Laws of Nature Defending Our Information: Quantum Cryptography

by Felipe Flores

Secure communications and data encryption have been very important topics in the popular eye for the past few years, especially after Edward Snowden made public that the NSA attempts to intervene most communications. I, for instance, never thought my information would be that vulnerable and accessible to potential hackers, sponsored by a government or not. Nevertheless, I realized, my information is not as “valuable” or, better said, as sensitive as the information that banks, hospitals, and governments manage every day. Some information just needs to remain inaccessible to hackers, like the transaction history of bank accounts, the medical records of all patients, or the vote count of an election. All information needs to be heavily encrypted, I figured.

Then, the need to encrypt data became even more relevant in 2014 after several media announced that quantum computers (powerful computers that use fundamental concepts of quantum mechanics) might be used by organizations such as the NSA to break our most sophisticated cyphers and get access to our information.¹ The almost unlimited processing power of such computers seemed to threaten our right to virtual security and privacy, and quantum computation was seen as the enemy of the cyber universe. However, this is only one of the many applications of quantum mechanics in computer science. In the process of learning how to use physics to crack codes, we have also learned how to use them in favor of cryptography, the science of hiding messages and protecting information from third parties. Nature itself has the potential to protect information through quantum mechanics, if used correctly. Although the power of quantum computers is (in theory) potentially enough to break any classic method of encryption, quantum cryptography provides an alternate pathway that has proven to be effective and seems to be turning cost-permissive. We are, in a way, using quantum mechanics to protect our information from the power of quantum computers. How ironic is that?

WHAT IS QUANTUM MECHANICS AND WHAT IS SO SPECIAL ABOUT IT?

One of the most bizarre and counterintuitive yet fundamental ideas of quantum mechanics is the quantum superposition principle. The idea is that a particle whose qualities are not being measured—a particle that is not being observed—is in all of its possible states at the same time, but only as long as you are not looking! Whenever you observe a particle, the superposition collapses and the object ‘decides’ to be in only one state; the observer is not interfering with the particle’s superposition, but the act of measuring itself is. To make it more clear, let’s pretend a coin is a quantum-mechanical object, even though superposition only works at the quantum scale—the scale of electrons or photons. If you haven’t looked at the coin yet, it will be in a superposition of both states, heads and tails, at the same time; if you observe it, the coin will choose to be in only one of the states, either heads or tails. This means that the sole act of observing a particle produces a change in the state of such a particle; it’s almost as if nature itself was protecting the superposition from being eavesdropped! (Does it sound like something you’d want in a secure communication channel?) Scientists, financial institutions, medical facilities, and other organizations that require highly-secure channels can use this property of quantum mechanical particles to prevent their messages from being intercepted by a potential hacker. Currently, the most widely used system is called Quantum Key Distribution (QKD).

WHY QKD AND HOW DOES IT WORK?

The classic method of information encryption in point-to-point communication works by encoding and locking a message with a predetermined “key” that the receiver can then use to unlock the message. Fundamentally, encryption transforms the message into nonsense gibberish, and the key holds the instructions to convert it back to normal. This method has several vulnerabilities: any hacker could potentially intercept the communication, copy the data, and (with enough processing power, like the one provided by a quantum computer) figure out the key to decrypt the message.¹ It seems like technology is advancing more quickly in computing power and ways to break codes than the science of cryptography is; after all, cryptography requires very complex mathematical algorithms that, unlike computer processors, cannot be produced at an industrial scale. So, science has to come up with a better encryption mechanism that goes beyond a very complicated math problem (like our current algorithms), and quantum mechanics seems to have the answer.

QKD requires two channels of communication. One of them is a regular data channel (like a regular internet connection between two computers), while the other channel is a direct optic fiber connection between the sender and the receiver of the message—essentially, a cable that is able to transmit quantum particles from one computer to another. The QKD mechanism continuously generates new keys (in intervals of less than a minute) to encode the message, and data is sent using such keys through the regular communication channel. QKD, at the same time, uses the direct optic fiber connection to send the key needed to decrypt the message to the receiver; the mechanism sends the key as plane-polarized photons, which are particles in the fragile superposition, as explained above. The concept is that any eavesdropper trying to interfere with the connection would observe the photons before getting to their final destination, which makes the superposition “collapse” and alters the information sent through this channel. The observer in this situation would never be able to obtain the key necessary to decrypt the message, for which the information remains secure. The receiver, on the other hand, could then detect these alterations in the photons, make the valid assumption that the connection has been compromised, and take the appropriate measures to re-establish a secure and private connection. The sole fact that quantum mechanics “protects” the superposition from being seen protects the message at the same time. A common analogy to visualize this is imagining the key was being sent on delicate soap bubbles: if a third party observer tried to reach those bubbles, they would easily pop and prohibit them from decrypting the message. At the same time, the receiver on the other end of the channel is expecting a bubble to read; the receiver would immediately know if the bubble was popped along the way.^2,3

WHAT ARE THE LIMITATIONS OF QKD?

QKD is not yet a perfect mechanism. In 2010, a team of researchers in Norway and Germany showed for the first time that it is possible to obtain a full key from (in other words, to “hack”) a commercial QKD channel. The discovery led to even more intense research to modify the communication protocols of QKD. Even though QKD has limitations, they are far fewer than those of other encryption systems, and the vulnerabilities can mostly be fixed by modifying the protocol of key generation and communication, but not the principle of QKD itself;⁴ that being said we find that the system’s limitations are mostly financial. Implementing such a secure system is, most surely, expensive and complicated. In terms of infrastructure, any QKD network would need direct optic fiber communication between every node (every participant) in the network, which presents a difficult challenge over great distances. QKD communication through optic fiber cables loses power very easily as photons might be absorbed by the material in the cable, which is even more likely to happen at longer distances. If we wanted to build a secure network over a distance of a few hundred miles, we would surely need a large network of quantum repeaters—devices that replicate a signal to maintain it at the appropriate intensity—which also makes it harder for photons to remain in superposition. In order to avoid all the consequences of extended networks, it is necessary to invest large sums in devices that ensure the viability of QKD over long distances.

WHAT IS THE CURRENT STATUS OF QKD? WHAT CAN WE EXPECT FROM IT IN THE FUTURE?

QKD is already in use at several research institutions, technology companies, and telecommunications corporations that require highly-secure data transfer around the globe.⁵ In fact, the first quantum cyphered network was established in Cambridge, MA. In 2005, the Defense Advanced Research Projects Agency (DARPA) established the first quantum network in a collaborative effort between Harvard University, Boston University, and BBN Technology.⁶ QKD has found non-stop development ever since. For example, the city of Geneva used QKD channels to securely count votes in 2007 elections. Once the network’s hardware and connectivity was ready to use, the deployment of the secure QKD enabled the encryption of a standard internet connection, taking only 30 minutes to be fully operational, and continuing to operate for more than seven weeks. In 2010, the city of Tokyo built a quantum network that covered distances of over 90 miles and was even enabled for special QDK smartphones (though these smartphones were designed only to prove the point that the technology is applicable even to mobile devices). As of 2015, China is undergoing major advances in the field, currently working on a QKD channel running from Beijing to Shanghai (1,240 mi) to be finished by 2016, and setting a schedule for the network to extend globally by 2030. China has also confirmed their desire to be the first country to launch a satellite with quantum communication systems, using a design similar to QKD.⁷

Nowadays the public is willing to invest more on their virtual privacy, but the price of QKD systems is currently out of reach for most companies that would like to secure their information. Researchers and developers expect this technology to become more accessible in the near future as the devices involved begin to be produced in industrial scale; accessible prices will take secure quantum channels closer to all users and not only high-tech companies and institutions around the world. The field of quantum cryptography is only growing in a time where security and privacy of information are more important than ever before.⁸ Highly sensitive information needs better protection as techniques to crack codes are developed, and quantum cryptography seems to be key in the future of transmitting it. In the future, the development and applications of quantum cryptography will allow us to rest assured that our sensitive information in banks, hospitals, or government institutions will not be accessible to any hackers. The more widespread this technology becomes, the more secure we will all feel. For now, we can only be impressed by nature’s quantum-mechanical weirdness and by the applications we, humans, find for it.

Felipe Flores ‘19 is a freshman in Hollis Hall.

Works Cited

1. Rich, S.; Gellman, B. NSA Seeks to Build Quantum Computer That Could Crack Most Types of Encryption. The Washington Post, Jan. 2, 2014. https://www.washingtonpost.com (accessed Sep. 29, 2015).
2. Lance, A.; Leiseboer, J. What is Quantum Key Distribution?; Quintessence Labs, 2014,  4-7.
3. The Project UQCC. On Security Issues of QKD; Updating Quantum Cryptography and Communications, n.d.; http://www.uqcc.org/images/towards.pdf (accessed Sep. 29, 2015).
4. Dianati M.; Alléaume R; Architecture of the Secoqc Quantum Key Distribution network. GET-ENST, Network and Computer Science Department; GETENST: Paris, Feb. 1, 2008; pp. 3-6; http://arxiv.org (accessed Sep. 30, 2015).
5. Lydersen, L. et al. Nature Photonics. 2010, 4, 686-688.
6. Qiu, J. Nature. 2014, 508, 441-442.
7. Elliott, C. et al. Current status of the DARPA Quantum Network; BBN Technologies: Cambridge, 2005, 9-11.
8. Dzimwasha, T. Quantum revolution: China set to launch ‘hack proof’ quantum communications network. International Business Times, Aug. 30, 2015. http://www.ibtimes.co.uk (accessed Oct. 1, 2015).
9. Stebila, D. et al. The Case for Quantum Key Distribution. International Association for Cryptologic Research; IACR: Nevada, 2009, 4-6.  https://eprint.iacr.org (accessed Oct.1, 2015).