- Email: [email protected]
Unconditional security through quantum uncertainty
international journal of critical infrastructure protection ] (] ] ]]) ] ] ]–] ]]
Available online at www.sciencedirect.com
www.elsevier.com/locate/ijcip
Unconditional security through quantum uncertainty Pramode Verma Telecommunications Engineering Program, University of Oklahoma-Tulsa, Schusterman Center, 4502 E. 41st Street, Tulsa, OK 74135, USA
Information is the currency of the modern age. Security of information is thus of paramount importance to an individual, a society, a nation and the planet as a whole. The cat-and-mouse game between cryptographers (who seek to secure information) and cryptanalysts (who attempt to remove the cloak of secrecy) has a documented history of at least 2000 years when Julius Caesar supposedly deployed his eponymous cipher for communicating sensitive military information. Since then, cryptography has come a long way by consistently increasing the burden on cryptanalysts. Even so, cryptanalysts continue to leverage advances in technology to thwart – in many cases – sophisticated attempts on the part of cryptographers to secure information. This raises the question: Is there a foolproof way to use cryptography to guarantee unconditional secrecy? The answer might be ambiguous, but I believe it is possible to approach unconditional security for information in transit at high data rates over long distances. Cryptography in the modern age is intricately intertwined with business and economic growth. However, all commercial techniques for protecting information are based on computational security, which implies that the burden of decrypting sensitive information far exceeds the cost associated with making it available to an unintended party. Even sophisticated mathematical constructs underlying contemporary cryptography are based on the assumption that there is no known technique that will violate the basic tenets of the mechanism. As computing power increases and as new algorithms are developed, the computational security of today's technologies will become increasingly suspect. When quantum computers come of age in terms of computing power (measured as the number of qubits they can process simultaneously), they will have the potential to make mathematically-based encryption schemes such as
RSA – which is based on the difficulty of factoring a composite number into its two prime factors – obsolete. In the quest to implement unconditionally-secure information transfer, it is prudent to turn to quantum mechanics. When a classical system transitions from state to state, the decision making process at every instant is well defined. Quantum mechanics allows a system to be in a state of superposition or ambiguity at any instant of time. Quantum mechanics with all its oddities offers a way to secure information unconditionally. One basic feature of quantum mechanics is the random behavior of an elementary or a sub-atomic particle. This property has been exploited effectively in building true random generators. A single photon passing through a 50/50 beam splitter can exit through one of the two possible paths randomly. Its detection on one of the paths can be identified with the occurrence of a zero while its detection on the other path is identified as a one. A sequence of these occurrences is a true random number. Random numbers are a vital component of most security mechanisms. In practice, however, random numbers are produced algorithmically. Random numbers produced in this manner cannot be truly random. Furthermore, they could be hacked by an attacker who knows just a few parameters of the algorithm. It turns out that the randomness inherent in the behavior of an elementary or sub-atomic particle can be exploited preferentially to secure information in transit from an intruder – specifically, to secure cryptographic keys via quantum key distribution. Two basic principles of quantum mechanics are germane to its application in quantum key distribution: the Heisenberg Uncertainty Principle and the No-Cloning Theorem. As applied to quantum key distribution, the Heisenberg Uncertainty Principle says that it is not possible to measure
http://dx.doi.org/10.1016/j.ijcip.2016.09.001 1874-5482/& 2016 Elsevier B.V. All rights reserved.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001
2
international journal of critical infrastructure protection ] (] ] ] ]) ] ] ] –] ] ]
the polarization of a photon that is in an arbitrary state with perfect accuracy. Furthermore, whenever this characteristic is observed or measured, the superposition state of the photon is irretrievably lost and the outcome of the measurement becomes certain. Even so, this outcome cannot be predicted in advance, except probabilistically. The end result of all this – and which is used effectively in quantum key distribution – is that an intruder who tries to observe or measure the information-bearing component of a photon (namely, its polarization) will always leave a fingerprint by introducing errors. The presence of the intruder is thus detected and the corrupted information can be discarded. This may be a roundabout way of sharing random information between two rightful parties. However, while the information exchanged via this technique is unconditionally secure, it is also random; in other words, a defined payload cannot be transferred securely in this manner. The NoCloning Theorem says that an intruder who spies on a stream of single photons cannot duplicate a photon while preserving its polarization. Random keys that are securely distributed using the technique described above can, of course, be used to transfer unconditionally-secure information as long as the number of bits in the random key is not less than the number of bits in the information to be transferred securely. This concept of transferring unconditionally-secure information was first proposed by Joseph Mauborgne and Gilbert Vernam in the 1920s. At the time, it was generally assumed that the problem of transferring unconditionally-secure information was solved once and for all. However, the euphoria did not last long because it soon became clear that transferring random keys securely is, in principle, just as challenging as transferring the payload information itself. In practice, the current state of the art in quantum key distribution does not allow the transfer of secure keys at a rate equal to the desired information transfer rate. Therefore, quantum key distribution merely refreshes keys at a fast-enough rate so that they can be used to secure information via conventional encryption methods. Used in this manner, quantum key distribution will not offer unconditionally-secure information transfer. It merely increases the burden on cryptanalysts by several orders of magnitude. Is there a practical way to achieve unconditionally-secure information transfer between two entities? The quantum key distribution technique deployed today is based on the BB84 protocol designed by Charles Bennett and Giles Brassard in 1984. The protocol relies on the generation, transfer and detection of single photons. Although it is theoretically sound, the BB84 protocol is difficult to implement in an optical fiber over long distances at speeds comparable with commercial data transfer rates, which can easily be in the gigabits per second (Gbps) range. Note that the BB84 protocol detects the presence of an intruder and simply discards the random data when this occurs. Data transferred when the intruder is not present is recovered by the two parties using conventional
information theory. So, can security comparable to the BB84 protocol be provided by detecting intrusions in photonic data streams flowing in conventional commercial-grade optical fiber cables? In other words: Can one detect the presence of an intruder who is attempting to tap information from an optical cable when one of the fiber channels is carrying information at commercial speeds, say 10 Gbps? If one could do this and do this economically, it would be equivalent to implementing quantum cryptography at commercial data rates over long distances. Such a technology would be based on a multiplicity of photons rather than on a single photon. Photonics based on a multiplicity of photons is a mature technology. This technology has been deployed worldwide for years. The generation, transfer and detection of a beam of light containing multiple photons is no longer an art, or even a science – it is plain and simple engineering. On the other hand, the BB84 protocol requires cumbersome and fragile instrumentation to generate, transfer and detect single photons. Our quest for transferring unconditionally-secure information at commercial data transfer rates uses the polarization property of a photonic stream instead of the polarization of a single photon. Specifically, it considers the state of polarization (SoP) in a single-mode optical fiber. Singlemode fiber is the workhorse of the telecommunications industry. It is omnipresent; it is buried in the earth; it lays on the ocean floor; it hangs between telephone poles in rural areas. The state of polarization of light propagating in a singlemode fiber is very sensitive to any perturbation that is not symmetric about the axis of the fiber. The primary mechanism for the change in polarization state is birefringence, which describes the effects of refractive index asymmetry in optical fiber. This asymmetry causes the two orthogonal states of polarization launched in fiber to propagate at different velocities. As a result, the originally-launched polarization state is transformed as it propagates through the fiber. The two primary causes of fiber birefringence are fiber geometry and stress. There is also a slow time-varying birefringence component that is considered to be random and unpredictable. While the state of polarization of a photonic stream in a single-mode fiber varies somewhat unpredictably due to changes in ambient conditions such as temperature, pressure and stress, such variations are slow. On the other hand, the state of polarization is extremely sensitive to abrupt changes of any kind. If one could differentiate the changes resulting from slow, systemic variations due to environmental factors from the abrupt variations caused by attempted tapping of optical fiber, then it would be possible to implement the equivalent of BB84 at commercial data speeds with minimal instrumentation. As in the case of BB84, this technique will instantly recognize the presence of an intruder. At this point, the data being transported over the fiber could be rerouted automatically and the communicating parties informed about the attempted intrusion by a third party.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001
international journal of critical infrastructure protection ] (] ] ] ]) ] ] ] –] ] ]
A team at the University of Oklahoma-Tulsa has constructed a laboratory model that showcases the approach. The hope is that this approach will complement other techniques that are being developed to transfer information securely at high speeds over long distances in a cost-effective manner. As technology marches forward relentlessly and the fledgling Internet of Things matures to become the Internet of Everything, what could be more important that unconditionally-secure information flow?
3
Pramode Verma is the Williams Chair of Telecommunications Networking and Director of the Telecommunications Engineering Program in the School of Electrical and Computer Engineering at the University of Oklahoma-Tulsa, Tulsa, Oklahoma. Before joining academia in 1999, Dr. Verma spent nearly 30 years in the telecommunications industry, including 21 years with AT&T Bell Laboratories and Lucent Technologies.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001
Available online at www.sciencedirect.com
www.elsevier.com/locate/ijcip
Unconditional security through quantum uncertainty Pramode Verma Telecommunications Engineering Program, University of Oklahoma-Tulsa, Schusterman Center, 4502 E. 41st Street, Tulsa, OK 74135, USA
Information is the currency of the modern age. Security of information is thus of paramount importance to an individual, a society, a nation and the planet as a whole. The cat-and-mouse game between cryptographers (who seek to secure information) and cryptanalysts (who attempt to remove the cloak of secrecy) has a documented history of at least 2000 years when Julius Caesar supposedly deployed his eponymous cipher for communicating sensitive military information. Since then, cryptography has come a long way by consistently increasing the burden on cryptanalysts. Even so, cryptanalysts continue to leverage advances in technology to thwart – in many cases – sophisticated attempts on the part of cryptographers to secure information. This raises the question: Is there a foolproof way to use cryptography to guarantee unconditional secrecy? The answer might be ambiguous, but I believe it is possible to approach unconditional security for information in transit at high data rates over long distances. Cryptography in the modern age is intricately intertwined with business and economic growth. However, all commercial techniques for protecting information are based on computational security, which implies that the burden of decrypting sensitive information far exceeds the cost associated with making it available to an unintended party. Even sophisticated mathematical constructs underlying contemporary cryptography are based on the assumption that there is no known technique that will violate the basic tenets of the mechanism. As computing power increases and as new algorithms are developed, the computational security of today's technologies will become increasingly suspect. When quantum computers come of age in terms of computing power (measured as the number of qubits they can process simultaneously), they will have the potential to make mathematically-based encryption schemes such as
RSA – which is based on the difficulty of factoring a composite number into its two prime factors – obsolete. In the quest to implement unconditionally-secure information transfer, it is prudent to turn to quantum mechanics. When a classical system transitions from state to state, the decision making process at every instant is well defined. Quantum mechanics allows a system to be in a state of superposition or ambiguity at any instant of time. Quantum mechanics with all its oddities offers a way to secure information unconditionally. One basic feature of quantum mechanics is the random behavior of an elementary or a sub-atomic particle. This property has been exploited effectively in building true random generators. A single photon passing through a 50/50 beam splitter can exit through one of the two possible paths randomly. Its detection on one of the paths can be identified with the occurrence of a zero while its detection on the other path is identified as a one. A sequence of these occurrences is a true random number. Random numbers are a vital component of most security mechanisms. In practice, however, random numbers are produced algorithmically. Random numbers produced in this manner cannot be truly random. Furthermore, they could be hacked by an attacker who knows just a few parameters of the algorithm. It turns out that the randomness inherent in the behavior of an elementary or sub-atomic particle can be exploited preferentially to secure information in transit from an intruder – specifically, to secure cryptographic keys via quantum key distribution. Two basic principles of quantum mechanics are germane to its application in quantum key distribution: the Heisenberg Uncertainty Principle and the No-Cloning Theorem. As applied to quantum key distribution, the Heisenberg Uncertainty Principle says that it is not possible to measure
http://dx.doi.org/10.1016/j.ijcip.2016.09.001 1874-5482/& 2016 Elsevier B.V. All rights reserved.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001
2
international journal of critical infrastructure protection ] (] ] ] ]) ] ] ] –] ] ]
the polarization of a photon that is in an arbitrary state with perfect accuracy. Furthermore, whenever this characteristic is observed or measured, the superposition state of the photon is irretrievably lost and the outcome of the measurement becomes certain. Even so, this outcome cannot be predicted in advance, except probabilistically. The end result of all this – and which is used effectively in quantum key distribution – is that an intruder who tries to observe or measure the information-bearing component of a photon (namely, its polarization) will always leave a fingerprint by introducing errors. The presence of the intruder is thus detected and the corrupted information can be discarded. This may be a roundabout way of sharing random information between two rightful parties. However, while the information exchanged via this technique is unconditionally secure, it is also random; in other words, a defined payload cannot be transferred securely in this manner. The NoCloning Theorem says that an intruder who spies on a stream of single photons cannot duplicate a photon while preserving its polarization. Random keys that are securely distributed using the technique described above can, of course, be used to transfer unconditionally-secure information as long as the number of bits in the random key is not less than the number of bits in the information to be transferred securely. This concept of transferring unconditionally-secure information was first proposed by Joseph Mauborgne and Gilbert Vernam in the 1920s. At the time, it was generally assumed that the problem of transferring unconditionally-secure information was solved once and for all. However, the euphoria did not last long because it soon became clear that transferring random keys securely is, in principle, just as challenging as transferring the payload information itself. In practice, the current state of the art in quantum key distribution does not allow the transfer of secure keys at a rate equal to the desired information transfer rate. Therefore, quantum key distribution merely refreshes keys at a fast-enough rate so that they can be used to secure information via conventional encryption methods. Used in this manner, quantum key distribution will not offer unconditionally-secure information transfer. It merely increases the burden on cryptanalysts by several orders of magnitude. Is there a practical way to achieve unconditionally-secure information transfer between two entities? The quantum key distribution technique deployed today is based on the BB84 protocol designed by Charles Bennett and Giles Brassard in 1984. The protocol relies on the generation, transfer and detection of single photons. Although it is theoretically sound, the BB84 protocol is difficult to implement in an optical fiber over long distances at speeds comparable with commercial data transfer rates, which can easily be in the gigabits per second (Gbps) range. Note that the BB84 protocol detects the presence of an intruder and simply discards the random data when this occurs. Data transferred when the intruder is not present is recovered by the two parties using conventional
information theory. So, can security comparable to the BB84 protocol be provided by detecting intrusions in photonic data streams flowing in conventional commercial-grade optical fiber cables? In other words: Can one detect the presence of an intruder who is attempting to tap information from an optical cable when one of the fiber channels is carrying information at commercial speeds, say 10 Gbps? If one could do this and do this economically, it would be equivalent to implementing quantum cryptography at commercial data rates over long distances. Such a technology would be based on a multiplicity of photons rather than on a single photon. Photonics based on a multiplicity of photons is a mature technology. This technology has been deployed worldwide for years. The generation, transfer and detection of a beam of light containing multiple photons is no longer an art, or even a science – it is plain and simple engineering. On the other hand, the BB84 protocol requires cumbersome and fragile instrumentation to generate, transfer and detect single photons. Our quest for transferring unconditionally-secure information at commercial data transfer rates uses the polarization property of a photonic stream instead of the polarization of a single photon. Specifically, it considers the state of polarization (SoP) in a single-mode optical fiber. Singlemode fiber is the workhorse of the telecommunications industry. It is omnipresent; it is buried in the earth; it lays on the ocean floor; it hangs between telephone poles in rural areas. The state of polarization of light propagating in a singlemode fiber is very sensitive to any perturbation that is not symmetric about the axis of the fiber. The primary mechanism for the change in polarization state is birefringence, which describes the effects of refractive index asymmetry in optical fiber. This asymmetry causes the two orthogonal states of polarization launched in fiber to propagate at different velocities. As a result, the originally-launched polarization state is transformed as it propagates through the fiber. The two primary causes of fiber birefringence are fiber geometry and stress. There is also a slow time-varying birefringence component that is considered to be random and unpredictable. While the state of polarization of a photonic stream in a single-mode fiber varies somewhat unpredictably due to changes in ambient conditions such as temperature, pressure and stress, such variations are slow. On the other hand, the state of polarization is extremely sensitive to abrupt changes of any kind. If one could differentiate the changes resulting from slow, systemic variations due to environmental factors from the abrupt variations caused by attempted tapping of optical fiber, then it would be possible to implement the equivalent of BB84 at commercial data speeds with minimal instrumentation. As in the case of BB84, this technique will instantly recognize the presence of an intruder. At this point, the data being transported over the fiber could be rerouted automatically and the communicating parties informed about the attempted intrusion by a third party.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001
international journal of critical infrastructure protection ] (] ] ] ]) ] ] ] –] ] ]
A team at the University of Oklahoma-Tulsa has constructed a laboratory model that showcases the approach. The hope is that this approach will complement other techniques that are being developed to transfer information securely at high speeds over long distances in a cost-effective manner. As technology marches forward relentlessly and the fledgling Internet of Things matures to become the Internet of Everything, what could be more important that unconditionally-secure information flow?
3
Pramode Verma is the Williams Chair of Telecommunications Networking and Director of the Telecommunications Engineering Program in the School of Electrical and Computer Engineering at the University of Oklahoma-Tulsa, Tulsa, Oklahoma. Before joining academia in 1999, Dr. Verma spent nearly 30 years in the telecommunications industry, including 21 years with AT&T Bell Laboratories and Lucent Technologies.
Please cite this article as: P. Verma, Unconditional security through quantum uncertainty, International Journal of Critical Infrastructure Protection (2016), http://dx.doi.org/10.1016/j.ijcip.2016.09.001