Cryptography encodes sensitive information so that only authorized users can decode it. Existing coding methods convert information using a shared key (a sequence of bits) that specifies the conversion details. When communicating partners wish to generate a key for secure communication, they exchange information over a public channel, but in a form difficult for an eavesdropper attempting to extract the key. Current key generation protocols rely on mathematical complexity to achieve this capability. With an accelerating pace of development in quantum computing, such encryption methods are a risk -- quantum computers solve mathematically complex problems much faster compared to conventional computers.
For example, the ubiquitous RSA encryption scheme is rendered insecure by employing a quantum-factorization algorithm. Consequently, data that requires long-term security needs to be encrypted in a quantum-secure manner so that they cannot be intercepted today and decrypted tomorrow by a future quantum computer. Quantum Key Distribution and Post-Quantum Cryptography provide schemes that are resilient against this threat posed by quantum computers.
Currently, a popular encryption method called the Advanced Encryption Standard-Galois Counter Mode (AES-GCM) is the standard proposed by NIST for two parties to code and decode messages using a shared secret key (i.e. the key is symmetric). To establish this key, the parties follow a key exchange protocol e.g. the Transport Layer Security (TLS) handshake. This process uses an asymmetric key pair, consisting of mathematically-linked private and public keys.
One party “signs-off” her transmission with her private key, while the other party mathematically verifies the signature using the public key. Security is based on the difficulty of solving mathematical problems, e.g. factorizing large prime numbers in the RSA protocol. However, a quantum computer will break all existing public key exchange methods -- an adversary deploying Shor’s quantum-factorization algorithm will solve this type of mathematical problem exponentially faster than a classical computer.
AES-GCM variants, operating with key sizes at less than 128-bits or less, will also be compromised by the quantum Grover’s search algorithm, which provides a quadratic speed up when searching through all possible keys for deciphering an encrypted message. Fortunately, this threat can be countered by extending the key length to 256 bits, increasing the search time to an impractical extent, even for a quantum computer.
Similarly, hash functions producing 256-bit outputs, widely-used for fingerprinting data, are not expected to be broken by this attack. However, one has to assume that a quantum-attack more efficient than Grover’s search does not exist.
In response to the quantum computing threat posed to existing cryptographic techniques, two approaches have been developed: Post Quantum Cryptography (PQC) and Quantum Key Distribution (QKD). PQC are mathematically complex algorithms resistant to quantum computing attacks.
A suitable PQC public key exchange standard has yet to be established. Potential candidates are currently being reviewed by the National Institute of Standards and Technology (NIST). Quantum Key Distribution has now begun to see commercial adoption. The security of the key material is based on the laws of quantum physics, rather than mathematical complexity, and is therefore quantum-safe.
|Cryptographic Algorithm||Type||Purpose||Quantum Safe?|
|RSA, ECDSA||Asymmetric||Key Establishment, Signatures||No|
|AES-GCM||Symmetric||Encryption||Larger Key Sizes Needed|
|SHA-3||-||Hash Function||Larger Output Needed|
|Post Quantum Cryptography||Public||Encryption, Key Establishment, Signatures||Yes|
|Quantum Key Distribution||Symmetric||Key Generation||Yes|
Quantum Key Distribution is the generation and distribution of cryptographic keys secured by quantum physics. Information required to generate the keys are encoded in the properties of photons, which can be distributed over long distances via an optical link.
Quantum Key Distribution security leverages on quantum physics, which specifies that an unknown photon state cannot be measured or copied without altering the original state -- an eavesdropper inadvertently reveals her presence as she introduces a detectable, irreversible error.
S-Fifteen Instruments Quantum Key Distribution system implements the BBM92 protocol which exhibits fewer vulnerabilities compared to systems running the more common BB84 protocol. We use entangled photon pairs for distributing quantum states -- a single photon of the pair for each party across an optical link. Although each photon of the pair is correlated through quantum entanglement, their individual states are inherently random.
This inherent randomness is achieved without active optical components commonly found in prepare-and-measure protocols. The inclusion of active elements, e.g. phase modulators, has been shown to potentially leak information and require countermeasures whose implementation increases system complexity, and requires additional security verification. Our implementation uses exclusively passive components, which simplifies auditing our system for vulnerabilities.
A notable aspect of the BBM92 protocol we have adopted is the direct use of quantum randomness. We do not need to rely on a separate random number generator for controlling the active elements in our hardware -- such devices typically require their own security certification. We rely instead on the intrinsic unpredictability of the polarization of our photons (when prepared in an entangled state), and the path chosen when passing through a 50:50 beam-splitter, for our sources of quantum randomness.
Quantum randomness has the advantage of being intrinsically unpredictable and fundamentally inaccessible to any external party.
Any cryptographic system needs to prove its resilience against attacks. We actively investigate potential vulnerabilities in our implementation and develop countermeasures to improve security. In the past we have looked into the timing information exchanged between communicating parties as a side channel from which the attacker could collect a large amount of information about the key. This vulnerability is neutralized in our current QKD implementation by randomizing photon emission times using a free-running entangled photon source.
Currently, we are investigating detector-blinding attacks as part of a comprehensive vulnerability study. We have found, in agreement with previous studies in other QKD systems, that avalanche photodiode detectors deployed in our QKD system can be vulnerable to control by an adversary using bright light pulses. We are developing a robust countermeasure that allows the detection of such an attack.
Work with us to make your organization quantum-safe.