Quantum Computers – why do they pose a threat to digital security?
In this article, we demystify the fundamental principles and potential applications of this ground-breaking technology.
Previously we discussed quantum key distribution (QKD), a form of quantum cryptography that relies on the inviolability of the laws of physics for its security, and outlined the BB84 protocol for transmitting a secret key between two parties, Alice and Bob, using the polarization of photons. We also highlighted advantages of QKD over traditional RSA encryption, including that the development of quantum computers pose no threat to the underlying security of QKD and that QKD enables Alice and Bob to detect the presence of an eavesdropper.
In this article, we explore some of the difficulties and challenges of trying to implement QKD into a real network.
Thomas Cox | thomascox@hlk-ip.com
Phil Davies | pdavies@hlk-ip.com
QKD is theoretically completely secure, as it is impossible to violate the laws of physics on which the security of QKD relies. However, in practice there are several issues that result in QKD being unable to guarantee complete security.
What is the problem?
QKD is susceptible to a man-in-the-middle attack, where an attacker (called Mallory) simultaneously pretends to be Bob to Alice and pretends to be Alice to Bob1. Mallory essentially inserts himself in the channel between Alice and Bob with neither aware that they are no longer communicating with the intended recipients of the message. Mallory would then use the QKD protocol used by Alice and Bob to separately establish different keys with each of Alice and Bob.
Therefore, a man-in-the-middle attack allows Mallory to relay messages between Alice and Bob to make them believe that they are directly talking to each other without Mallory being present. Additionally, Mallory may intercept the messages and then replace them with false messages.
Is there a solution?
QKD cannot be used to prevent such an attack. Instead, Alice and Bob must authenticate each other first, such as by using a mutually trusted certificate authority.
However, a man-in-the-middle attack is a problem that is not unique to QKD. Such attacks are generally possible against any communication that involves Alice and Bob sharing a public key to encrypt their message. Hence, the man-in-the-middle attack also affects non-quantum cryptography, including RSA encryption. Authentication may also be used to evade the man-in-the-middle attack for communication using RSA encryption.
What is the problem?
It is very difficult to produce equipment that can reliably produce and detect single photons1, particularly over long distances. Therefore, in practice, QKD protocols are implemented using a source that produces multiple photons at a time, wherein the multiple photons are encoded according to the same basis. For example, the source may be a laser producing a small amount of coherent light.
The consequence of Alice transmitting multiple photons instead of single photons to Bob is that Eve can separate a single photon or a small number of photons from the group of photons that are sent by Alice per bit. Eve can then measure the photon that she obtained while allowing the rest to pass on to Bob. To guarantee that she uses the correct basis when measuring the obtained photon, Eve can store the photon in a quantum memory and wait until Alice and Bob publicly share the bases they used for each photon (as they are required to do to implement the BB84 protocol)2. Therefore, Eve can measure her stored photon in the correct basis.
This process allows Eve to obtain information without disturbing the photons that are received by Bob. In the ideal implementation of QKD, where only single photons are used, this is impossible for Eve to do, as she cannot measure a single photon she intercepts without altering it, and therefore her presence would be detectable to Alice and Bob (as we outlined in the previous article).
Is there a solution?
There are some solutions to this problem:
What is the problem?
For Alice and Bob to securely share their secret key with each other in the BB84 protocol, they must transmit photons. Over short distances, this poses little issue (currently QKD has been achieved over distances further than 100km)3. However, there is a significant challenge in transmitting photons over long distances whilst maintaining their quantum states. For QKD to be effective across inter-city or global distances this challenge must be addressed.
In digital communication, information bits are transmitted as photons in an optical fibre. An advantage of optical fibres is that they provide very low loss of the transmitted light. Hence, they are effective at transmitting light over hundreds of kilometres. In an optical fibre, the intensity of the transmitted signal attenuates exponentially with the transmission distance, due to photons being scattered. For example, photons may be scattered such that they cease to be a part of the relevant bit packet or, in certain cases, such that they escape the core of the optical fibre. Photons may also backscatter. Additionally, photons may be absorbed by the fibre. As photons are required to travel a very large distance, to prevent the intensity of the transmitted signal from being too greatly reduced, optical fibres may typically be supplemented with repeaters.
A repeater acts to amplify a compensation signal and can supplement the energy lost during the carrier transmission. To do this, the repeater measures the incoming signal, copies it and then transmits the copied signal at a higher power towards its destination.
However, the classical repeaters that are used in current forms of communication cannot be applied to quantum communication. This is because the no-cloning theorem states that a quantum state cannot be copied (as discussed in a previous article). Consequently, if a classical repeater is used to boost a signal of light comprising photons with particular quantum states, such as polarization states, when the repeater measures the photon states it will destroy them.
Is there a solution?
As one possible solution to this problem, quantum repeaters are being developed, which exploit the principle of quantum entanglement.
Quantum entanglement is a phenomenon where two or more photons can interact such that the two photons are no longer independent of each other. For a pair of entangled photons, this means that a measurement performed on one of the pair of photons instantaneously affects the other photon, irrespective of the distance between the pair of photons. Hence, when a photon is entangled with another photon, the quantum state of that photon, such as its polarization, is coupled with the quantum state of the other photon.
A useful consequence of quantum entanglement is the phenomenon of quantum teleportation, which allows a quantum state of one quantum particle to be transferred to another quantum particle to which it is entangled4.
Quantum repeaters work by teleporting the quantum state of a photon from Alice to the quantum state of a photon with Bob. This is achieved through the process of entanglement swapping5:
Therefore, a quantum repeater works by accepting entangled photons from both Alice and Bob and then converts those into a photon pair entangled between Alice and Bob.
If Alice and Bob are positioned at two ends of a particular distance, and the quantum repeater is placed in the middle, the result of the entanglement swapping is to entangle two photons over twice the distance required to send each photon of the initial entangled pairs. A network of quantum repeaters could be used to chain these entanglement swaps to generate a single long-distance entanglement of Alice’s and Bob’s photons from many short-distance entanglements.
The development of quantum repeaters is not the only solution being worked on. As an example, another possible solution involves using ‘trusted’ repeater nodes in a network6. This may comprise a first node in the network, which aims to communicate with a destination node, agreeing a quantum key with an intermediate node which is a part of a path to the destination node. The intermediate node then exchanges a quantum signal with the next node in the path, which may be the target node. The intermediate node communicates with the first node using the previously established quantum key details of the quantum signal sent or received by the intermediate node. The first node then performs a key agreement step to agree a quantum key directly with the targeted node. Having established a quantum key with the current target node the method is repeated but with the next node in the network path as the target node, until the destination node is reached. The final quantum key agreed with the destination node can then be used for encrypting communication between the first node and the destination node.
Despite all the challenges associated with implementing QKD in a real network, successful implementations of the process have been achieved. In 2006, QKD was achieved using entangled photons between two of the Canary Islands (a distance of over 144km)7. In 2017, the BB84 protocol was implemented over satellite links between ground stations in China and Austria8.
As the size and complexity of quantum computers continues to increase, so too will the investment and research into ways of keeping information secure. Therefore, quantum key distribution, and other cryptographic techniques relying on the laws of quantum mechanics, may provide a new standard for protecting digital information.
In a future article, we will discuss patent trends in QKD.
Reach out to our Electronic Systems & Circuits team to learn more about how we can support you.
This is for general information only and does not constitute legal advice. Should you require advice on this or any other topic then please contact hlk@hlk-ip.com or your usual HLK advisor.
In this article, we demystify the fundamental principles and potential applications of this ground-breaking technology.
We explore quantum key distribution, a form of cryptography which relies on quantum mechanics for its security and discuss some of the advantages quantum key distribution may provide over RSA.
In our upcoming webinar, our Opposition and Appeal team will be focussing on developments at the EPO’s Boards of Appeal, strategies for maximising success at appeals and take a look at some recent opposition statistics.
Register here