Quantum computers are on the horizon and the ramifications the technology is expected to produce across a multitude of industries is game changing. They can certainly be described as a disruptive technology when taken in the context of current cryptography and will force a radical change in how secure communication is implemented. A prime reason for this is due to the significant advances they promise to provide in the factoring of large numbers. This is a technique central to the security of several algorithms, such as RSA, in which prime factors of large numbers are utilised in encryption precisely because of the traditional difficulty in computing such numbers. Consequently, the security afforded by RSA alongside other similarly implemented algorithms will be heavily impacted, if not entirely broken. We’re left with a void within the field of classical cryptography that its quantum equivalent attempts to fill (as does post quantum classical cryptography, which may become the topic of a subsequent blog post).

**The Good & Bad of Quantum Cryptography**

Quantum cryptography has several benefits which make is an attractive option. For example, due to the underlying physical principles of quantum superposition and the no cloning theorem, information cannot be intercepted without detection. Thanks to this, eavesdropping attacks against quantum cryptography are inherently resisted. The security afforded by quantum cryptography stems from the unique properties of the building blocks of the universe and isn’t something than can be cracked simply by computing power. This form of security also operates on the physical layer and as such can secure the complete end to end connection without the need for SSL or a VPN.

Whilst the benefits quantum cryptography offers are significant, it is not a perfect solution and there are trade-offs to be made. The financial implications are non-trivial as we are dealing with a technology very much at the forefront of innovation. R&D costs are high, as are the fabrication costs of specialist components. Entirely new infrastructure is often needed to support the delicate nature of the quantum states being used in such technology, which can contribute further to the costs incurred. Many of the issues are a symptom of this being an infant industry and are expected to be resolved as the field matures.

Let us look at one of the most popular protocols, focussing on secure key distribution, which is the basis for many of the commercial systems being sold today.

**BB84**

The BB84 protocol has one central goal, to establish a key between two parties (Alice and Bob), such that an eavesdropper, Eve, cannot learn it by listening to their “conversation”. Once this key has been established it can then be used to communicate securely using the one-time pad algorithm. The basic idea is that Alice and Bob use quantum systems to establish the key, their hope is that any attempt made by Eve to learn the state of the system will result in a disturbance of the state, which can be then detected by Alice and Bob. Eve can sabotage the protocol, in which case Alice and Bob won’t be able to establish the key. However, the goal is to make sure that if Alice & Bob agree that the protocol was successful, then the chance of Eve knowing the key would be very small.

The steps of the protocol are:

- Alice prepares a qubit randomly in 1 of 4 states & sends it to Bob.
- Bob measures the received qubit in 1 of 2 basis, randomly with probability ½ for each basis.
- Alice & Bob reveal the bases in which the qubit was prepared & measured, via a classical channel – but not the state or respective outcome. If the basis coincide, they add the bit to their list of key bits otherwise they discard that qubit.
- In order to make sure Eve hasn’t tampered, they pick a proportion of their agreed bits and compare them using the classic channel.
- If they find significant differences than they know Eve has been tampering and abort the protocol.

There are several mathematical proofs attesting to the security of the protocol, however in this article lets focus on the intuition behind the proof.

**A Probabilistically Problem Free Proof**

The central concept to the proof is that, for Eve to learn the key, the qubits sent by Alice must be intercepted and measured. If Eve knows the basis to which the prepared state belongs, she could measure the state in that basis and learn the state without altering it. However, Eve doesn’t know which basis has been used, as such she can’t perform the above measurement. This leaves two possible alternatives…

**Scenario 1**

Eve can choose one of the two bases randomly, measure in that basis and then pass the system on to Bob. If Eve chooses the same basis as that of Alice’s prepared state, then she obtains the result she’s looking for and can pass on the state to Bob undisturbed. On the other hand, if Eve measures in the other basis then the state sent to Bob will have been altered. When Bob makes his own measurement there is a 1 in 4 chance that he will obtain Alice’s prepared state.

**Scenario 2**

Eve can keep the system sent by Alice and measure it only after classical communication declares which bases were used for encoding. However, she needs to send Bob a qubit prepared in a certain state, no matter what state she chooses, there is a significant chance that Bob’s measurement will give a different result than the original state sent by Alice.

**Either way Eve’s scuppered**

Using the first option there’s a small likelihood of successful eavesdropping which further diminishes as the no. of qubits used in the protocol increases. Using the second option there is no real chance due to the no cloning theorem. In general, Eve may employ more sophisticated attacks in which several successive qubits are measured, which makes the proof of the security more complicated. However, at the heart of the proof is the fact that quantum information cannot be copied as dictated by the no cloning theorem.

**A wrap then?**

Quantum cryptography is at the stage of technological applications, with several companies in the process of producing cryptographic systems based on the BB84 protocol. Commercial Quantum Key Distribution (QKD) systems are being manufactured by several companies such as: Toshiba, IDQuantica, SeQureNet, Quintessence Labs & MagiQ Technologies. But the story is far from complete, in the next blog post we’ll look at how to test quantum-based cryptography and where such systems may (or indeed have) failed.

*You can see Imran Shaheem present more on this topic at CRESTCon (https://www.youtube.com/watch?v=Kivint31SGM) and BSides Manchester (https://www.youtube.com/watch?v=uBNFKi01lZQ).*