- Email: [email protected]
The Impact of Quantum Computing on Cryptography
feature
The Impact of Quantum Computing on Cryptography Marie A. Wright The strength of our current encryption systems is based on cryptographic keys and complex mathematical algorithms. Using a sufficiently long cryptographic key, a mathematical algorithm transforms plaintext into ciphertext in such a way as to make it computationally infeasible for a cryptanalyst to determine either the enciphered message or the underlying key. An implicit assumption is that computer technology, as we know it, is used throughout this process. But what if a different type of computer — one based on quantum physics rather than classical mechanics — was used? This article explores the impact of quantum computing on cryptography. Quantum computing is an application of quantum theory in which the behaviours of subatomic particles are used to perform computations. In order to better understand the nature of quantum computing, the article begins with an overview of three quantum theory concepts: superposition, entanglement, and the measurement problem. The article then compares conventional computer operations with those of quantum computing. Next, the effects of quantum computing on key distribution and factoring are explored. The article concludes with a look at the challenges of, and our progress toward, quantum computing.
Superposition Unlike classical physics, which treats light strictly as waves and matter only as particles, quantum theory describes light and matter as both waves and particles[2]. Each particle of light (photon) carries energy and momentum. In a renowned experiment, light from a single source was passed through two slits, creating an interference pattern on a screen[1]. Even when the light source emitted only one photon at a time, the interference patterns appeared. In the realm of quantum theory, each photon travelled both paths at the same time, enabling a particle to exist in two places simultaneously. This phenomenon is referred to as superposition.
Quantum theory
Entanglement and the Measurement Problem
Quantum theory describes the principles underlying the laws of nature[1], and it can be used to predict the behaviour of any physical, chemical, or biological system[2]. However, explaining the behaviour of the everyday world with quantum theory tends to be too complicated to be practical[2]. Quantum theory describes the behaviour of the universe on a very small scale — that of atoms and smaller particles. Its phenomena often appear inexplicable, and its concepts are abstruse.
One of the most unusual concepts in quantum theory deals with the effect of measurement on a system. Prior to measurement, particle characteristics do not have definite values; the particle does not exist in an exact location, and its characteristics are described as fuzzy probabilities by a wave function. However, once a particle is measured, its characteristics become fixed at specific values, effectively collapsing the particle’s wave function[2]. The act of measuring a particle, therefore, affects the particle and disturbs the state of the quantum system.
In 1997, Austrian researchers performed an experiment, similar to a hypothetical one devised in the 1930s, to demonstrate the complications of quantum system measurement. The system contained two particles with opposite values of spin (rotational direction). By setting the total spin of the system to zero, the researchers knew that the two particles had opposite spins, and that total spin could be measured without directly measuring the spin of either particle[2]. The two particles, called an entangled pair, were sent off in opposite directions until they were far apart from each other. The spin of one particle was measured, fixing its value. Instantaneously, the spin of the other particle became known and fixed. No longer a fuzzy probability, its spin had to be the opposite of the other particle so that the spins of the two particles added to zero[2].
Classical computing v Quantum computing Today’s computers are based on a foundation of binary digits, with data encoded as a string of bits within electronic circuitry. Each bit must be either a zero or a one; it cannot exist as both at the same time. The bit has been the fundamental computational unit of data throughout the history of computing. Despite obvious technological advances, computers today operate on the same basic principle as the mechanical devices invented by Charles Babbage in the late 1800s and later formalized by Alan Turing[1]: one state (e.g. off or on) is represented by one number (e.g. 0 or 1). Quantum computing uses principles for representing and processing data that are not possible within a conventional framework. Perhaps the most dramatic difference between classical and quantum computing lies in the way that data are encoded. Quantum computing does not represent data as bits. Instead, it uses quantum bits (qubits) to represent data as subatomic particles. For example, two orbits of an electron in an atom could be used to represent a qubit[1]. Each qubit
13
feature represents both zero and one simultaneously, and therefore exists in multiples states at the same time. This property, known as superposition, establishes a different approach to computing. A quantum computer operates on all qubit values simultaneously; a capability known as quantum parallelism. The computational speed of a quantum computer increases exponentially with the number of qubits, so that an n-qubit quantum computer can compute 2n values at once. This extraordinary speed is attributed to the entangled state in which a quantum computer operates. Entanglement refers to the relationships that exist between the superpositions of qubits. These relationships are unlike any that exist in classical computing. Quantum states contain quantum correlations, and they are responsible for the exponential nature of quantum parallelism[1]. In 1998, Isaac Chuang of IBM’s Almaden Research Center (San Jose, California, USA) and Neil Gershenfeld of the Massachusetts Institute of Technology (Cambridge, Massachusetts, USA) built a two-qubit quantum computer that implemented a search algorithm developed by Lov Grover[3] (AT&T Bell Laboratories, New Jersey, USA). The computer, which used the nuclei of a hydrogen atom and a carbon atom in a chloroform molecule, was able to find the correct answer from four possible choices. Admittedly, the task was trivial. A conventional computer would have sequentially analyzed each of the four possibilities and, on average, would have found the correct answer in 2.25 tries. However, the quantum computer analyzed all four possibilities at the same time, identifying the correct answer in a single step[4].
Quantum Computing and Key Distribution One of the more challenging aspects of secure communication deals with the key distribution problem: how should a secret key be exchanged between two parties
14
who wish to communicate when only an insecure channel exists between them? Several methods have been devised, but none guarantee complete security. Quantum key distribution is different. It uses the quantum properties of light particles (photons), rather than computational complexity or physical barriers to interception[5], to securely exchange a random secret key over an untrusted channel. The following protocol demonstrates how this is done. • Person A generates a random sequence of zeroes and ones, a subset of which will become the shared secret key[1]. • Person A then sends Person B one photon for each value in the sequence. Each photon can be in one of four polarizations: horizontal, vertical, or one of two diagonals. The polarization that a photon will have is determined randomly. Person A (the sender) establishes the meaning of the polarization. For example, a 0 might be represented by a photon that is polarized horizontally, while a 1 would be represented by one polarized vertically[6]. Or a 0 could be represented by a photon with –45-polarization, while a 1 would be represented by a photon with +45polarization. • Person B randomly sets the receiver for each photon, so that the receiver can distinguish between vertical and horizontal polarizations, or between one of the two diagonal polarizations[6]. The configuration chosen by Person B will match the configuration used by Person A about half of the time. When the configurations match, Person B’s result corresponds to what Person A transmitted[1]. If the configurations do not match, the receiver cannot correctly determine the polarization of a photon. Furthermore, because of the measurement problem inherent in quantum theory, there is no second chance to determine a photon’s polarization; just trying to determine the polarization destroys it[6]. • Using a public channel (e.g. E-mail or telephone), Person B informs Person
A of the receiver’s configuration for each photon received. The state of each photon received is not disclosed. • Person A tells Person B which times the receiver was set correctly[6], without disclosing the state of each photon transmitted. • The shared secret key consists of the bits whose configurations match. In addition to establishing secure key exchange, quantum key distribution defends against eavesdropping. If an intruder measures the photons during transmission, their polarizations will be changed. This will cause both Person A and Person B to have different values for their secret keys. As a check for eavesdropping, Persons A and B can compare
“One of the more challenging aspects of secure communication deals with the key distribution problem” some random bits of their key. If the bits match, they can be confident that no eavesdropper was present, and they can use the rest of the key to communicate privately[1]. If the bits do not match, they can assume that an intruder eavesdropped during the key exchange process, and the protocol should be repeated.
Quantum Computing and Factoring Factoring is the hard problem upon which robust public key cryptographic systems are based. In schemes such as the RSA algorithm, the public encryption key and the private decryption key are mathematically related, but it is computationally infeasible to calculate one from the other without knowing the underlying prime factors. Despite considerable research in mathematical algorithms, no efficient classical factoring algorithm is known[7]. However, a quantum algorithm has been developed that can find the prime factors of an integer in polynomial time (an amount of time that increases with
feature the cube of the number of digits in an integer) rather than exponential time. Known as Shor’s algorithm[8], it uses quantum parallelism and entanglement to simultaneously compute all of the values of a certain function. Furthermore, it accomplishes this task significantly faster than any conventional computer could[9]. The development of this algorithm was significant because it theoretically eroded the security of any cryptosystem that depends on the difficulty of factoring large numbers. Shor’s algorithm also theoretically breaks any cryptosystem that is based on the discrete-logarithm problem[1] (e.g. the ElGamal scheme and the Digital Signature Standard).
Challenges Any practical implementation of Shor’s algorithm is years away. To date, sevenqubit quantum computers have been constructed. It may be more than a decade before a 20- or 30-qubit quantum computer is built[10]. A quantum computer with hundreds or thousands of qubits is needed to solve problems beyond the capability of conventional computers, and it is not known when such a computer might be built[11].
As a check for eavesdropping, Persons A and B can compare some random bits of their key Building a quantum computer is particularly difficult because virtually any interaction a quantum system has with its environment (e.g. an atom colliding with another atom) constitutes a measurement[9]. It is for this reason, too, that quantum systems are vulnerable to errors. Any interaction between a quantum system and the external environment results in unintentional measurements that corrupt the quantum states and makes further quantum calculation impossible. This phenomenon is known as decoherence. The
inner workings of a quantum computer need to be separated from their surroundings in order to maintain coherence, but they also must remain accessible so that inputs, calculations, and outputs can be obtained[9]. Among the techniques being researched to build a quantum computer are the use of laser-cooled ion traps, the use of nuclear magnetic resonance techniques to manipulate quantum information in classical fluids,[9] and the use of polarizations of photons. To overcome the difficulties posed by decoherence and the measurement problem, unconventional algorithms must be used. To date, only a few quantum algorithms have been discovered that work better than existing classical algorithms. The most successful of these are Grover’s algorithm for an unstructured search[3] and Shor’s algorithm for factoring large numbers[8]. More algorithms need to be discovered in order to provide further incentive to build large quantum computers, and to expand their potential usefulness.
Conclusion In 1965, Gordon Moore, co-founder of the Intel Corporation, predicted that microprocessor complexity would double every 18 months. ‘Moore’s Law’ has remained amazingly accurate for the past 35 years, primarily due to the increasing miniaturization of transistors and other components. However, sometime within the next two decades, the limits of semiconductor technology will be reached. Fundamental physical bounds to miniaturization will arise because transistors and electrical wiring cannot be made smaller than the width of an atom[9]. As we approach the limits of chip fabrication technology, we edge closer to the realm of quantum computing.
References [1] Steane, A.M. and Rieffel, E.G., 2000. Beyond Bits: The Future of Quantum Information Processing.
Computer, 33 (1), January 2000, pp. 38-45. [2] Quantum Theory. Microsoft Encarta Online Encyclopedia 2000, http://www. encarta.msn.com. [3] Grover, L.K., 1996. A Fast Quantum Mechanical Algorithm for Database Search. Proceedings of the 28th Annual ACM Symposium, Theory of Computing, ACM Press, New York, USA, 1996, pp. 212-219. [4] Carey, P., 1998. Quantum Computing Breakthrough. Mercury News, 18 May 1998, http:// www. infowar.com. [5] Quantum Cryptography: Secure Communication over Insecure Channels, http://www. almaden. ibm.com/st/projects/quantum/crypto/ [6] Wayner, P., 1999. Quantum Code: Secrets in the Light. New York Times, 10 June 999, http://www. nytimes.com. [7] Gottesman, D., 1997. Quantum Computers. 29 October 1997, http:// qso.lanl.gov/~gottesma/QComputers. html [8] Shor, P., 1997. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal of Computing, October 1997, pp. 484-509. [9] Gershenfeld, N. and Chuang, I.L., 1998. Quantum Computing with Molecules. Scientific American, June 1998, http://www.sciam.com/ 1998/ 0698issue /0698gershenfeld.html [10] Sullivan, B., 2000. New Leap for Quantum Computing. 24 May 2000, http://www.msnbc.com/news/ 411826.asp [11] Boyle, A., 2000. A Quantum Leap in Computing. 18 May 2000, http:// www.msnbc.com/news/ 269473.asp Can you identify the threats to your IT systems before they become a problem! Read Computer Fraud & Security every month Call Now For Your Free Sample + 44 (0) 1865 843687
15
The Impact of Quantum Computing on Cryptography Marie A. Wright The strength of our current encryption systems is based on cryptographic keys and complex mathematical algorithms. Using a sufficiently long cryptographic key, a mathematical algorithm transforms plaintext into ciphertext in such a way as to make it computationally infeasible for a cryptanalyst to determine either the enciphered message or the underlying key. An implicit assumption is that computer technology, as we know it, is used throughout this process. But what if a different type of computer — one based on quantum physics rather than classical mechanics — was used? This article explores the impact of quantum computing on cryptography. Quantum computing is an application of quantum theory in which the behaviours of subatomic particles are used to perform computations. In order to better understand the nature of quantum computing, the article begins with an overview of three quantum theory concepts: superposition, entanglement, and the measurement problem. The article then compares conventional computer operations with those of quantum computing. Next, the effects of quantum computing on key distribution and factoring are explored. The article concludes with a look at the challenges of, and our progress toward, quantum computing.
Superposition Unlike classical physics, which treats light strictly as waves and matter only as particles, quantum theory describes light and matter as both waves and particles[2]. Each particle of light (photon) carries energy and momentum. In a renowned experiment, light from a single source was passed through two slits, creating an interference pattern on a screen[1]. Even when the light source emitted only one photon at a time, the interference patterns appeared. In the realm of quantum theory, each photon travelled both paths at the same time, enabling a particle to exist in two places simultaneously. This phenomenon is referred to as superposition.
Quantum theory
Entanglement and the Measurement Problem
Quantum theory describes the principles underlying the laws of nature[1], and it can be used to predict the behaviour of any physical, chemical, or biological system[2]. However, explaining the behaviour of the everyday world with quantum theory tends to be too complicated to be practical[2]. Quantum theory describes the behaviour of the universe on a very small scale — that of atoms and smaller particles. Its phenomena often appear inexplicable, and its concepts are abstruse.
One of the most unusual concepts in quantum theory deals with the effect of measurement on a system. Prior to measurement, particle characteristics do not have definite values; the particle does not exist in an exact location, and its characteristics are described as fuzzy probabilities by a wave function. However, once a particle is measured, its characteristics become fixed at specific values, effectively collapsing the particle’s wave function[2]. The act of measuring a particle, therefore, affects the particle and disturbs the state of the quantum system.
In 1997, Austrian researchers performed an experiment, similar to a hypothetical one devised in the 1930s, to demonstrate the complications of quantum system measurement. The system contained two particles with opposite values of spin (rotational direction). By setting the total spin of the system to zero, the researchers knew that the two particles had opposite spins, and that total spin could be measured without directly measuring the spin of either particle[2]. The two particles, called an entangled pair, were sent off in opposite directions until they were far apart from each other. The spin of one particle was measured, fixing its value. Instantaneously, the spin of the other particle became known and fixed. No longer a fuzzy probability, its spin had to be the opposite of the other particle so that the spins of the two particles added to zero[2].
Classical computing v Quantum computing Today’s computers are based on a foundation of binary digits, with data encoded as a string of bits within electronic circuitry. Each bit must be either a zero or a one; it cannot exist as both at the same time. The bit has been the fundamental computational unit of data throughout the history of computing. Despite obvious technological advances, computers today operate on the same basic principle as the mechanical devices invented by Charles Babbage in the late 1800s and later formalized by Alan Turing[1]: one state (e.g. off or on) is represented by one number (e.g. 0 or 1). Quantum computing uses principles for representing and processing data that are not possible within a conventional framework. Perhaps the most dramatic difference between classical and quantum computing lies in the way that data are encoded. Quantum computing does not represent data as bits. Instead, it uses quantum bits (qubits) to represent data as subatomic particles. For example, two orbits of an electron in an atom could be used to represent a qubit[1]. Each qubit
13
feature represents both zero and one simultaneously, and therefore exists in multiples states at the same time. This property, known as superposition, establishes a different approach to computing. A quantum computer operates on all qubit values simultaneously; a capability known as quantum parallelism. The computational speed of a quantum computer increases exponentially with the number of qubits, so that an n-qubit quantum computer can compute 2n values at once. This extraordinary speed is attributed to the entangled state in which a quantum computer operates. Entanglement refers to the relationships that exist between the superpositions of qubits. These relationships are unlike any that exist in classical computing. Quantum states contain quantum correlations, and they are responsible for the exponential nature of quantum parallelism[1]. In 1998, Isaac Chuang of IBM’s Almaden Research Center (San Jose, California, USA) and Neil Gershenfeld of the Massachusetts Institute of Technology (Cambridge, Massachusetts, USA) built a two-qubit quantum computer that implemented a search algorithm developed by Lov Grover[3] (AT&T Bell Laboratories, New Jersey, USA). The computer, which used the nuclei of a hydrogen atom and a carbon atom in a chloroform molecule, was able to find the correct answer from four possible choices. Admittedly, the task was trivial. A conventional computer would have sequentially analyzed each of the four possibilities and, on average, would have found the correct answer in 2.25 tries. However, the quantum computer analyzed all four possibilities at the same time, identifying the correct answer in a single step[4].
Quantum Computing and Key Distribution One of the more challenging aspects of secure communication deals with the key distribution problem: how should a secret key be exchanged between two parties
14
who wish to communicate when only an insecure channel exists between them? Several methods have been devised, but none guarantee complete security. Quantum key distribution is different. It uses the quantum properties of light particles (photons), rather than computational complexity or physical barriers to interception[5], to securely exchange a random secret key over an untrusted channel. The following protocol demonstrates how this is done. • Person A generates a random sequence of zeroes and ones, a subset of which will become the shared secret key[1]. • Person A then sends Person B one photon for each value in the sequence. Each photon can be in one of four polarizations: horizontal, vertical, or one of two diagonals. The polarization that a photon will have is determined randomly. Person A (the sender) establishes the meaning of the polarization. For example, a 0 might be represented by a photon that is polarized horizontally, while a 1 would be represented by one polarized vertically[6]. Or a 0 could be represented by a photon with –45-polarization, while a 1 would be represented by a photon with +45polarization. • Person B randomly sets the receiver for each photon, so that the receiver can distinguish between vertical and horizontal polarizations, or between one of the two diagonal polarizations[6]. The configuration chosen by Person B will match the configuration used by Person A about half of the time. When the configurations match, Person B’s result corresponds to what Person A transmitted[1]. If the configurations do not match, the receiver cannot correctly determine the polarization of a photon. Furthermore, because of the measurement problem inherent in quantum theory, there is no second chance to determine a photon’s polarization; just trying to determine the polarization destroys it[6]. • Using a public channel (e.g. E-mail or telephone), Person B informs Person
A of the receiver’s configuration for each photon received. The state of each photon received is not disclosed. • Person A tells Person B which times the receiver was set correctly[6], without disclosing the state of each photon transmitted. • The shared secret key consists of the bits whose configurations match. In addition to establishing secure key exchange, quantum key distribution defends against eavesdropping. If an intruder measures the photons during transmission, their polarizations will be changed. This will cause both Person A and Person B to have different values for their secret keys. As a check for eavesdropping, Persons A and B can compare
“One of the more challenging aspects of secure communication deals with the key distribution problem” some random bits of their key. If the bits match, they can be confident that no eavesdropper was present, and they can use the rest of the key to communicate privately[1]. If the bits do not match, they can assume that an intruder eavesdropped during the key exchange process, and the protocol should be repeated.
Quantum Computing and Factoring Factoring is the hard problem upon which robust public key cryptographic systems are based. In schemes such as the RSA algorithm, the public encryption key and the private decryption key are mathematically related, but it is computationally infeasible to calculate one from the other without knowing the underlying prime factors. Despite considerable research in mathematical algorithms, no efficient classical factoring algorithm is known[7]. However, a quantum algorithm has been developed that can find the prime factors of an integer in polynomial time (an amount of time that increases with
feature the cube of the number of digits in an integer) rather than exponential time. Known as Shor’s algorithm[8], it uses quantum parallelism and entanglement to simultaneously compute all of the values of a certain function. Furthermore, it accomplishes this task significantly faster than any conventional computer could[9]. The development of this algorithm was significant because it theoretically eroded the security of any cryptosystem that depends on the difficulty of factoring large numbers. Shor’s algorithm also theoretically breaks any cryptosystem that is based on the discrete-logarithm problem[1] (e.g. the ElGamal scheme and the Digital Signature Standard).
Challenges Any practical implementation of Shor’s algorithm is years away. To date, sevenqubit quantum computers have been constructed. It may be more than a decade before a 20- or 30-qubit quantum computer is built[10]. A quantum computer with hundreds or thousands of qubits is needed to solve problems beyond the capability of conventional computers, and it is not known when such a computer might be built[11].
As a check for eavesdropping, Persons A and B can compare some random bits of their key Building a quantum computer is particularly difficult because virtually any interaction a quantum system has with its environment (e.g. an atom colliding with another atom) constitutes a measurement[9]. It is for this reason, too, that quantum systems are vulnerable to errors. Any interaction between a quantum system and the external environment results in unintentional measurements that corrupt the quantum states and makes further quantum calculation impossible. This phenomenon is known as decoherence. The
inner workings of a quantum computer need to be separated from their surroundings in order to maintain coherence, but they also must remain accessible so that inputs, calculations, and outputs can be obtained[9]. Among the techniques being researched to build a quantum computer are the use of laser-cooled ion traps, the use of nuclear magnetic resonance techniques to manipulate quantum information in classical fluids,[9] and the use of polarizations of photons. To overcome the difficulties posed by decoherence and the measurement problem, unconventional algorithms must be used. To date, only a few quantum algorithms have been discovered that work better than existing classical algorithms. The most successful of these are Grover’s algorithm for an unstructured search[3] and Shor’s algorithm for factoring large numbers[8]. More algorithms need to be discovered in order to provide further incentive to build large quantum computers, and to expand their potential usefulness.
Conclusion In 1965, Gordon Moore, co-founder of the Intel Corporation, predicted that microprocessor complexity would double every 18 months. ‘Moore’s Law’ has remained amazingly accurate for the past 35 years, primarily due to the increasing miniaturization of transistors and other components. However, sometime within the next two decades, the limits of semiconductor technology will be reached. Fundamental physical bounds to miniaturization will arise because transistors and electrical wiring cannot be made smaller than the width of an atom[9]. As we approach the limits of chip fabrication technology, we edge closer to the realm of quantum computing.
References [1] Steane, A.M. and Rieffel, E.G., 2000. Beyond Bits: The Future of Quantum Information Processing.
Computer, 33 (1), January 2000, pp. 38-45. [2] Quantum Theory. Microsoft Encarta Online Encyclopedia 2000, http://www. encarta.msn.com. [3] Grover, L.K., 1996. A Fast Quantum Mechanical Algorithm for Database Search. Proceedings of the 28th Annual ACM Symposium, Theory of Computing, ACM Press, New York, USA, 1996, pp. 212-219. [4] Carey, P., 1998. Quantum Computing Breakthrough. Mercury News, 18 May 1998, http:// www. infowar.com. [5] Quantum Cryptography: Secure Communication over Insecure Channels, http://www. almaden. ibm.com/st/projects/quantum/crypto/ [6] Wayner, P., 1999. Quantum Code: Secrets in the Light. New York Times, 10 June 999, http://www. nytimes.com. [7] Gottesman, D., 1997. Quantum Computers. 29 October 1997, http:// qso.lanl.gov/~gottesma/QComputers. html [8] Shor, P., 1997. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal of Computing, October 1997, pp. 484-509. [9] Gershenfeld, N. and Chuang, I.L., 1998. Quantum Computing with Molecules. Scientific American, June 1998, http://www.sciam.com/ 1998/ 0698issue /0698gershenfeld.html [10] Sullivan, B., 2000. New Leap for Quantum Computing. 24 May 2000, http://www.msnbc.com/news/ 411826.asp [11] Boyle, A., 2000. A Quantum Leap in Computing. 18 May 2000, http:// www.msnbc.com/news/ 269473.asp Can you identify the threats to your IT systems before they become a problem! Read Computer Fraud & Security every month Call Now For Your Free Sample + 44 (0) 1865 843687
15