# Data Encryption Goes Quantum

ICFO scientists search for new form of cryptography.

Cryptography is the field that studies how to design methods for the exchange of private information in a secure way. The discipline has a long tradition, as ancient civilizations were always interested in how to design methods to encrypt messages, often for defense purposes.

Nowadays, the problem of securing information transmission has gained much more relevance in the information society, where there is a constant flow of critical information over communication networks, usually through optical fibers.

In recent years, quantum physics has emerged as a new player in the field with the advent of quantum cryptography. The main goal of quantum cryptography is to design protocols for information transmission where security is based on quantum physical laws.

It represents one of most promising applications of quantum information science, an interdisciplinary field combining engineering, optics, computer science, mathematics, and physics that looks for novel forms of information processing and communication based on quantum physics.

Quantum cryptography is one of the applications of quantum information technologies, but not the only one. For instance, more powerful computers and simulators, or sensing devices with higher sensitivity, become possible when exploiting quantum effects.

The AXA Chair Program in Quantum Information Science that the Institute of Photonic Sciences (ICFO) in Spain was recently awarded is an ambitious research program devoted to the development of quantum information technologies. The AXA Research Fund supports ICFO’s vision that a second quantum revolution is now taking place on information technologies. The fund will support five successive 5-year chairs devoted to quantum technologies.

We have been awarded the first of these chairs to develop device-independent quantum cryptography protocols.

Any form of cryptography, quantum or otherwise, is always based on assumptions, as there is no way of securing any information transmission from scratch. The schemes currently used to secure our information transmissions are based on computational security.

Two honest users, usually called Alice and Bob, run a protocol to secure their information transmissions, say through an optical fiber. In order to break the protocol and read the private information, the eavesdropper, known as Eve, has to solve a computational problem that is believed to be difficult.

To make things concrete, consider the RSA protocol (RSA stands for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman). RSA is the most-used cryptographic protocol today. It is designed in such a way that any eavesdropper willing to break it has to factorize a big number N; the eavesdropper has to find two numbers, p and q, such that their product is equal to N, or p×q=N.

However, at present we don’t know of any efficient algorithm to factorize numbers. This means that Alice and Bob, by choosing a big enough number N, can make Eve’s job extremely demanding. With the presently known algorithms, Eve would need a computer much more powerful than any existing supercomputer. Thus, under the assumption that Eve’s computational capabilities are bounded, the protocol is secure, hence the term computational security.

Computational security is simple to implement and satisfactory for many applications but it has some drawbacks. First, there is no proof that there exist difficult problems whose solution needs an incredibly growing amount of computational resources. For instance, if researchers published an efficient algorithm for factorization tomorrow, the security of RSA would break down immediately.

The existence of such an algorithm is believed to be impossible, but this is only based on the fact that researchers have tried for decades to find one with no success. There is a potential risk because there is no mathematical proof of the non-existence of this algorithm.

Second, the advent of quantum computers may modify the complexity of problems. In particular, factoring is an easy problem for a quantum computer. This means that an eavesdropper equipped with a quantum computer, a device that is believed not to exist at the moment only because of technological limitations, would be able to hack most of our private information transmissions.

Quantum cryptography protocols provide a different form of security: physical security. The honest users run a protocol in which information is encoded on quantum particles, such as photons, the quanta of light. When the protocol is correctly implemented, the eavesdropper can hack it only by violating the laws of quantum physics. The protocols are successfully tested daily in experimental labs around the world.

Several companies sell quantum cryptography products. Some years ago, however, several successful quantum hacking attacks on these products were reported. Did the hackers break the physical security? Did they violate the laws of quantum physics?

The answer to these questions is of course negative. The hackers did not break the principle of quantum cryptography, nor did they prove quantum physics to be wrong, but they did break the optical implementation.

To guarantee security, the implementation has to perfectly match the theoretical conditions under which security proofs are derived. But in the case of standard quantum cryptography protocols, security proofs require an exact modeling of the devices. For instance they require the exact preparation of specific quantum states and measurements.

Now, if these states and measurements, essential for the theoretical security proof, are not precisely replicated in practice, the implementation cannot be guaranteed to be secure. While physical security is appealing, the security of a protocol eventually relies on real physical devices, such as lasers or single-photon detectors. These are very hard, if not impossible, to completely characterize, and this opens new challenges and security loopholes for the implementation.

This brings up another relevant issue in cryptography, both classical and quantum: the need of trust. When buying a cryptographic product from a provider, the user trusts him or her and assumes that the product functions as required. In the case of quantum cryptography, the user assumes that the devices implement the quantum steps needed for security.

More generally, trusting the devices may be a strong assumption, as exemplified by the secret documents from the US National Security Agency (NSA) leaked in the Snowden affair. The documents released by former NSA contractor Edward Snowden reveal hundreds of different ways the NSA accessed protected information. In the majority of cases, the NSA did not attack the mathematical security of the underlying cryptography, but relied instead on implementation weaknesses, hardware implants, and backdoors.

It is therefore desirable to design new methods for cryptography where the user (i) does not need to trust the provider and (ii) can certify the correct functioning of the devices and, therefore, be confident that the cryptographic implementation is secure.

In recent years, a new paradigm has emerged for the design of quantum cryptographic protocols, known as device-independent. In the device-independent scenario, security proofs do not make any assumption on the inner working of the devices used in the implementation. These devices can be seen as quantum black boxes.

The protocols are based on the correlations observed between the results obtained when measuring entangled quantum particles, such as entangled photons. These correlations are intrinsically quantum and random because they cannot be explained by classical and deterministic models.

The device-independent property of the protocols makes them appealing to solve the previous issues. They do not require any modeling of the inner working of the devices used in the implementation.

Furthermore:

- There is no mismatch between theoretical security proofs and implementation, which makes the protocols robust against existing hacking attacks.
- The user does not need to trust that the provider has perfectly prepared the devices.
- The user can certify their correct functioning.

The first AXA Chair in Quantum Information Science has been funded for €1.7 million and will be devoted to the development of device-independent quantum information technologies and their implementation using quantum optical technologies.

We expect it will move quantum cryptographic protocols to a stronger form of quantum physical security in which today’s quantum hacking attacks become impossible, and the user is able to certify the correct functioning of the devices without putting any trust on the provider. .

Antonio Acín has pioneered an approach to quantum cryptography that closes a security loophole with current communication devices by allowing the user to independently confirm the functioning and security of the device.

Currently, a user must take it on faith that a manufacturer was able to create quantum particles with the needed qualities.

He compares the phenomenon of so-called “quantum entanglement” to a pair of correlated dice. The result of rolling one die is, indeed, random, but the second always adapts to show the same result as the first.

Two entangled quantum particles, one on either end of a secured transmission, behave like these dice.

“This correlation is what we could test ourselves,” Acín explains. “Once we’ve satisfied the test, we know it’s secure. That’s because quantum physics guarantees our results are random.”

Read more from the Institute of Photonic Sciences.

**–Antonio Acín **is the Catalan Institution for Research and Advanced Studies (ICREA) Professor at the Institute of Photonic Sciences (Spain) where he leads the Quantum Information Theory group and studies quantum cryptography protocols that ensure data privacy. He has a PhD in theoretical physics from Universitat de Barcelona.

Quantum theory has fundamentally changed our understanding of how light and matter behave at extremely small scales.

The ability to manipulate quantum effects in customized systems and materials is paving the way for a second quantum revolution, leading to devices with superior performance and capabilities for sensing, measuring, and imaging and for communication, simulation, and computing.

Quantum technologies ultimately are expected to address grand challenges in such fields as energy, health, security, and the environment.

Some are already starting to be commercially exploited. Others may still require years of careful research and development. Yet others we cannot even imagine today.

Future markets for quantum technologies are estimated to be quite sizable. For example, by 2020, quantum communication could serve a market sized at more than €1 billion, with a steep estimated growth rate of 20% per year. Near-term technologies could be available within five years, notably for sensing, metrology, imaging, and communication. Otherwise the anticipated time frame is 10 to 15 years and beyond.

-Source: European Commission

- Have a question or comment about this article? Write to us at spieprofessional@spie.org.
- To receive a print copy of SPIE Professional, the SPIE member magazine, become an SPIE member.