Coding messages was traditionally of interest only to diplomats, the military, and spy agencies. However, cryptography is now an essential part of everyone’s life, given that the Internet is used to communicate all of our bank transactions, industrial designs, and commercial dealings.
Most systems today use an encrypting method known as public-key cryptography, in which Bob (the person who anticipates receiving messages) first creates both a public key and an associated private key, and publishes the public key. When Alice wants to send a secure message to Bob, she encrypts it using Bob’s public key. To decrypt the message, Bob uses his private key.
Key generation is based on a calculation that is very easy for Bob to make, but very difficult to reverse by an eavesdropper—the e-e-evil Eve. For example, given two numbers, a computer can very quickly multiply them together to find the product, which is provided as the public key. However, it is much more difficult for an eavesdropper to find the factors given only the product. Nevertheless, the weakness of current public-key cryptography is that a powerful computer (for example, a quantum computer, as we will soon see) could use the public key to learn the private key. As such, key distribution systems based on this idea are very practical and efficient, but their security is based on the assumption that the eavesdropper does not have access to massive computing power.
Once Eve the eavesdropper uses the supercomputer in her lair to crack the private key, she can tap the encrypted channel (e.g., a radio or Internet transmission) and read the secret messages without either Alice or Bob knowing their communications have been compromised.
Traditionally, the only way to ensure completely private communications was to use a long random key shared securely between the parties and used only once. In theory, using such one-time pad makes the message secure, but there is still the problem that the key, which has to be distributed, may be susceptible to interception. In addition, reusing a one-time pad allows sophisticated code-breakers to find patterns that can reveal the key.
A new way of ensuring that even a sophisticated eavesdropper cannot decode an encrypted message is to distribute a key using a quantum channel that cannot be intercepted without being detected by the sender and receiver. This is possible because the act of measuring a quantum state will cause changes that can be detected. Putting it simply, when Bob and Alice exchange a key sent via a quantum channel, they can spot Eve’s tampering, because her measurements of the photon stream will cause detectable errors in the data. As such, Bob and Alice only send an encrypted message using a key that is known to be secure.
A method that is now being employed commercially for quantum key distribution (or QKD) was first proposed by Charles Bennett of IBM and Gilles Brassard of the University of Montreal63—the same brilliant guys who came up with the protocol for quantum teleportation. Using their procedure, which is commonly known as BB84, Alice generates a stream of individual photons polarized in one of two modes (also known as basis): vertical/horizontal, or diagonally ±45°. Within each mode, one orientation represents a digital “0” and the other a “1.” Alice randomly chooses both a mode (polarization frame) and an orientation (digital value) for each photon sent over the quantum channel. Depending on her random selections, the photons she sends to Bob have the polarizations shown in Table 12.
TABLE 12 Photon Polarizations Used over the Quantum Channel in the BB84 Quantum Cryptography Protocol
Alice records the mode, digital value, and exact time of transmission for each photon she sends to Bob. As the receiver, Bob randomly chooses between the two modes when he tries to detect a photon. If he chances to choose the same mode that Alice used for a given photon, he will correctly measure its orientation and determine its digital value. Choosing a different mode from the one Alice used will give him the wrong value for that photon. However, he doesn’t know which measurement is right or wrong. Bob also records the mode he used, result he obtained, and exact time of arrival for each photon.
Alice uses a classical channel to tell Bob the mode she used for encoding each photon, but does not tell him its digital value. Bob then ignores all instances where he measured a photon in the wrong mode, and tells Alice which ones he measured correctly, not telling her the digital value he measured. Alice then discards all the photons Bob didn’t measure correctly. Only the set of photons measured correctly by Bob are assembled into the one-time-pad encryption key. Table 13 and Figure 155 show an example of the process.
Figure 155 To generate a one-time-pad BB84 encryption key, Alice first sends Bob a sequence of photons with polarizations encoding a set of random bits and modes. Bob measures these photons at a set of random modes. Alice then tells Bob the modes she used (but not her digital values), and Bob replies with a list of photons for which he, by chance, measured using the same mode as Alice. The bits encoded in the matching photons are used to compose the encryption key.
TABLE 13 Example of How a One-Time-Pad Encryption Key is Generated by Alice and Bob Using the BB84 Quantum Cryptography Protocol
Let’s now suppose that Eve attempts to eavesdrop on Bob and Alice (Figure 156). She will need to intercept Alice’s photon stream with her detector. However, like Bob, Eve doesn’t know the modes used by Alice, so she needs to measure at random modes. Most importantly, she destroys Alice’s photons when she measures them, so she must generate a new quantum message to send to Bob to disguise her prying. Eve has to guess the polarization of many of the photons, which creates errors in the string of values used in the encryption key. Bob and Alice can easily find these errors by comparing a subset of their remaining bit strings, telling them there is an eavesdropper and they must therefore discard the key.
Figure 156 If Eve the eavesdropper tries to measure and resend the photons, errors occur in the data, so Alice’s key and Bob’s key don’t match. Alice and Bob are alerted about Eve’s presence when they compare just a few bits of the key.
There are other QKD protocols, including some that use entangled pairs to further boost key security. QKD products are already commercially available from id Quantique (Switzerland), MagiQ Technologies (U. S.), SmartQuantum (France), and Quintessence Labs (Australia).
One last word about QKD. Although quantum cryptography is theoretically secure, the real-world components used to implement it are vulnerable to attacks. In 2010, a team from the Norwegian University of Science and Technology in Trondheim was able to successfully eavesdrop the secret key without leaving a trace by exploiting some characteristics of the SPAD-based SPCMs in the commercial QKD system made by id Quantique. The hack involves Eve flashing laser pulses on Bob’s SPCMs to reduce their sensitivity using a clever pulsing method64 that allows Eve to safely intercept a message without leaving the telltale quantum errors. This vulnerability can be closed in a number of ways, including redesigning the SPCMs, but it reminds us that no real lock is completely safe, not even one that is based on a theoretically unbreakable mechanism.
Leave a Reply