| By Assistant Professor Lim Ci Wen Charles |
Today, we use the internet for almost everything, from shopping and bill payments, to banking and entertainment. In doing so, we place our trust in cryptosystems that protect our private information and identities. However, the emergence of quantum computing is threatening all of that. No longer a theoretical dream, quantum computers have undergone rapid development in recent years, and if built with enough memory, can break even the most sophisticated cryptographic systems. Put simply, the advent of quantum computers will break nearly every cryptosystem in use today, rendering most of the digital services completely insecure.
To that end, the feasibility of migrating critical information to quantum-secure infrastructure is being explored. Currently, the best candidates are platforms using quantum cryptography, which are based on the established laws of quantum theory, one of the most successful physical theories to date. Quantum cryptography is in principle unbreakable and is widely regarded as the top solution for long-term information security. In fact, many countries have already started multi-million-dollar research programs to develop the next-generation quantum cryptosystems, with the intent to deploy them by the next decade. One notable example is the European Quantum Flagship initiative, which, with over EUR1 billion in funding, aims to commercialise quantum cryptography across Europe.
To achieve long-term information security, quantum cryptography employs a technique called quantum key distribution (QKD). This enables the secure exchange of secret keys in an untrusted network, e.g. the Internet. In practice, the secret key is transmitted using a sequence of carefully prepared single-photon signals, which can only be retrieved if the receiver uses the same coding scheme as the sender. The basic idea is that if an attacker tries to learn the secret key, the process of monitoring will invariably disturb the quantum signals. This quantum effect allows the authenticated users to verify if someone else has monitored the quantum channel. If the noise is sufficiently low, then the secret key can be used for encryption, otherwise the protocol is aborted, and the users restart the process.
However, while quantum cryptography is a relatively mature quantum technology, it still faces some fundamental issues. In particular, there is still a considerable gap between the mathematical models used in the theory and the actual quantum devices employed in practice. From the standpoint of information security, such a gap can be very dangerous, for it is highly vulnerable to deliberate hacking attacks or information leakages.
As such, efforts are currently underway at NUS Electrical & Computer Engineering (ECE), and the Centre for Quantum Technologies (CQT), seeking to establish quantum protocols that are secure even when the underlying quantum devices are unreliable.
The goal of such efforts, in essence, is to determine whether it is possible to achieve practical quantum cryptography with as little assumptions as possible about the quantum devices. If successful, this would significantly close the gap between the theory and practice of quantum cryptography, thereby making it more viable for practical use.
To this end, my group at ECE and CQT focuses on two interrelated multidisciplinary programmes that use quantum correlations to self-test quantum devices. The basic idea is to employ statistical correlations to distinguish good quantum devices from the malfunctioning ones.
Leveraging on this idea, we consider approaches to understand how one can mathematically prove the security of quantum cryptography with only partially characterised quantum networks. A practically interesting approach is to consider quantum signals with bounded energy constraints, but with no assumptions made about the quantum receivers.
To determine if the network is indeed quantum in nature, we have designed statistical tests that only quantum devices which are functioning close to their original design intent can pass. Importantly, in this approach, no device modelling is required in the security analysis. From the perspective of information security, this new framework could provide information security against side-channel attacks and unreliable devices, as evidenced in one of our recent findings.
We also take an experimental approach, which aims to develop new photonic devices that can make quantum cryptography faster and cheaper. One of our objectives here is to design and produce a micro-chip self-testing quantum random number generation device whose randomness is guaranteed by quantum correlations. We envisage that such a device could be installed in smart mobile devices and wireless sensor networks to strengthen their information security.
All in all, our ultimate goal is to make quantum cryptography more practical and cost-effective.
Of course, we are not alone in our efforts to establish a reliable infrastructure for quantum cryptography and communication. Although the quantum computers available today lack the ability to hack our most secure systems, it is only a matter of time before they are able to do so. With the theory already so well advanced, it is somewhat naïve to believe that the technology is not already reaching such capabilities. In a sense, a technological arms race for quantum computers is under way. As quantum computers become more powerful, so too will the systems that defend against their malicious use, and protect the private information of governments and industries alike. For individuals, this will mean continuing to live ‘online’, without fear that one’s identity or private information could be compromised.
About the author
Dr Lim Ci Wen Charles is an Assistant Professor at NUS Electrical and Computer Engineering, and the Centre for Quantum Technologies, a Research Centre of Excellence hosted at NUS. He is a 2019 National Research Foundation Fellowship recipient, and was awarded a 2019 Quantum Engineering Programme (QEP) grant with which he will continue his work on quantum cryptography and communication, and in particular, its role in smart mobile devices.