Quantum encryption: no silver bullet
14 November 2017 | 0
In the arms race between white and black hats, the information security industry is looking to quantum encryption and quantum key distribution (QKD). That may be just part of the answer, however.
Quantum encryption, also called quantum cryptography, applies principles of quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. It takes advantage of quantum’s multiple states, coupled with its “no change theory,” which means it cannot be unknowingly interrupted.
Encryption has been around since the beginning of time, from the Assyrians protecting their trade secret of manufacturing pottery to Germans safeguarding military secrets with Enigma. Today, it is under greater threat than ever before. That is why some people are looking to quantum encryption to protect data in the future.
Here is how encryption works on “traditional” computers: binary digits (0’s and 1’s) are systematically sent from one place to another, and then deciphered with a symmetric (private) or asymmetric (public) key. Symmetric key ciphers like Advanced Encryption Standard (AES) use the same key for encrypting a message or file, while asymmetric ciphers like RSA use two linked keys — private and public. The public key is shared, but the private key is kept secret to decrypt the information.
Yet public-key cryptography protocols like Diffie-Hellman, RSA and elliptic-curve cryptography (ECC), which survive on the basis that they rely on large prime numbers that are hard to factor, are increasingly under threat. Many in industry believe they can be circumvented by endpoint or side channel attacks like man-in-the-middle, cipher attacks, and backdoors. As examples of this fragility, RSA-1024 is no longer regarded as safe by NIS, while side-channel attacks have been proven effective up to RSA-40963.
Furthermore, the worry is that this situation will only get worse with quantum computers. Believed to be anywhere from five to 20 years away, quantum computers will potentially be able to quick-factor prime numbers. When this happens, every enciphered communication dependent on public key encryption (using asymmetric keys) will be broken.
“Quantum computers are unlikely to crack symmetric methods (AES, 3DES, etc), but are likely to crack public methods, such as ECC and RSA,” says Bill Buchanan, professor in the School of Computing at Edinburgh Napier University in Scotland. “The Internet has often overcome problems in cracking within an increase in key sizes, so I do expect a ramp up in key sizes to extend the shelf life for RSA and ECC.”
Could quantum encryption be the long-term solution?
Quantum cryptography can, in principle, allow you to encrypt a message in a way that it is never read by anyone outside of the intended recipient. Quantum cryptography is defined as “the science of exploiting quantum mechanical properties to perform cryptographic tasks,” and the layman’s definition is that quantum’s multiple states coupled with its “no change theory” mean it cannot be unknowingly interrupted.
It is, as a BBC video recently vividly showed, like holding ice cream in the sun. Take it out of the box, expose the sun, and the ice cream will be visibly different than before. A 2004 Stanford paper explains it better, saying, “Quantum cryptography, which uses photons and relies on the laws of quantum physics instead of ‘extremely large numbers,’ is the cutting edge discovery which seems to guarantee privacy even when assuming eavesdroppers with unlimited computing powers.”
Buchanan sees plenty of market opportunities. “The application of quantum encryption provides an opportunity to replace existing tunnelling methods, such as with SSL and Wi-Fi crypto, to create a complete end-to-end encryption over fibre networks. If fibre cable is used over the whole of the connection, there would thus be no need to apply encryption at any other layer, as the communication would be secured at the physical layer.”
Quantum key distribution
Alan Woodward, a visiting professor at the University of Surrey’s department of computing, says that quantum encryption is misunderstood, and people actually mean quantum key distribution (QKD), an “information-theoretically-secure solution to the key exchange problem.” With QKD, photons distributed at the microscopic quantum scale can be horizontal or vertically polarised, but “observing it or measuring it disturbs the quantum state.” This, says Woodward, is based on the ‘no cloning theorem’ in quantum physics.
“By looking at the degree errors you will see that it has been disturbed, so you won’t trust the message,” says Woodward, adding that once you have got the key, you can revert to symmetric key encryption. QKD is then ultimately about replacing public key infrastructure (PKI).
Buchanan sees a huge potential for QKD: “We currently do not properly secure communications at a physical level from end-to-end delivery. With Wi-Fi, the security is only provided through the wireless channel. To keep communications secure, we then overlay other tunnelling methods onto the communications, such as with a VPN or with SSL. With quantum encryption we could secure the complete end-to-end connection, without the need for SSL or a VPN.”
As Woodward notes, QKD is already available commercially, from vendors like Toshiba, Qubitekk and ID Quantique. Yet QKD continues to be expensive and requires independent infrastructure, unlike post quantum encryption that can run over pre-existing networks.
This is where China has “stolen a march” in bringing QKD to the market. Earlier this year, Austrian and Chinese scientists managed to conduct the first quantum encrypted video call, making it “at least a million times safer” than conventional encryption. In the experiment, the Chinese leveraged its Chinese satellite Mikaeus—specifically launched for conducting quantum physics experiments – and used entangled pairs from Vienna to Beijing at key rates of up to 1Mbps.
Woodward says that anything that uses public key encryption could use QKD, and one of the reasons the Chinese might be interested in it is if they believe it is physically secure, safeguarding them from NSA and nation states. “There can be no backdoors, no clever mathematical trick,” he says, citing the elliptical curve attack. “This relies on laws of physics, which are much simpler than the laws of mathematics.”
Ultimately, he expects it will be used in government, banking, and other high-end applications. “Several companies sell equipment today and it works, but it is expensive, but costs could come down. People will probably see it for high security things like banking and government to start with.”
Other examples include:
- Researchers from Oxford University, Nokia and Bay Photonics invented a system that makes it possible to encrypt payment details and then transmit the quantum keys securely between the smartphone and the point-of-sale (PoS) payment terminal, while at the same time monitoring for any efforts to hack into transmissions.
- Since 2007, Switzerland has been using quantum cryptography to conduct secure online voting in federal and regional elections. In Geneva, votes are encrypted at a central vote-counting station, before results are transmitted over a dedicated optical fibre line to a remote data storage facility. Results are secured via quantum cryptography, and the most vulnerable part of the data transaction—when the vote moves from counting station to central repository—is uninterruptible.
- A company called Quintessence Labs is working on a project for NASA that will ensure secure communications from Earth with satellites and astronauts.
- A small encryption device called the QKarD could allow smart grid workers to send totally secure signals using public data networks to control smart electricity grids.
- As he documents in this Wired article, Don Hayford is working with ID Quantique to build a 650 km link between Battelle HQ and Washington DC. For the past year, Battelle has used QKD to protect the networks at its Columbus, Ohio headquarters.
Practical problems, state interference
However, quantum encryption is not necessarily a silver bullet for information security. Woodward cites error rates in noisy, turbulent universe for unreliability, as well as technical difficulties on producing single photons required for QKD. Furthermore, fibre-based QKD can only travel a certain distance so you need to have repeaters, which thus represent “weak spots.”
Buchanan notes the infrastructure problem, too, needing broadband fibre from end to end. “We are still a long way off having fibre systems from end to end, as the last mile of the communication channel is often still copper-based. Along with this we interconnect hybrid communication systems, thus we cannot secure the physical communications channel for end-to-end connections.”
It is also no silver bullet. Some researchers recently found security issues with Bell’s theorem, while governmental involvement could be tricky, too. After all, this is the age where politicians don’t understand encryption, where agencies look to break end-to-end encryption and favour backdoors with major tech companies.
Perhaps it is no surprise, then, that the UK’s National Security Centre recently came to this damning conclusion of a recent report on QKD. “QKD has fundamental practical limitations, does not address large parts of the security problem, [and] is poorly understood in terms of potential attacks. By contrast, post-quantum public key cryptography appears to offer much more effective mitigations for real-world communications systems from the threat of future quantum computers”
Woodward mentions a “bit of a tussle between cryptographers and physicists,” especially over what constitutes the so-called “absolute security.” As such, they are developing different methods, and Woodward admits he can’t quite see how they’re going to come together.
The NSA last year started planning to shift to quantum-resistant encryption, while the National Institute for Standards and Technology (NIST) is running a competition to spur work on post-quantum algorithms. There are EU efforts across post-quantum and quantum, while Google relied on the post-quantum Lattice for its New Hope system on Chrome.
“I expect it will be a combination of both [post-quantum and QKD]. You’ll see QKD where it makes sense to spend more money for infrastructure, but mathematical approaches for the likes of you and me at the endpoints,” says Woodward. For example, he expects QKD will be “part of the journey,” perhaps from himself to the WhatsApp server but with post-quantum from server to me as recipient.
Quantum key distribution is clearly an exciting opportunity for the information security industry, but we’ll have to wait a little while before widespread mainstream adoption becomes reality.
IDG News Service