The pair of the future: Quantum cryptography and Cybersecurity
By Gavriil Leonidas Vagdatzoglou
While cryptography is everywhere in our digital lives, we hardly notice its existence. But actors that know how it works, they know how to exploit it too. Given the importance of the data, transferred every day, it is high time that we ensure the integrity of those data, from any aspirant intruder, even if it’s a governmental agency, a private company or a hacker group. Quantum cryptography will raise its shields against future attempts of intrusion or interception and will define cybersecurity in the next decades, but it still has a long way to become a viable and efficient project.
Cryptography is a tale as old as time. From Julius Caesar to the Enigma and from there to modern days, there was always the need to secure the integrity of transferred data from the sender to the recipient. Cryptography comes in different forms that evolved over time. We have created protocols that secure our data won’t travel through public channels for free consumption by everyone. While today’s most commonly used types of cryptography, like symmetric-key and asymmetric-key cryptography, and the protocols and cryptosystems that follow them are in general terms secure, tomorrow’s capabilities will render them obsolete. In this context, quantum cryptography and quantum computers are about to change the field, but there is a long way ahead. But first, we have to explain how quantum cryptography works, which are its properties and how it will be a key-factor for the future of cybersecurity, while at the same time we will point out its limits, at least for now.
To understand the strategic importance of quantum cryptography, a brief mention of symmetric and asymmetric-key cryptography is deemed necessary. Symmetric encryption is using the same key to encrypt and decrypt the plain text, the data that are being transferred, while in asymmetric encryption there is a different key that encrypts the message (a public key that anyone can see and use, like a bank account number) and another key to decrypt the message (a private key that only the receiver of the data possesses and allow him/her to decode the message) (Folger, 2016). There are some algorithms, like AES-256 (Advanced Encryption Standard), that is believed to be unbreakable but the problem arises right at those algorithms who is believed or foreseen that they can be broken with the use of quantum-computers, like the RSA algorithm. RSA (named after its founders, Rivest–Shamir–Adleman) is based upon factoring prime numbers, large prime numbers. While finding the result of the multiplication between 43 and 131 is easy (5633), to find the two numbers that were multiplied for this result is quite difficult; with larger numbers is impossible (Grobman, 2020). But that’s the point where quantum computers enter the equation.
Quantum computers are not yet built at a large scale. But their properties are going to be so useful for governments and companies that huge amounts of money are allocated to quantum computer research. The US government, the Chinese government, IBM, Intel, Microsoft, and Google are the biggest players right now in the quantum-computer field, pursuing the lead on who will build the strongest chip, or computer in order to be able to exploit it first. At the same time, EU, Russia and Japan are also emerging players, with the Europeans mainly focusing on the software and the applications that are going to operate in quantum computers (Grobman, 2020). As it is evident by its name, quantum computing is based on the properties of quantum physics which work very differently from traditional computers. While computers of today are using transistors and binary (bits) to encode the data, quantum computers are using qubits (Grobman, 2020). Their difference lies in the fact that bits can exist in two states, 0 and 1, while qubits, due to their properties of the subatomic particles, can exist in many states at the same time (Folger, 2016). This is exactly the reason why quantum computers are, and going to be, so powerful; they can execute many difficult calculations at the same time. An example of their power is Sycamore, a system developed by Google, that executed a calculation to confirm the randomness of a number in 3 minutes and 20 seconds while the most powerful computer so far would have needed 10000 years (Grobman, 2020).
The power of quantum computers in the future is that which poses a threat to today’s cryptography, since the very calculations that are impossible to be executed now, they will be a matter of seconds or minutes in the future with fully developed quantum computers. In 1994 the mathematician Peter Shor developed and algorithm for quantum computers that can factor the really large numbers that the RSA encryption is using for the protection of the Internet transactions, based on the fact that quantum computers can execute the calculations simultaneously (Folger, 2016). Nevertheless, even though RSA is vulnerable due to the fact that it is using symmetric and asymmetric-key cryptography with the factoring of prime numbers, other methods of cryptography are still resistant to quantum computers, such as the AES, due to its random generated strings of bits (Folger, 2016).
How does it work?
At this point is where the need for quantum cryptography has risen through the years and it became essential to be developed before quantum computers reach the level where they can render current cryptographic methods useless. The first idea of quantum cryptography came from Bennett and Brassard who invented the BB84 protocol for quantum cryptography and a second scheme was later introduced by Ekert. Quantum cryptography is based on the use of photons, light particles, that are being polarized and their polarization is what is being measured with detectors between the sender and the recipient and through them which have filters, the two people interacting are measuring the polarization of the photon which can be circular (left and right) or linear (horizontal or vertical) (Flam, 1991; Folger, 2016;). After that, they compare their notes of the polarization of individual photons and they can read the message. If an eavesdropper tries to intercept the photons and see the message, the other two parties exchanging the message will see that there’s a third party since he will disturb the transmitted photons and their state (Zhou and others, 2018; Folger, 2016). The promise of unconditional security of quantum cryptography lies exactly on the point that the eavesdropper will be detected, as it is statistically proven in the paper of Zhou and others (2018) with a probability of almost 100% in an increasing number of transmitted photons. The Quantum Key Distribution protocol (QKD) is the most complete so far.
Even though quantum cryptography supports that it’s completely tamper-proof, there is a loophole which poses problems to its security. In 2010, Makarov, a quantum hacking expert managed with his team to intercept a message by blinding the one’s part photons and sending whatever he wanted to the other part (Ornes, 2017). Even though that’s the only big breach against quantum cryptography, it points out that a protocol may be unbreakable but there are other ways to affect it. Another big limitation which so far hasn’t been overcome is distance. There are some networks that work in a distance of 110 kilometers or even at 400 kilometers with the use of resenders of the quantum signal but since the cost of the equipment to build a quantum network at this point is high, and the equipment itself is not easy to move, there hasn’t been wide use of it since it is still evolving. There are also some protective measures taken for the nodes that will enable the transmission of signals at further distances but they are still a work in progress (Folger, 2016).
A Quantum future
The importance of quantum cryptography lies at the level of protection that is going to be necessary when a quantum computer reaches the level of full functionality and is able to handle extremely large amounts of data and calculations in unprecedented time. While countries are putting more effort on the process of building first a quantum computer, which will be useful not only for research purposes but for intelligence and military too, smaller states and citizens need to be secure against such a development. If a quantum computer can break the cryptographic protocol of bank transfer transactions or decode data that are acquired now but will have a future use, the affected parts need to be safe. Hence, quantum cryptography can’t wait for the existence of a quantum computer in order to be developed and operational but rather it needs to be already there. Given the fact that the development of a quantum computer will need at least a decade or more, there’s still time to catch up with the problems of tomorrow that need to be dealt with today. NIST (National Institute of Standards and Technology) is putting a great effort to gather the best quantum-resistant algorithms around the world in order to make sure that there will be the most secure protocols in action even before quantum computer attacks are possible. Quantum cryptography protects from traditional computer attacks as well and it is definitely the best way forward for the security of the internet and cyberspace both for governmental agencies and citizens. If something is missing right now is greater funding for quantum research, but not only for the development of computer but for the development and implementation of quantum cryptographic protocols that will provide the necessary security to all uses of the internet. Governments should work alongside leading private companies on that, given how much cyberspace affects our lives and cybersecurity has become a great concern for everyone.
The views expressed in this article are the author’s own, and may not reflect the opinions of the Sciences Po Cybersecurity Association.
Flam, F. (1991), ‘Quantum Cryptography’s Only Certainty: Secrecy’. Science, 253(5022), pp.858–858. DOI:10.1126/science.253.5022.858
Folger, T. (2016), ‘The Quantum Hack. Scientific American’, 314(2), pp.48–55. DOI:10.1038/scientificamerican0216-48
Grobman, S. (2020), ‘Quantum Computing’s Cyber-Threat to National Security. PRISM, 2020, Vol. 9, No. 1 (2020), pp. 52-67
Ornes, S. (2017), ‘Code wars’. Proceedings of the National Academy of Sciences of the United States of America, Vol. 114, No. 11 (March 14, 2017), pp. 2784-2787
Zhou, T. and others, (2018), ‘Quantum Cryptography for the Future Internet and the Security Analysis’. Hindawi, Security and Communication Networks. Volume 2018, Accessible at: https://doi.org/10.1155/2018/8214619