Galicia Quantum Technologies Hub

There is a huge paradox in quantum technology: it poses the most formidable threat to our cybersecurity as we know it, while at the same time, it is the only technology capable of guaranteeing perfect security in digital communications. The Vigo Quantum Communication Center (VQCC) designs innovative ways to perform quantum key exchange, the inviolable formula to protect any remote communication from intruders, spies, and hackers

Exactly thirty years ago, in 1994, mathematician Peter Shor made a presentation at a computer science conference that shook the foundations of cybersecurity. It was about an algorithm for quantum computers capable of factoring large integers more efficiently than classical methods.

Considering that the security of many cryptographic systems is based on the difficulty of factoring large numbers –on the order of billions of computational years for a conventional computer– Shor’s discovery fell squarely on the list of scientific discoveries of exceptional value, but also with enormous potential to do harm in the wrong hands.

Quantum computers have not yet reached a sufficient level of development to run Shor’s algorithm efficiently. Still, it is only a matter of time and the seriousness of the threat justifies a very intense research effort to neutralize it, using precisely the very tool capable of triggering it: quantum physics.

“What if tomorrow morning you were unable to log on to any website, what if everything on your computer became completely public? If any of this sounds alarming, it’s only a matter of time. It could happen. And sooner than we think.” This is the scenario drawn by Alessandro Marcomini, a researcher at the Quantum Communication Theory Group of the Vigo Quantum Communication Center (VQCC). “The way we perceive passwords and cybersecurity today is no longer secure. Fortunately, by using quantum mechanics, we can introduce a new way to produce completely secure cryptography.”

His project is to contribute to proving that it is possible to guarantee perfect security in communications between two parties by applying the laws of quantum mechanics. The encryption technique he uses as a basis is considered one of the most robust: quantum key distribution (QKD). Marcomini is currently focusing on designing innovative ways to guarantee security by introducing operations that make it possible to offset the limitations and vulnerabilities of current communication devices.

Perfect security

The key to guaranteeing perfect security is randomness. But before we get into this, what is perfect security? We already know that it is not a good idea to use our date of birth or our dog’s name as a password on the internet, so we rely on the passwords suggested by our computer when we register on a new website. They seem perfectly secure –after all, they are long sequences of seemingly random characters–. And therein lies the problem: the passwords are only seemingly random, so they are only seemingly secure.

“This is because, in our world, anything that is not quantum is actually deterministic, a fancy way of saying it is predictable,” explains Marcomini. “However, when we enter the quantum realm there are properties of nature that are truly and completely random, and predicting them is physically impossible. This is what makes quantum mechanics able to provide perfect security.”

When we wish to communicate secretly over a distance, we must do so by sending encrypted messages, which requires sharing a key to encode and decode their contents. Sending the key by email or sharing it over the phone means compromising security because such communications can easily be intercepted. “It is basically impossible to exchange or distribute keys securely in a classical world. However, in quantum mechanics, there is a theorem called non-cloning that shows that it is physically impossible to create a perfect copy of an arbitrary quantum particle without changing the properties of the original,” explains the VQCC researcher. Therefore, if someone sends someone else a key encoded in quantum particles, every time an intruder interferes to copy it, they will leave a trace and, consequently, may be detected.

Additional operations

Key exchange via QKDis normally done using photons (particles of light) as vehicles. This is because they are particularly effective at maintaining their quantum properties for relatively long times, allowing key sharing over longer distances.

The optimal way to achieve QKD would be to use single photons, but currently the sources to produce them are impractical and incompatible with standard telecommunications technology. The standard process is to use lasers to produce light, which is then further processed to isolate a single particle (of light). When the procedure is performed at high speed –a requirement for this technology to become commercial and widespread– more photons are likely to leak out, compromising security. In any case, these lasers are valuable because they are relatively cheap to produce and widely available, so it is worth the while to look at ways to overcome these security hurdles.

“In my work, I am proving mathematically that, even with imperfect devices, it is still possible to have perfect security by introducing some additional operations,” explains Marcomini. This not only concerns the emission source but also the detectors on the other side of the communication. “A perfect detector would click with 100 % accuracy when there is a photon and do nothing when there is no photon. But what happens when a detector is only 99 % accurate? Although it seems that the situation is almost perfect, incorrect clicks could be induced by a hacker attacking the system, which means that the key is compromised. In this case, we will have to perform some operations on our data to restore the security of the key.”

The aim of these additional operations proposed by the VQCC researcher is none other than to ensure complete randomness, i.e. the essence of perfect security. “It should be noted that this is a complex task, especially because the devices we use, such as lasers and fiber optics, are not perfect and, as such, have limited accuracy and may make mistakes. This task of demonstrating the perfect security of quantum communications with real, imperfect devices is called security implementation,” specifies Marcomini.

The researcher explains that the complexity of these security demonstrations in experimental implementations lies in the need for combined knowledge and understanding of very different domains. “For example, to guarantee the security of a laser source requires state-of-the-art knowledge of theoretical fundamental physics; to produce theorems I need to know mathematics and statistics; and to know which problems are relevant in practice requires engineering.  Solving the problem requires a joint effort of multiple experts,” he says about the interdisciplinary nature of his research. This is the context of his collaboration with other VQCC groups, the Institute of Physics of Cantabria, and the University of Toyama (Japan).

The VQCC project, which operates within the framework of the Quantum Communications Complementary Plan, continues under international outreach through Marcomini’s membership in the Marie Skłodowska-Curie Quantum-Safe Internet doctoral network.

“My biggest aspiration for now is to solve some security loopholes that prevent QKD from becoming an established technology. I am also planning to merge many different contributions from other authors into a single, clear guide for companies and experiments to verify the security level of their implementation based on a simple verification routine,” concludes the VQCC researcher.