid-based operations: Quantum logic melalui braiding anyons (bukan gate per qubit)

17.2 Majorana Zero Modes β€” Status Terkini

Majorana zero modes (MZM) adalah quasipartikel yang identik dengan antipartikelnya (Majorana fermion). Microsoft menghabiskan ~$10B untuk research ini:

TahunEvent
2018Microsoft mengklaim deteksi Majorana (Delft experiment) β€” kemudian retracted
2021Nature paper: topological gap protocol β€” klaim lebih kuat
2023Microsoft Mars: 3 topological qubits dengan error rate sangat rendah
2024Microsoft melanjutkan β€” topological qubit array kecil
2025Progress pada topological braiding β€” masih dalam research

17.3 Perbandingan Error Protection

Error correction approach:
                          Error Rate
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Superconducting   β”‚ 10⁻² ── surface code ──► β”‚ 10⁻⁢ logical β”‚
β”‚ Trapped ion       β”‚ 10⁻⁴ ── surface code ──► β”‚ 10⁻⁸ logical β”‚
β”‚ Topological (ideal)β”‚ 10⁻⁢ ── (inherent) ──► β”‚ 10⁻⁢ physical β”‚
β”‚ Topological (goal) β”‚ 10⁻⁢ ── minor assist ──► 10⁻¹² logical β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Topological qubit butuh lebih sedikit error correction β€” jika berhasil, mempercepat path ke fault-tolerant quantum oleh faktor ~100-1000Γ—.


18. Quantum Error Correction β€” Surface Codes

18.1 Kenapa Error Correction Dibutuhkan?

Quantum bits sangat rentan terhadap noise. Tanpa QEC, quantum computation bisa mencapai maksimal ~1000 gates sebelum error accumulated menjadi sepenuhnya salah.

18.2 Surface Code β€” Prinsip Kerja

Surface code adalah QEC code yang menggunakan grid 2D dari data qubits dan measurement qubits:

Surface Code Layout (d=3):
    β”Œβ”€β”€β”€β”¬β”€β”€β”€β”¬β”€β”€β”€β”
    β”‚ D β”‚ Z β”‚ D β”‚      D = data qubit
    β”œβ”€β”€β”€β”Όβ”€β”€β”€β”Όβ”€β”€β”€β”€      Z = Z-basis stabilizer (measure)
    β”‚ X β”‚ D β”‚ X β”‚      X = X-basis stabilizer (measure)
    β”œβ”€β”€β”€β”Όβ”€β”€β”€β”Όβ”€β”€β”€β”€
    β”‚ D β”‚ Z β”‚ D β”‚
    β””β”€β”€β”€β”΄β”€β”€β”€β”΄β”€β”€β”€β”˜

Distance d = 3 β†’ correct (d-1)/2 = 1 error
Physical qubits = (2d-1)Β² = 25 for d=5
Code Distance (d)Physical Qubits (2D grid)Correctable Errors
3(2Γ—3βˆ’1)Β² = 251
5(2Γ—5βˆ’1)Β² = 812
7(2Γ—7βˆ’1)Β² = 1693
9(2Γ—9βˆ’1)Β² = 2894
d(2d-1)Β²

18.3 Google Willow β€” Below Threshold Milestone

Google Willow (2024) menunjukkan error suppression eksponensial:

Surface code scaled from d=3 to d=7 on Willow:

d=3:  Logical error ~3Γ—10⁻³ per cycle
d=5:  Logical error ~2Γ—10⁻⁴ per cycle  (15Γ— improvement)
d=7:  Logical error ~3Γ—10⁻⁡ per cycle  (100Γ— from d=3)

β†’ Below threshold: every increase in code distance
  LOWERs logical error rate

18.4 Magic State Distillation

T gates tidak bisa langsung diimplementasikan fault-tolerantly di surface code. Butuh magic state distillation:

# Magic state |A⟩ = |0⟩ + e^(iΟ€/4)|1⟩
# Kebutuhan resource sangat besar:
# Untuk 10⁹ T gates dengan logical error 10⁻¹²:
#    - Dibutuhkan ~10⁢ magic state factories
#    - Total physical qubits ~20 million untuk RSA-2048

19. Logical Qubits dan Fault-Tolerant Threshold

19.1 Definisi Logical vs Physical Qubit

KonsepPenjelasan
Physical qubitQubit real di hardware β€” noisy, short coherence
Logical qubitEncoded dalam banyak physical qubits β€” protected oleh QEC
Overhead~1000 physical qubits / logical qubit (surface code, d=7)

19.2 Fault-Tolerant Threshold Theorem

Fault-Tolerant Threshold Theorem: Jika physical error rate di bawah threshold tertentu, quantum computation bisa dilakukan dengan arbitrary accuracy dengan mengorbankan overhead polynomial.

Threshold values:

PlatformEstimated Threshold
Superconducting (IBM/Google)~0.5-1%
Trapped ion~1-3%
Topological~10% (theoretical)

19.3 Resource Estimates β€” Menuju FTQC

MilestoneLogical QubitsPhysical QubitsGate FidelityUse Case
NISQ (<2025)0 (no FT)50-1,00099-99.9%Heuristic optimization
Early FT (2025-2028)~10-10010K-100K99.99%QEC demo, chemistry
100 FT qubits (2028-2030)~100100K-1M99.99%Crypto (Shor 2048 masih jauh)
FT Cryptography (2035+)~20M~20B<0.1%RSA-2048 factorization

20. Threat Timeline Y2Q β€” Kapan RSA-2048 Jatuh?

20.1 Definisi Y2Q

Y2Q (Year to Quantum) adalah titik di mana quantum computer bisa memecah RSA-2048 dalam waktu <24 jam dengan biaya <$1B.

20.2 Estimasi Berbagai Lembaga

SumberEstimasi Y2QMetodologi
Global Risk Institute (2024)40-60% kemungkinan 2035Expert survey
McKinsey2035-2040Technology adoption curve
NSA”Significant risk before 2035”Classified
IBM2030s (extrapolation roadmap)Hardware roadmap
Google/Willow team”Below threshold at 105 qubits”Experimental (faktor 10⁢ masih perlu)
IT-Harvest (2025)15% chance by 2030, 50% by 2035Composite model

20.3 Qubit Requirement untuk RSA-2048

RSA-2048 factorization quantum resource roadmap:

Year   Max Logical Qubits    RSA-2048 Possible?
─────────────────────────────────────────────────
2026   ~1-5 (small QEC)      ❌ No
2028   ~10-50                ❌ No
2030   ~50-200               ❌ No (need 20M)
2032   ~200-1,000            ❌ No
2034   ~1,000-5,000          ❌ Still far
2036   ~5,000-50,000         ❌ Maybe research demo
2038   ~50,000-500,000       ❌ Getting closer
2040   ~500K-5M              ❌ Almost
2042   ~5M-50M               βœ… Probably

20.4 Risk Assessment oleh NIST dan NSA

OrganizationStance
NSA (CNSA 2.0)β€œMigrate to PQC by 2035” β€” CNSA suite 2.0
NIST”Harus mulai migrate sekarang”
CISA”Quantum-readiness adalah national security priority”
BSI (German)PQC migration timeline 2030+

20.5 Kapan Grover Threat Terjadi?

Grover’s threat berbeda β€” butuh lebih sedikit qubits tapi butuh sequential depth:

TargetLogical QubitsDepth (gates)Timeline
AES-128 brute force~4,800~Extremely long β€” sequential depth besar
SHA-256 collision~10,000~Juga jangka panjang

πŸ’‘

Grover quadratic speedup untuk symmetric crypto bisa dimitigasi dengan double key size (AES-128 β†’ AES-256). Shor polynomial speedup untuk asymmetric crypto tidak bisa dimitigasi dengan key size β€” perlu migrasi ke PQC.


21. Crypto Agility β€” Hybrid Key Exchange dan Migration

21.1 Definisi Crypto Agility

Crypto agility adalah kemampuan sistem untuk mengganti algoritma kriptografi dengan cepat tanpa perubahan infrastruktur besar. Ini essential untuk era quantum:

21.2 Hybrid Key Exchange (HKE)

IETF draft untuk hybrid key exchange menggabungkan classical + PQC:

HRR: hybrid key_share modes:
  - X25519Kyber768 (ECDH + ML-KEM)
  - P256Kyber768 (ECDH + ML-KEM)
  - X448Dilithium5 (for signatures)

Key Schedule (TLS 1.3 hybrid implementation):
                         ↓
                  Combine(SS1 || SS2)
                         ↓
                  Derive-Secret(...)
                         ↓
               Traffic Secret (hybrid)

21.3 Signal Protocol (Double Ratchet) β€” PQC Hybrid

Signal Foundation dan PQShield mengembangkan hybrid untuk Double Ratchet:

# Hybrid Double Ratchet β€” Concept
class PQDoubleRatchet:
    def __init__(self, sk, pk_pq):
        # Classic: X25519 key agreement
        # PQ: CRYSTALS-Kyber KEM
        self.classic_dh = X25519(sk)
        self.pq_kem = KyberKEM()
 
    def ratchet_step(self, dh_output, pq_ct):
        """
        Hybrid ratchet step:
        1. Classic DH β†’ shared_secret_1
        2. PQ KEM β†’ shared_secret_2
        3. Combine: HKDF(secret_1 || secret_2)
        4. Derive nex root key
        """
        ss_classic = self.classic_dh.dh(dh_output)
        ss_pq = self.pq_kem.decaps(pq_ct)
        combined = hkdf(b"2026:pq-hybrid", ss_classic + ss_pq)
        return combined

21.4 Migration Steps untuk Enterprise

PhaseActionTimeline
1. Crypto inventoryCatalog semua penggunaan RSA/ECDSA, TLS versiNow
2. PQC-compatible librariesUpdate ke OpenSSL 3 + OQS provider2026-2027
3. Hybrid certificatesDeploy composite certs (X.509 hybrid)2027-2028
4. Code signaturePQ + classical dual signing2027-2029
5. Document signaturePQ signing untuk compliance2028-2030
6. Fallback removalDisable classical-only key exchange2030-2035

21.5 Tantangan Crypto Agility

ChallengeExplanation
Performance overheadPQ signatures ~1-3 KB (vs ECDSA 64-72 B)
Protocol ossificationTLS, SSH, IKE sudah rigid β€” update spec butuh tahunan
Side-channel resistancePQ implementations baru β€” belum mature constant-time
Key size explosionKyber PK ~1.2 KB, McEliece ~1 MB
Network packet sizeTCP MSS, DNS, cert chain size β€” bisa fragment

22. Quantum Random Number Generators (QRNG)

22.1 Mengapa QRNG?

RNG adalah fondasi keamanan kriptografi. Quantum RNG menggunakan quantum processes yang intrinsically random (berbeda dari classical PRNG yang deterministic).

22.2 QRNG Mechanisms

MethodProcessRate
Beam splitterPhoton path superpositionMbps
Phase noiseVacuum fluctuation samplingGbps
Shot noisePhoton counting statisticsGbps
SpontaneousParametric down-conversionMbps

22.3 Commercial QRNG Chips

CompanyProductSpeedSizePrice
ID QuantiqueQuantis16-64 MbpsPCIe/USB~$1K-5K
QuNu LabsQRNG chip1+ GbpsChip-scaleOEM
IBMQuantum safe credentialN/AServer-gradeIntegrated
Cambridge QuantumQRNG via TKETN/ACloudAPI

23. Quantum-Safe TLS dan Internet Standards

23.1 IETF Quantum-Safe WG

IETF memiliki working groups aktif untuk PQC integration:

DraftStatusDetail
draft-ietf-tls-hybrid-designActiveTLS hybrid key exchange spec
draft-ietf-tls-hybrid-kemActiveKEM-based hybrid in TLS
draft-ietf-lamps-pq-composite-keysActiveX.509 PQ composite certs
draft-ietf-ipsecme-qssActiveQuantum-safe IKEv2
draft-ietf-openpgp-pqcActiveOpenPGP PQC integration
draft-jose-cose-pqcActiveCOSE/JOSE PQC

23.2 Browser PQ/TLS Support (2026)

BrowserPQ/TLS Status
Chromeβœ… X25519Kyber768 sejak Chrome 116 (2023)
Firefoxβœ… X25519Kyber768 di eval β€” shipping in 127+ (2024)
Safari❌ Belum PQ β€” Apple intelligence?
Edgeβœ… Juga Chrome-based (X25519Kyber768)
Curlβœ… OQS provider support
OpenSSH⚠️ Hybrid KEM draft β€” belum standard

23.3 Post-Quantum VPN

# WireGuard + PQC β€” Conceptual Hybrid
[Interface]
PrivateKey = <X25519>
PQPrivateKey = <ML-KEM-768>
 
[Peer]
PublicKey = <X25519 peer>
PQPublicKey = <ML-KEM-768 peer>
PresharedKey = <combined_psh>
AllowedIPs = 10.0.0.0/24

24. Summary dan Next Steps

24.1 Key Takeaways

  1. Shor’s algorithm akan memecah RSA, ECDSA, DH seketika β€” tidak ada mitigasi key size
  2. NIST PQC standards sudah final (FIPS 203/204/205/206) β€” Kyber, Dilithium, SPHINCS+, FALCON
  3. Hybrid approach (classical + PQC) adalah strategi migrasi paling aman
  4. Y2Q timeline: 50% chance RSA-2048 jatuh antara 2035-2040
  5. Crypto agility harus dimulai sekarang β€” inventory, hybrid certs, PQ/TLS
  6. QKD melengkapi PQC untuk distribusi key information-theoretic β€” tapi bukan replacement untuk PKI
  7. Quantum error correction sudah below threshold (Google Willow 2024) β€” jalan menuju FTQC terbuka

24.3 Watch List

# Y2Q watch items β€” track these milestones
watch_items = {
    "logical_qubits": [
        ("100 logical qubits", "Quantum chemical simulation viable"),
        ("1,000 logical qubits", "Small optimization problems"),
        ("20,000 logical qubits", "RSA-2048 research demo"),
        ("20,000,000 logical qubits", "RSA-2048 practical break"),
    ],
    "crypto_migration": [
        ("2026-2027", "X25519Kyber768 standard browser deployment"),
        ("2028", "CNSA 2.0 compliance deadline (US gov)"),
        ("2030", "European quantum-safe mandate"),
        ("2035", "Full PQC migration target")
    ],
    "error_correction": [
        ("QEC below threshold", "βœ… ACHIEVED (Google Willow 2024)"),
        ("10 logical qubits", "2025-2026"),
        ("100 logical qubits", "2028-2030"),
    ]
}

24.4 Tools dan References

SumberLinkType
NIST FIPS 203https://csrc.nist.gov/pubs/fips/203/finalStandard
OpenQuantumSafehttps://openquantumsafe.org/Library
Quantum Algorithm Zoohttps://quantumalgorithmzoo.org/Reference
NIST PQC Portalhttps://csrc.nist.gov/projects/post-quantum-cryptographyPortal
Qiskit Textbookhttps://qiskit.org/textbook/Tutorial

πŸ“ Catatan Akhir

β€œThe quantum threat is not a question of β€˜if’ but β€˜when’. Cryptography must be quantum-ready before the first RSA-breaking computer is built β€” not after.”
β€” Vault 801 β€” Deep Note Catalogus, 2026-07-02