Security

How quantum cryptography works: And by the way, it's breakable

Quantum cryptography is not infallible. But before getting to how it can be compromised, Michael Kassner calls on some experts to explain how Quantum Key Distribution works.

My editor, Selena Frye called, asking what I knew about quantum cryptography. I remember muttering something about qubits. "Good," she said. "This Phys.org article discusses a problem that has been fixed, I'd like you to write about it?"

"Sure, I'll get right on it.

Dr. Hoi-Kwong Lo

I didn't even know quantum cryptography was broken. And, they already have a fix.

The article didn't go into detail as to what's broken, but mentioned that Dr. Hoi-Kwong Lo (at right) and Dr. Vadim Makarov (pictured below) had independently developed ways to compromise quantum encryption systems. That's where I'll start.

I contacted both gentlemen, asking for help. Their enthusiasm caught me off-guard, as did the ten papers they sent on quantum cryptography weaknesses and how to fix them.

I didn't get very far reading the papers. "This is complicated stuff," I thought, "I better start at the beginning." I asked Dr. Makarov if he had anything that would bring me up to speed.

He suggested: Chapter 5. Quantum Cryptography from the book Multidisciplinary Introduction to Information Security. It turned out to be just what I needed. Dr. Makarov also offered the following advice: "Reading original-research articles on quantum cryptography can indeed be hard. I hope you don't want to become a scientist on this topic."

Who says quantum cryptographers don't have a sense of humor?

Dr. Vadim Makarov

Why quantum cryptography?

My first question is: "Why quantum cryptography?" Why is it better than what we currently have? Dr Makarov had this to say:

Quantum cryptography is the only known method for transmitting a secret key over distance that is secure in principle and based on the laws of physics. Current methods for communicating secret keys are all based on unproven mathematical assumptions.

These same methods also are at risk of becoming cracked in the future, compromising today's encrypted transmissions retroactively. This matters very much if you care about long-term security.

Dr. Makarov is referring to Quantum Key Distribution (QKD) -- the subset of quantum cryptography developed to transfer symmetric encryption keys between two locations:

Quantum Key Distribution uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages.

QKD and qubits

Remember my mentioning qubits while talking to my editor? Well, qubits are why QKD works:

In quantum computing, a qubit or quantum bit is a unit of quantum information -- the quantum analogue of the classical bit. Unlike a classical bit which can take only the value of either 0 or 1, the state of a qubit can be in a ‘superposition' of 0 and 1 simultaneously.

It's those quantum properties we are going to look at next.

Quantum properties

Digital systems use the familiar binary states: One/Zero, Yes/No, or On/Off. I'm afraid that's not the case with quantum mechanics, "maybe one or the other" or "both" is more the norm. To help explain, consider a qubit to be a single photon and watch how it can be manipulated in the diagram below (courtesy of Chapter Five).

(a): A single photon is emitted from a light source and passes through a linear polarizer, in this case -- horizontal. That process creates a qubit with horizontal polarization.

(b): When the horizontally-polarized photon passes through a horizontally/vertically-oriented polarizing beamsplitter, it always retains its horizontal polarization.

(c): If that horizontally-polarized photon passes through a diagonally-oriented polarizing beamsplitter:

  • There is a 50% probability of finding the photon at one of the exits.
  • The photon will only be detected at one of the exits.
  • The polarization of the photon will have changed to the corresponding diagonal polarization.

I don't know about you, but I was expecting the photon to be blocked at step (c), not pass through and change polarization. Another interesting thing to note -- polarized photons are able to convey digital information. The next diagram shows how it's done (courtesy of Chapter Five).

You may have heard the term BB84 Protocol and wondered how it worked. Here's how:

  • Alice uses a light source to create a photon.
  • The photon is sent through a polarizer and randomly given one of four possible polarization and bit designations -- Vertical (One bit), Horizontal (Zero bit), 45 degree right (One bit), or 45 degree left (Zero bit).
  • The photon travels to Bob's location.
  • Bob has two beamsplitters -- a diagonal and vertical/horizontal - and two photon detectors.
  • Bob randomly chooses one of the two beamsplitters and checks the photon detectors.
  • The process is repeated until the entire key has been transmitted to Bob.
  • Bob then tells Alice in sequence which beamsplitter he used.
  • Alice compares this information with the sequence of polarizers she used to send the key.
  • Alice tells Bob where in the sequence of sent photons he used the right beamsplitter.
  • Now both Alice and Bob have a sequence of bits (sifted key) they both know.

All in all, a pretty cool way of securely transferring an encryption key between two different locations.

Next time

I debated whether to include this primer or not. I quickly realized I needed it, especially when you the TR members start asking those tough questions. Now, that we understand how it is supposed to work, we will see how it can be broken -- and fixed.

Hopefully, I can get Dr. Lo and Dr. Makarov to tell me about their secret attacks. We'll also look at the Heisenberg Uncertainty Principle and how it allows Alice and Bob to know if an eavesdropper (Eve) has deployed a Man in the Middle attack, hoping to steal their encryption key.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

7 comments
Ludwig817
Ludwig817

Yes, all of the undergrad text books use analogies for linear polarizers that indicate only selective absorption depending on the angle. It's almost as misleading as the Schrodinger's cat analogy. You can observe what really happens with three polarizers. Align two at 0 and 90 degrees to block the light. Then place the third polarizer oriented at 45 degrees between the other two. Now light gets through all three, even though the outer two polarizers are still at 0 and 90. By rotating the third (90) polarizer, you can show that all of the light emerging from the second (45) polarizer is polarized at the angle of the second polarizer (45), not the first polarizer (0).

Ptorq
Ptorq

Never mind, perspective got me. I should have been looking at the color, not the apparent orientation (which is almost the same for horizontal and 45 left).

Ptorq
Ptorq

Assuming that I've understood the process correctly, Bob used the correct polarizer on the second bit; however, the diagram shows it as being sifted out.

Michael Kassner
Michael Kassner

New post: I didn't. Thought I better find out what's going on, but first I needed a refresher on QKD.

Michael Kassner
Michael Kassner

I did not know that about three polarizers. Fascinating. As for Schroedinger's Cat, that was a mind-numbing read. I did get one important concept from it though: "This is a key aspect of the Copenhagen interpretation of quantum physics - it's not just that the scientist doesn't know which state it's in, but it's rather that the physical reality is not determined until the act of measurement takes place. In some unknown way, the very act of observation is what solidifies the situation into one state or another ... until that observation takes place, the physical reality is split between all possibilities."

Michael Kassner
Michael Kassner

I had to spend a lot of time on the diagrams to make sure I understood them. I actually did not use one because it still doesn't make sense to me.

pgit
pgit

In a quantum system knowing one property with any certainty comes at the expense of other properties, which can be assumed but not confirmed. I recently read where a team from my hometown (Rochester, New York) has 'defeated' uncertainty, they can measure all properties by making a first measurement "weakly," so that it does not totally destroy other properties, which then may be measured destructively. 2 sets of properties are measured for one quanta. To be honest I think this is hogwash, as there's still a matter of percentage (of interaction/destruction) in the "weak" measurement, and the assumption that the effect is negligible to the point of being non existent. I love this stuff. You always stretch my head, Mr. Kassner. Thanks for the great start to a long Wednesday, my mind will be occupied with beam splitters and polarization grids all day. :)

Editor's Picks