Cryptography
This chapter is an audio chapter. This means that the content of the audio file and the content of the text are identical. It is up to you if you only listen to the audio file, only read the text or if you do both listening to the audio file and reading the text.
Additionally, you are allowed to download the audio file. This way you can listen to it without an internet connection. Alternatively, you are allowed to listen it here on the website of course.
Audio Chapter 2:
Before we fully dive into the world of quantum mechanics and especially quantum communication, we will first take a look at cryptography as a whole. The main goal here is to determine why classical cryptography and the encryption methods we know are slowly becoming obsolete and should even be renewed. Furthermore, we will find out which possible alternatives exist and are being developed.
Overview
With the increasing dependence on digital systems, the demand for robust cybersecurity measures is rising. The classical encryption methods used so far – such as RSA, Diffie-Hellman, and AES – have been the backbone of our secure communication for decades. RSA is an abbreviation for Rivest, Shamir, Adleman, the developers of this method. AES stands for Advanced Encryption Standard. Diffie-Hellman is a method that was developed by Diffie and Hellman. These methods are based on complex mathematical problems, such as prime factorization or solving discrete logarithms, and thus ensure the security of our data. To illustrate this more clearly, let’s take an example: prime factorization.
Prime factorization – an example
Every number can be described as a unique product of prime numbers.
For example, 4 is the product of 2 times 2.
6 is the product of 2 times 3.
39 is the product of 3 times 13.
The arrangement of prime numbers is definite in each case; there is no number other than 4 whose prime factorization is also 2 times 2. Likewise, there is no number other than 39 whose prime factorization is also 3 times 13. The crucial point is the following: multiplication is a simple operation. Even elementary school children can do it. Finding the prime factorization, meaning the prime numbers whose product results in a given number, is difficult. Let’s take the number 210 as an example. What is its prime factorization? Now, we – or rather, a computer – would have to go through all possible variations that can result in 210. 2 times 105, 3 times 70, 6 times 35, and so on. The computer also has to check whether the respective numbers are prime numbers. However, once the prime factorization is determined, meaning we know the prime numbers whose product results in the number, everything becomes easy. In this case, the prime numbers are 2, 3, 5, and 7. Calculating their product is simple: 2 times 3 is 6, 6 times 5 is 30, 30 times 7 is 210. If two communication partners now have the prime numbers 2, 3, 5, and 7, it is easy for them to break the code 210. An eavesdropper – someone trying to listen in on the communication – on the other hand, would have to go through all possible constellations. This takes time… and computing power.
Of course, this was a highly simplified representation; the actual method varies somewhat. But at the moment, the goal is to understand the principle.
Current state
Our current encryption is based on mathematically complex problems – problems that today’s computers cannot solve, at least not in a reasonable time. The computers of tomorrow – quantum computers – will, however, be able to solve them. Today’s encryption measures thus face an existential threat: the emerging power of quantum computers. Classical encryption algorithms are becoming increasingly vulnerable. With the rapid rise of quantum computers, these encryption schemes could soon become obsolete. When considering the exponential increase in data generated and transmitted worldwide, the urgency of the situation becomes clear: according to recent estimates, the number of connected devices is expected to reach 30 billion by 2030. Global data production is projected to rise to an astonishing 181 zettabytes by 2025. To put this into perspective: 1 zettabyte equals one billion terabytes! Such an enormous data flood requires improved security measures, especially since current encryption methods may soon become inadequate. Under these conditions, quantum communication – or at least some alternative to our current systems – is not just an innovation; it is a necessity.
Shor and the vulnerability of the classical approaches
The rise of quantum computers brings about a paradigm shift. Quantum algorithms – especially Shor’s algorithm – can solve the mathematical problems on which our current encryption systems are based exponentially faster than classical algorithms. This poses a direct threat to current cryptographic protocols. Shor’s algorithm is a quantum algorithm capable of factoring large numbers into their prime factors.
Let’s consider the RSA protocol, one of the most widely used encryption systems today. The security of RSA is based on the difficulty of factoring a product of two large prime numbers. A classical computer would take thousands of years to break such an encryption key. A sufficiently powerful quantum computer, however, could solve this problem in mere seconds using Shor’s algorithm. This is no longer just a theoretical concern: experts estimate that quantum computers will be able to break RSA-2048 encryption as early as the early 2030s. Some estimates even suggest there is a 50% chance that this could happen as early as 2031. This emerging reality signals a countdown to the era of classical encryption – at least as we know it.
A similar fate awaits the Diffie-Hellman key exchange. So far, it has enabled the sharing of cryptographic keys over public channels but is becoming increasingly vulnerable. Diffie-Hellman relies on the difficulty of calculating discrete logarithms. Quantum computers can efficiently solve this problem as well.
With advancements in quantum technology, the foundation of our current cryptographic systems is slowly but surely eroding. This presents an urgent call to seek alternatives that can withstand quantum technology.
But what could such alternatives look like? What options do we have? And are the solutions only to be found in the world of quantum mechanics?
Post-Quantum-Cryptography (PQC)
Interestingly, among the possible alternatives, there are also classical solutions. This pertains to the development of so-called post-quantum cryptography, often abbreviated as PQC. Post-quantum cryptographic algorithms are classical in nature. They are classical approaches – not quantum cryptography but rather classical cryptography. This means they could also be integrated into our current infrastructure and systems; they do not require any quantum upgrade. Post-quantum cryptography is considered secure against the computational power of quantum computers – at least, it is based on mathematical problems that are believed to be resistant to quantum computing. One example is the NewHope algorithm.
The NewHope algorithm is based on the difficulty of Learning with Errors problems. These involve solving linear equations with added errors. These problems are believed to be resistant to attacks from quantum computers because they are computationally intensive – even for advanced algorithms such as Shor’s algorithm. The NewHope algorithm uses lattice-based cryptography. Lattice-based cryptography generates public and private keys based on the mathematical structure of lattices. These structures make it more difficult for quantum computers to solve the underlying problems, thus offering strong security against potential quantum computer attacks.
Other types of cryptography:
Add bulleted list:
- hash based
- code based
- multivariate polynomial cryptography
In this course, PQC plays little to no role; we primarily want to focus on quantum communication. In this section of the course, we have only briefly introduced PQC to make you aware that there are other alternatives as well. Furthermore, in the fourth module—when discussing specific application fields and industrial sectors—PQC will also be covered.
Quantum cryptography and QKD
This course focuses on quantum communication and, in connection with that, primarily quantum key distribution. Quantum key distribution – in short QKD – offers a fundamentally different approach that provides future-proof and technology-independent security. In quantum key distribution, QKD, the goal is to distribute a key for encrypting messages, data, or other information between two communication parties using the principles of quantum physics. QKD is future-proof because it is based on fundamental physical laws. QKD relies on the principles of quantum physics, such as superposition and entanglement. It exploits the properties of photons as well as quantum objects in general. This is primarily the inherent unpredictability of measurement results. If I measure a quantum object in a superposition state, I cannot predict the measurement result; it is genuinely random. This property helps to detect a potential eavesdropping attack since any intermediate measurement causes disturbances. Technology-independent security, on the other hand, means that QKD will remain secure even with the emergence of more advanced technologies. The previous, classical methods are, for example, not technology-independent in terms of security. With the advent of higher computing power, they become obsolete. QKD, however, is immune to such advancements because its security is based on physics and not on the absence of sufficient computing power.
Information-theoretic security
One of the most significant advantages of QKD is that it also offers information-theoretic security. This means that security does not rely on assumptions regarding computing power.
Information-theoretically secure are those methods…
Add bulleted list:
- where it is impossible to break the encryption.
- where it is impossible to determine the encrypted message or file based on the encryption itself.
- that remain secure regardless of the capabilities of the eavesdropper.
The previous encryption methods – RSA, Diffie-Hellman – are not information-theoretically secure. Their security is based on the assumption that no devices exist that provide enough computing power to break the encryption. QKD, on the other hand, is information-theoretically secure – at least in theory and if implemented in its ideal form, meaning without errors, without losses, without noise. It remains secure regardless of the technological level of the eavesdropper, even in the case that the eavesdropper possesses a quantum computer. The security of QKD does not rely on making calculations complicated. It is based on the fact that every measurement of a quantum system changes and influences the quantum system, making unnoticed eavesdropping attacks impossible. In classical encryption, data could be intercepted and potentially cracked as soon as the necessary computing power is available. With QKD, however, this is not possible, as eavesdropping attacks and even the interception of encryption keys can be detected in real-time. It is as if you have a safe that cannot be opened without triggering some kind of alarm. Additionally, QKD generates encryption keys that are truly random – thanks to the unpredictable nature of quantum physics. In classical encryption, truly random keys cannot be created because the randomness is simulated and, in theory, could be calculated and predicted.
Conclusion and Outlook
QKD represents a critical advancement in secure communication. It addresses the imminent vulnerability of classical encryption in the era of quantum computing. By leveraging the principles of quantum physics, QKD provides a proactive and robust defense against the evolving landscape of cyber threats. With advancements in quantum computing, QKD will not only be a technological option but a strategic necessity. It will empower organizations and governments to protect their most valuable information in a fundamentally secure way. This makes QKD an essential technology for secure communication, especially in the face of an era where traditional encryption methods can be effortlessly broken by quantum computers.