Secure Communication Now and Forever
Quantum cryptography for the consumer
Valuable information, personal information, secret information—each is transmitted all around you, all the time. To prevent that information from reaching thieves, spies, and terrorists, it is encrypted, with the intent of rendering it indecipherable to everyone except its intended recipient. And encryption, or more generally, cryptography—the science of encoding information—stands on the verge of a technological revolution.
Encryption usually involves one or more secret keys—numbers used in some mathematical operation to protect the sensitive information. For example, suppose the message to be sent is the number 4, the key is the number 3, and the encryption scheme is simple multiplication. Then the encrypted message is 12 (because 4 x 3 = 12). The receiver would divide the transmitted number, 12, by the key, 3, to recover the original number, 4. In a more realistic application, the key could be hundreds of digits long and use an algorithm much more sophisticated than simple multiplication. Either way, without the key, you can't unlock the information.
But what if you could calculate the key? Perhaps you could use an algorithm to test lots of different numbers until you hone in on the right one. This is indeed possible. The security of conventional encryption relies on the mathematical difficulty, not the impossibility, of calculating the key. An encryption scheme might be considered secure if the fastest computers in existence today would take decades, say, to break it. The point is, it can be broken. It's just a matter of time until the available computing power becomes sufficient. "You're betting against technology," says Los Alamos physicist and quantum communications team member Raymond Newell. "That's not a safe bet."
Fortunately, practical quantum cryptography, which includes encryption schemes that neither today's computers nor future computers can defeat, has arrived. Building on 17 years of basic and applied research and a long string of experimental breakthroughs, Los Alamos scientists Jane Nordholt, Richard Hughes, Raymond Newell, and Glen Peterson have designed and built a handheld quantum cryptography system for the consumer. The system creates and shares, on demand, an encryption key between a sender and receiver. It then uses a transmission protocol based on quantum physics to ensure that the key can never be harmfully intercepted. And unlike a classical key, a quantum key cannot be revealed through calculation. This technology is currently being offered for license to the private sector to be used for everyone's benefit, making encrypted transmissions secure into the future.
"Why this is safe," or "Whether this is safe"? Conventionally encrypted transmissions rely on mathematical complexity: with current computing technology, it could take decades to break these codes. But they can be broken.
The Los Alamos team based its work on the BB84 protocol, first published in 1984 by Charles Bennett and Gilles Brassard. It uses the inherent randomness of quantum measurements to piggyback information on a beam of light. To appreciate the BB84 method, it is important to know a little about quantum physics.
Quantum physics is often thought of as the science of the very small. It deals with individual particles, like electrons or photons (particles of light). Unlike classical (nonquantum) physics, quantum physics is intrinsically probabilistic, meaning that, in general, the outcome of any one measurement cannot be definitively predicted. The best you can do is predict the probabilities associated with different possible outcomes. If you measure the same type of particle in the same way 100 times, and you get the same outcome in 30 of those measurements, then the probability of that outcome is evidently around 30 percent. That probability can be calculated in advance, but the result of any individual measurement cannot.
The Los Alamos quantum communications team rests easy, knowing that their inventions will protect consumers' personal information. (From the left: Raymond Newell, Glen Peterson, Jane Nordholt, and Richard Hughes.)
The inherent unpredictability of quantum measure- ments provides a benefit for secure communications because it makes each quantum key unpredictable. If a classical key and its associated algorithm were to somehow get into enemy hands, that enemy could run the algorithm backward to acquire the keys used in the past, and forward to compute future keys. But if a quantum key were ever compromised, it would be no help in generating other keys.
The BB84 protocol is most often implemented by measuring the polarization of individual photons. Because light is an electromagnetic wave, photons have an intrinsic orientation, like the poles of a magnet. That direction osscilate along a particular axis. A classical polarization experiment might seek to determine along which axis a beam of light is polarized. But in a quantum measurement—one photon at a time—the best you can do is choose an axis, make your measurement, and get an answer of "yes" (the photon is polarized along the axis you chose) or "no" (it's polarized perpendicular to your axis). Quantum polarization measurements admit no middle ground.
For example, suppose you have a vertically polarized photon. (This means that its electrical orientation alternately points up and down as the light travels forward.) You measure its polarization along a particular axis. A vertical axis measurement like | would come back "yes." A horizontal axis measurement like — would come back "no." But a diagonal axis tipped like / could come back "yes" or "no" with different probabilities. If the axis is tipped 45 degrees, the probabilities are 50/50, so half of these measurements would be "yes" and the other half "no." But quantum measurements have the additional property of changing the object being measured. If your diagonal polarization experiment returns "yes," then that photon's polarization changes to / ; it's no longer vertical. If you get "no," the polarization is now exactly opposite, 45 degrees the other way, like \ . Either way, the act of measurement altered the photon's polarization.
This behavior of quantum measurements plays a critical role in quantum cryptography, and it is completely different from classical measurements. For example, if you're driving a "quantum car" past a police officer who measures your speed with a radar gun, that measurement would return a random (probabilistic) value. If it happens to read 90 mph, then your car would suddenly jump to 90 mph! For cryptography, this quantum behavior is valuable because measurements made by an unauthorized individual will randomly change the original transmission, just as the radar measurement changed your speed. The sender and receiver, upon comparing notes, will be able to tell if the transmission is being tampered with before any sensitive information is sent.
Agree on the Key
A key is used by the sender to encode a message, and again by the receiver to decode it. The first transmission, therefore, establishes a key (or two related keys) that both sender and receiver must agree upon. Then, if the key is proven to be secure, it is used to encode the message, and the encoded message is sent.
The quantum key distribution hardware engineered at Los Alamos sits beside a thoroughly nonquantum key, shown for scale.
Imagine a sender named Alice and a receiver named Bob. To establish a key, Alice first prepares a series of specially polarized photons to send to Bob. To do this, she considers two possible sets of orientations: either horizontal and vertical (+) or positive and negative 45-degree diagonals (X). She also assigns bit values for each orientation; perhaps horizontal is 0 while vertical is 1, and diagonally leaning left is 0 while diagonally leaning right is 1. (These bit assignments are not secret, and Bob will need to use them too.) As Alice generates each photon, she randomly selects an orientation and bit value. This creates a series of polarized photons with orientations, for example,— / / \ | , and corresponding bit values 01101. Then she waits to hear from Bob.
Bob randomly chooses a measurement orientation (+ or x) for each incoming photon and converts his results to binary bit values in the same way that Alice did. Now Alice and Bob openly contact each other to compare the orientations they chose, but not their actual bit values. Suppose five photons were sent. If Alice and Bob selected different orientations on photons 2 and 5, then Bob had a 50/50 chance of matching Alice for each of those two bits. In this way, quantum randomness prohibits any meaningful connection between Alice's bits and Bob's bits, so both people cross out bits 2 and 5. They keep the remaining bits—1, 3, and 4—as their quantum key. Without having to directly compare these bit values, both people know that the values are the same (if Alice has 010 then Bob must also have 010) because Bob measured the polarizations with respect to the same orientation that Alice chose.
If spies intercept the key transmission, they won't know which bits to throw away unless they also intercept the measurement orientation comparison between Alice and Bob. But assuming they do that, their own measurements will have changed the photons' polarizations, so Bob will end up with different results, like 110. Now Alice and Bob can compare their keys without revealing them. For example, they might add the digits and compare those sums. Alice gets 1 (that's 0+1+0) and Bob gets 2 (that's 1+1+0). Because they disagree, they conclude that someone must be spying on them and throw the key away. Since they haven't sent the actual message yet, the spies never see any sensitive information. (In a real application, the original transmission would be much longer than five photons, and the key would be much longer than three digits. In addition, the sender and receiver can perform verifications much more sophisticated than simply adding all the digits.)
All of this can be accomplished with communications networks that are already in place. All that is required is an optical transmission medium for the polarized photons—either open-air (like satellite to ground) or fiber-optic cables. In the event that an eavesdropper tampers with their polarized photons, Alice and Bob could agree to switch to a different, untapped connection, such as a different fiber-optic path between them. Moreover, Alice and Bob don't need any training; an electronic device at each end can do all the polarization measurements and the bit comparisons automatically.
Bear in mind, however, that quantum cryptography only protects transmissions. Alice and Bob can still be tricked or coerced, and their equipment can still be hacked or stolen. So conventional safeguards like passwords are still important. What Los Alamos's new technology ensures is that secret keys can no longer be intercepted during transmission without being detected.
The new Los Alamos hardware (shown above) employs a laser together with variable-direction polarization components to establish a secret key between sender and receiver. The key could be used to encrypt (and later decrypt) a message sent by any means—over the Internet, phone, satellite, or even carrier pigeon. That is, only the key generation requires a quantum channel—photons, polarizations, and fiber optics. Once the key is established, the encrypted information can be sent by any available means, including wireless.
The QKarD uses a dock with a fiber-optic connection to produce quantum keys by transmitting polarized photons. The card itself can then store those keys securely and portably, so that a key is ready whenever or wherever the next secure communication is needed. This picture is just a concept, not a prototype.
Nordholt, Hughes, and their team have invented, as a proof of concept, a new technology they call QKarD. (The capitalized letters stand for quantum key distribution.) QKarD is a small, handheld smart card that can supply quantum keys for a variety of uses. When the card is docked in its charging station with a fiber-optic network, it automatically establishes the next thousand or so keys it will need and stores them in secure memory. The card can then be undocked and carried around by its owner.
Because quantum keys must be established between a sender and receiver, and the QKarD doesn't know who the next receiver will be while it is docked, an external server is needed to manage all transmissions. This server would reside with a trusted private or government agency. A docked QKarD establishes keys between itself and this agency.
When the QKarD owner wants to send a secure transmission—for example, to transmit her credit card number to an online bookstore—she connects the QKarD to a computer or other mobile device. Her credit card number is encrypted with the next available quantum key on the QKarD, and the transmission is sent to the bookstore. The bookstore notifies the trusted agency that the transmission occurred but does not share the encrypted credit card number with that agency.
The bookstore uses QKarD technology just as the consumer does, so it has its own quantum keys already established with the same trusted agency. At the time of purchase, the agency tells the online bookstore which bits to flip (from 0 to 1 or vice versa) to transform the bookstore's next available quantum key into the same quantum key from the buyer's QKarD. In this way, a common quantum key is established between the buyer and seller with the help of the trusted agency, but without the buyer needing a fiber-optic connection at the time of the purchase.
This QKarD system is completely mobile, apart from the need to be docked from time to time to acquire quantum keys while charging. Therefore it could serve all wireless transmissions—laptop computing, cell phone calls, e-commerce, and so forth. For example, QKarD technology could be integrated into a future generation of smart phones. Every transmission from every app would be secure.
The Los Alamos team has also created a second prototype system for enhanced security and privacy. Known as quantum enabled security (QES), it is both a device and a communications protocol. It uses QKarD keys to hide data transmissions from potential eavesdroppers.
Some networks that provide fiber-optic lines to homes, for example, employ 32 wavelengths simultaneously to 32 homes. The receiving electronics system in each home is programmed to pay attention to just one particular wavelength and ignore the other 31. So everyone's data also goes into 31 other homes. But the QES system uses a secure quantum key to obscure every message in both wavelength and time. Messages are scrambled with different bits hopping among different wavelengths at different moments. Only the authorized receiver's hardware, which has the key, knows how to unscramble the hopping and pay attention to only the right wavelengths at the right moments, to pick up every 0 and 1. This is known as physical-layer security—the most robust kind—because one needs to physically select the right bits to acquire the hidden, encrypted message. While other security schemes allow eavesdroppers to record encrypted messages, eavesdroppers on a QES system can't even identify which bits contain the encrypted message.
The QES technology is limited by the distance a single photon can travel through fiber-optic cables without its polarization degrading. That distance is at least 140 kilometers (87 miles), meaning that hardware needs to be placed at stations no more than 140 kilometers apart. (It is possible to break a 280-kilometer transmission, for example, into two 140-kilometer transmissions that each have their own key.) Until such hardware is set up throughout the country or the world, QES is ideal for more localized security, such as between buildings on the same campus, industrial site, neighborhood, or metropolitan center. It is also well suited for securing information within isolated entities, such as U.S. embassies abroad or national security facilities like Los Alamos National Laboratory.
Perhaps the greatest benefit of the new QKarD and QES technologies is that they are future proof. New mathematical techniques and new computers—even future quantum computers—will not be able to crack their codes because of the probabilistic manner in which they establish quantum keys between sender and receiver. Unlike a classical key that is generated by a mathematical algorithm, a quantum key is naturally random and therefore cannot be calculated.
Both QKarD and QES have been offered for license, with some of the biggest telecommunications companies and others expressing interest. And no wonder: they'll be able to offer their clients complete protection, security, and privacy, which will be forever guaranteed by the laws of physics.
— Craig Tyler
In this issue...
- Wandering Worlds
THE MYSTERIOUS PLANETARY SYSTEMS AROUND OTHER STARS
- Secure Communication Now and Forever
QUANTUM ENCRYPTION FOR THE CONSUMER
- A Chance to Save Lives
A NEW VACCINE STRATEGY TO PROTECT AGAINST HIV/AIDS
- Global Security
THE GROWING CHALLENGE
BOUNDING THE OIL SPILL
DO THE TIME WARP
WARMING OCEANS, SHRINKING ICE