Or: how telco infrastructure is hacked1 to get unbreakable security.
For sure you’ve heard of these quantum computers that are about to get useful soon and that are expected to destroy the security of large parts of the cryptography we’re using today. As part of my bachelor’s thesis in physics, I worked on quantum cryptography or quantum key distribution which offers a secure alternative to do cryptography even in the presence of large-scale quantum computers. While publishing my thesis as part of this article for anyone interested in reading it, I also want to use this chance to tell you a little bit about the problem of today’s cryptography and quantum computers, and which solutions currently are being worked on.
Luckily, quantum key distribution isn’t that hard to experimentally realize as this machine shown here. (It’s a molecular beam epitaxy system to grow the crystal structure of a VCSEL, some type of laser.)
There exist many different types of cryptography, and in this post I’ll focus on encryption. That means, the art or the science of converting messages such that nobody except you and your friend is able to read their content. For any type of encryption, you need some kind of key. Computers work with numbers, more specifically with 0-s and 1-s, so think of this key as a random sequence of 0-s and 1-s for now. If you and your friend both know this random sequence, you’ll be able to use symmetric cryptography to encrypt and decrypt messages using this key. But the obvious problem is: how to establish this key between you and your friend? That’s where asymmetric cryptography comes into play. With asymmetric cryptography, you have not one but two keys: a public key and a private key. The private key is only known to you; the public key, however, is meant to be publicly shared with anyone. Using this combination of public and private keys, algorithms like Diffie-Hellman exist that give both your friend and you a symmetric key that is only know to both of you. Instead of generating a symmetric key, though, algorithms like RSA may be used that allow you to directly encrypt and decrypt messages using your public and private keys.
While for symmetric encryption there exist algorithms that are information-theoretically secure, i.e., unbreakable, no matter how much time and resources an attacker may invest, for asymmetric encryption only algorithms are known that are computationally secure. Here, theoretically attackers are able to break these types of encryption. However, for common key lengths it takes longer than the age of the universe to break for example RSA, even when using the best computers available today. Classical computers, I might say. Because with quantum computers, things are about to change dramatically.
Quantum computers aren’t an easy topic to summarize in one or two sentences as part of this post. Really, throughout my whole physics bachelor I’ve asked various PhD students whether they knew how they worked more or less, but nobody could tell me. That’s why I got so excited when I heard that a new professor joined TU Darmstadt, so I could finally visit her classes and ask all the questions I might still have. Let’s give it a try: in contrast to classical computers like your laptop or smartphone, quantum computers make use of quantum mechanics that allow them to do certain jobs much better than classical computers may ever be able to do. Specifically this means that quantum computers make use of quantum superposition and quantum entanglement. When starting a quantum algorithm, you prepare your data just like with classical computers as 0-s or 1-s, and when finishing the algorithm and reading out the results, you again interpret the results in this binary manner. It’s in between that crazy and exciting things start to happen that allow quantum computers to be so powerful in certain areas. I’d love to learn and tell more about this, but still this post is focusing on quantum cryptography, so I’ll stop here. If you want to learn more about quantum computers, I can only recommend reading Quantum Computation and Quantum Information by Nielsen and Chuang. It’s a superb introduction to this whole topic.
So, as we’ve learned, asymmetric cryptography is broken due to quantum computers. In particular, it’s Shor’s algorithm that’s about to destroy all the security we once believed to have. An approach that seems quite ironically to me is to use just the same quantum mechanics that allowed this to happen to enable secure cryptography again. This type of cryptography is called quantum cryptography. For many types of quantum cryptography, at its heart lies the already mentioned entanglement that gives two friends, let us call them Alice and Bob, a shared secret that allows them to use symmetric cryptography which is still secure in the presence of quantum computers.
In the physics working group Laser and Quantum Optics where I did my bachelor’s thesis, a quantum key distribution (QKD) system is built based on the BBM92 protocol. It’s named after its founders Bennet, Brassard, and Mermin that published it in 1992. The short explanation is this: in a central so-called source, entangled pairs of photons, the “particles” of light, are created with the help of lasers and crystals. Each of these photons is then directed via optical fiber towards either Alice or Bob. Both measure them and obtain a result that they interpret as either 0 or 1. Thanks to the entanglement, it’s assured that both Alice and Bob obtain the same result. You might wonder: and what’s exactly making QKD so secure that no one could ever break it?
Well, it’s the way in which Alice and Bob measure their photons and the so-called wave function collapse that leads to the no-cloning theorem. Alice and Bob don’t measure each photon in exactly the same way every time; instead they have two different ways of doing so that are called measurement bases. For each photon, they choose a different basis, and only when both Alice and Bob happen to choose the same basis they obtain the same results. Otherwise their results are no longer correlated. This is where the security of QKD becomes apparent: if an attacker measures a photon in one of these two bases before it reaches Alice or Bob, the “wave function collapses” and the results Alice and Bob obtain may differ from each other. They can detect this difference and thus know that their connection got eavesdropped, i.e., that their key is no longer secret. Similarly, the attacker can’t copy the photon, forward one copy and measure the other one, because this is forbidden by the no-cloning theorem, a fundamental principle in quantum mechanics.
By using this QKD system, Alice and Bob obtain a shared secret key and use it with whatever symmetric encryption algorithm they like. Before starting my bachelor thesis, most of the work related to physics was already done, and the researchers at that group published a paper in a journal called PRX Quantum presenting all this. My job for this thesis was more the one of a software architect: understand all this physics and the system’s problems and requirements and build the appropriate piece of software that allows two parties in distinct places to use the QKD system. Because up until then all the software required being executed on one single computer, with all the experimental setup being connected to the same machine. As part of the three months of my bachelor thesis, I was not able to fully decentralize this setup, but the most important and fundamental steps could be done.
I hope this little introduction into quantum mechanics and its relation to computers and cryptography sparked enough interest to take a look into my bachelor’s thesis. When reading it, the subtitle of this blog post hopefully starts to make sense, as the working group at TU Darmstadt is fully committed to get QKD running on normal telecommunication infrastructure. You can click on the image below to download the PDF. I wish you a pleasant read.
I hereby publish my bachelor’s thesis “Connecting Quantum Bits” under the Creative Commons Attribution - Share-Alike (CC BY-SA) 4.0 International license. If you have any questions or comments, feel free to contact me. Thanks to Max, Erik, and Prof. Walther for being mentors as awesome as they are, and for letting me be part of this journey for a little while.