• PNAS Chemistry Ad
  • Science Sessions: The PNAS Podcast Program

News Feature: Code wars

  1. Stephen Ornes, Science Writer

Quantum cryptography gears up to fight code-breaking quantum computers. Will the approach bolster security in the future, or is it fatally flawed?

In October 2014, an Antares rocket blasted off from a NASA launch pad on one of Virginia’s barrier islands, and exploded seconds later. In addition to about 5,000 pounds of food and equipment destined for the International Space Station, the doomed rocket was carrying 26 miniature satellites called CubeSats, one of which housed physicist Alexander Ling’s experiment. “We thought, ‘oh, that’s it, we’re not going to see our experiment again,’” recalls Ling, of the Centre for Quantum Technologies in Singapore. He was mistaken.

Advances in quantum cryptography could enable the creation of a global quantum Internet. It would consist of networks on the ground, as well as in space, set up via satellites capable of exchanging photons in fragile quantum states. Image courtesy of Shutterstock/Login.

Days later, Ling got a phone call. His experiment had washed up on a nearby beach. The CubeSat’s metal casing had been crushed—“a bit,” says Ling, but the experiment inside had not only survived but was still working. The nature of the experiment made this even more astonishing: Their device used crystals and lasers to generate particles of light, or photons, in delicate, easily destroyed quantum states. Neither the turbulence of the launch nor the shock of the explosion had knocked the device out of alignment. Ling was ecstatic. Although the mission had failed, his experiment had endured. He and other quantum cryptography researchers hope that expectations about the technology’s potential hold up just as well.

Ling wants to help build a global quantum Internet in which computers would communicate securely using the quantum mechanical properties of particles of light. Such an effort would require both networks on the ground, built over existing fiber-optic cables, and in space, using satellites capable of exchanging photons in fragile quantum states, like those at the heart of Ling’s design.

One of the most tantalizing implications of such a quantum network is its apparent impregnable security. That’s important because vulnerabilities lurk in even the most robust encryption methods that protect information transmitted across existing communication networks. Ultrafast quantum computers of the future, which will exploit quantum states of particles to perform multiple calculations at once, could easily break today’s strongest codes. Many physicists say the only way to thwart quantum computers is to fight fire with fire, using cryptography that itself relies on quantum mechanics. “For quantum cryptography, security is the whole selling point,” says Vadim Makarov, an applied physicist at the Institute for Quantum Computing at the University of Waterloo, in Canada.

Secret Handshakes

Using quantum physics to protect a message from prying eyes is humankind’s most sophisticated attempt at cryptography to date. Historically, cryptography has involved the sender encoding, or locking, the message by substituting letters, phrases, or words. Only the recipient would know what was swapped—such information constitutes a key—and thus be able to decode or unlock the original message. It’s crucial that no one else has the key. If the key gets stolen, the entire effort goes to waste.

Such cryptography efforts have a rich history. Julius Caesar is said to have used a letter-substitution cipher to send military messages. About 100 years ago, a German inventor patented the Enigma machine, which used a set of electromechanical rotors—each of which had 26 different settings—to scramble a message. The receiver would have to know the exact positions of these rotors to decode the message. As decoders figured out how to break such codes, the Enigma machines evolved and improved in the years leading up to and during World War II, inspiring more sophisticated code-breaking approaches. The cryptographic race was on.

These days secret messages are a part of everyday life. People regularly send and receive encoded personal and financial information through the Internet, and trust that it remains hidden from prying eyes. “A lot of things depend on the ability of communicating securely over the Internet, including bank transactions and the stock exchange,” says Wolfgang Tittel, a quantum physicist at the University of Calgary, in Canada. “If that breaks down, our way of life breaks down.”

Most information exchanged online is protected by codes that can only be broken by solving exceptionally difficult math problems. First developed in the 1970s, RSA is one of the most popular and powerful methods (1). Under RSA, an encryption key is created by multiplying two extremely large prime numbers. The key can be shared publicly, but the primes are kept private. Only someone with knowledge of the two primes can decode the encrypted message.

Consider the case when you are using your Internet browser to access a bank account. The browser receives an extremely large number (the key) from the bank to encode information. Only the bank knows the two prime numbers used to create the key, and it uses them to decode messages that you send. For a public key with more than 600 digits, for example, an average user who tries to factor it would need billions of years of computing time to break it. Although multiplying two large prime numbers is easy, factoring the product back into its constituent primes is near impossible. Classic computers simply lack the power to do it fast enough.

The bigger the key, the stronger the lock. Even as computer scientists devise classic algorithms that factor faster, encryption keys keep getting large enough to remain practically unbreakable.

Fifteen seconds after it launched in 2014, this Antares rocket exploded, showering the shore and sea with debris. The rocket’s cargo included a photon pair generator (Inset), which somehow survived intact. A similar device was later used to test new satellite technology that could help connect a global quantum Internet. Main image courtesy of NASA/Joel Kowsky; Inset courtesy of GomSpace.

Quantum Danger

But a threat looms. In 1994, American mathematician Peter Shor proved that a quantum computer could crack such codes (2). Quantum computers solve problems in a fundamentally different way than classic computers. Instead of bits that can only exist in two states—as 1s and 0s—quantum computers exploit a quantum mechanical property of particles that allows them to simultaneously exist in multiple states (called a superposition). So a quantum computer can do calculations that are not just using 0s and 1s, as in classic computers, but also calculations involving superpositions of states, dramatically increasing the speed of computation. Shor’s algorithm, effectively a recipe for factoring big numbers, requires a quantum computer.

Most researchers believe quantum computers that can hack today's codes will be a reality in the next 10–20 years, says Tittel. If so, hackers might use quantum computers to decode files encrypted with today’s best methods. Quantum cryptography can withstand the onslaught of quantum computers by offering a profoundly new way to safeguard information, placing the emphasis on the detection of an intruder trying to access the key.

In 1984, cryptographer Charles Bennett, at IBM, and physicist Gilles Brassard, at the University of Montreal, introduced the first such quantum key distribution (QKD) protocol, in which two people, called Alice and Bob, exchange a key using the quantum mechanical properties of photons and can detect the presence of an eavesdropper, called Eve (3). Since then, physicists have worked out more elaborate ways of encoding keys that rely on a quantum property called entanglement.

Entangled photons are intrinsically correlated. If Alice and Bob each have one of a pair of entangled photons and they do the same measurement on their respective photons, they will get the same result. It’s important that both measurements are of the same type. For example, if information is encoded in the polarization states of the photons, both measurements can look at whether the photon is polarized horizontally (0°) or vertically (90°), in what’s known as the rectilinear basis of measurement. Or, both measurements can look at whether the photon is polarized at 45° or 135°, the so-called diagonal basis.

Such measurements can be used to exchange a key. For each entangled photon, Alice chooses the basis of measurement (either rectilinear or diagonal) at random and notes the result of her measurement. Bob does the same with his photon. They do this for a number of entangled photon pairs. Then, they publicly exchange the sequence of bases that they used for measuring the state of each photon and discard the results of the measurements for which they have used different bases. The remaining measurements, done with the same basis in each instance, form the key: Alice and Bob know that they must have the same values for each measurement because the photons were entangled and the bases were the same.

Entangled photons allow Alice and Bob to detect eavesdroppers. Imagine that Eve intercepts the stream of photons being sent to Bob. She’d have to make a measurement, extract a value, and then resend the photon to Bob, encoding the value she obtained into the new photon. Her measurement would first destroy the entanglement. And since she’d not know the original basis in which the photon was encoded, she’d also get the basis wrong—on average—half the time. So, when Alice and Bob compare their results, the disturbed entanglement and sometimes-wrong basis would reveal Eve’s presence in the form of reduced correlations in their own measurement results. They can repeat their efforts until they are sure they haven’t been hacked.

Commercial and reliable QKD-based encryption systems have been available for a decade. Even so, these systems are still in their infancy, limited both in range and data rates. But the newest results from research laboratories in China and Canada promise to revolutionize quantum communications in the not-too-distant future.

Entangled Cities

In practice, using entangled photons to distribute a key between Alice and Bob over arbitrarily large distances is not easy, nor is it impossible. Entanglement is a delicate quantum state and can be easily destroyed. Middlemen can help. Imagine a scenario where Alice and Bob each create a pair of entangled photons. Alice sends one of her pair of particles to a middleman called Charlie, and keeps the other particle with her. Bob does the same. Now, Charlie has access to two particles, one from Alice and one from Bob. Charlie can now do something called a Bell-state measurement, which results in the photons that are with Alice and Bob becoming entangled. Now Alice and Bob can use the entanglement-based protocol to establish a key. Crucially, they can double the distance between them using Charlie, a technique that can allow Alice and Bob to communicate over longer distances.

This fall, two teams independently reported important steps toward the implementations of this approach that would make it easier to distribute cryptographic keys using entanglement and Bell-state “Entanglement is beautiful, but it hasn't been practical [for security] until now.”—Qiang Zhangmeasurements. Both teams used existing citywide fiber-optic networks and reached distances of a few kilometers.

One was a team led by Qiang Zhang and Jian-Wei Pan at the University of Science and Technology of China, in Hefei (4). Zhang’s team envisages a quantum network with a central hub that exchanges quantum states with distant nodes, where each link between the hub and a node uses an Alice-Charlie-Bob protocol, with Bob at the hub. In September, they demonstrated one such link over Hefei’s optical fiber network. Then, in November, the team broke a new record for QKD by sending information over 400 kilometers of existing optical fiber (5). “Entanglement is beautiful, but it hasn’t been practical [for security] until now,” says Zhang. He notes that transmitting quantum states over long distances in this way—called “quantum teleportation”—could also be used for other quantum processes, including quantum computing.

The other group, reporting in September, was led by Tittel in Calgary (6). His team used their city’s fiber-optic network to achieve similar results. They, however, implemented a scheme that could be used to string together a sequence of quantum links, such that the distance between Alice and Bob could span cities. Taken together, the work of the two teams shows how secure land-based quantum networks could be built, using quantum cryptography to exchange keys. “In principle, we should soon be able to do this over arbitrarily large distances,” Tittel says.

Another way to increase the reach of quantum networks is to have ground stations communicate via secure quantum links with satellites (playing the role of Charlie) in space. That’s what Alexander Ling is after. His experiment, which survived the rocket explosion, was designed to generate entangled photons in space. “Space is a bit trickier,” says Ling. Still, he’s made progress: in December 2015 his team sent another CubeSat-packed light source into space—this time without incident—onboard a rocket launched from India. It’s in orbit now and generating photons, not entangled yet, but it’s another step toward a global, space-based quantum Internet.

Ling isn’t the only one working on such efforts nor is he the best-funded. In August, China launched a $100 million satellite to test quantum entanglement in space for the next 2 years. It will link to two ground-based stations, one in the Xinjiang province in western China and the other about 120 miles south of Beijing. After that, the researchers plan to go international by connecting with a station in Vienna. If the experiment succeeds, China plans to launch a fleet of such satellites by 2020.

Not So Fast…

Even as some physicists celebrate quantum cryptography’s robustness, others argue that QKD too may be flawed. Since the first QKD systems appeared, computer scientists have found loopholes that enable hackers to spy on a system without detection. The problem isn’t so much the physics as the implementation: it’s tough to build devices that deliver on the promises of quantum physics. That’s partly because the actual performance of a photon generator or detector deviates from the ideal behavior required by theory, and hackers can exploit such deviations. For example, a hacker who knows how a detector measures light pulses can intercept the beam of photons in such a way that the interception would be detectable by an ideal device but falls within the margin of error of real-world machines.

Quantum hacking expert Makarov demonstrated one hacking strategy in 2010 while working at the Norwegian University of Science and Technology in Trondheim (7). Makarov and his team used off-the-shelf devices to successfully blind Bob's photon detectors, allowing the intruder to control them. The intruder could then detect all photons from Alice and make Bob repeat his detection results exactly. Bob’s device didn’t detect the interception because it thought it was detecting photons from Alice. “It was behaving classically as a sock-puppet of the intruder,” says Makarov. More recently, he and his team engaged in a more brute-force approach, using lasers to drill holes in devices, destroying security protections, and leaving the system open to attacks.

Some computer scientists remain unconvinced that quantum cryptography will ever be widespread because of its high cost and difficulty to implement. That skepticism has led researchers to pursue “post-quantum cryptography,” which aims to identify which mathematical algorithms will fall to Shor’s algorithms and which can withstand quantum computers.

But Zhang maintains that QKD is the best way forward. “Some people say there may be loopholes in QKD because QKD is a theory, and to implement it you need practical devices, and there’s a gap between practical devices and ideal devices,” Zhang says. “But it’s much more secure than any classical algorithm.”

Also, the devices that make QKD possible are expensive, which means they are appealing to only a narrow range of uses, such as interbank transactions, says Zhang. The dream of a global quantum Internet—like ones that use Ling’s satellite-based technology—won’t be realized without a lot of money. Ultimately, quantum cryptography’s biggest challenge may not be technology or the limits of quantum mechanics, but the real-world costs. “What we need most is market demand,” says Makarov. “If a company has to sell a million of these systems, they will become cheaper and miniaturized.”


  1. ?
  2. ?
  3. ?
  4. ?
  5. ?
  6. ?
  7. ?

Online Impact

comments powered by Disqus
<tr id="UPyyYwe"><optgroup id="UPyyYwe"></optgroup></tr>
<acronym id="UPyyYwe"></acronym>
<acronym id="UPyyYwe"></acronym><acronym id="UPyyYwe"><optgroup id="UPyyYwe"></optgroup></acronym><rt id="UPyyYwe"><small id="UPyyYwe"></small></rt>
<acronym id="UPyyYwe"></acronym>
<acronym id="UPyyYwe"></acronym>
<acronym id="UPyyYwe"><optgroup id="UPyyYwe"></optgroup></acronym>
<acronym id="UPyyYwe"></acronym>
<tr id="UPyyYwe"></tr>
<rt id="UPyyYwe"><small id="UPyyYwe"></small></rt><acronym id="UPyyYwe"><optgroup id="UPyyYwe"></optgroup></acronym>
  • 595505886 2018-01-24
  • 26570885 2018-01-24
  • 724358884 2018-01-24
  • 649756883 2018-01-24
  • 550841882 2018-01-24
  • 436793881 2018-01-24
  • 99132880 2018-01-23
  • 802899879 2018-01-23
  • 295573878 2018-01-23
  • 352668877 2018-01-23
  • 984633876 2018-01-23
  • 545928875 2018-01-23
  • 976569874 2018-01-23
  • 871324873 2018-01-23
  • 263462872 2018-01-23
  • 577161871 2018-01-23
  • 255603870 2018-01-23
  • 117346869 2018-01-23
  • 90982868 2018-01-23
  • 663415867 2018-01-23