Betting on the laws of nature

There is hardly an issue that touches a nerve quite like data security. No wonder – after all, living in the digital age we all leave plenty of information on our hard drives, online accounts, social media profiles and various databases. This includes harmless information such as our favourite cat videos – but also sensitive data, such as medical or financial information.

With this in mind, we really want to play it safe when it comes to who can access our secrets. For this purpose, we rely on encryption methods to exchange data on the Internet and to secure our hard drives. The problem is that our current encryption methods are based on bets whose odds have massively reduced with the development of quantum computers. University of Vienna experts in computer science and quantum physics explain to Rudolphina what this means for our digital security.

Let us assume we want to communicate a secret via the Internet. This means that we send information via a publicly accessible channel but that only the sender and recipient are supposed to have access to this data. A common method to achieve this involves the use of two different keys – a private key and a public key.

Two keys

So, how does this work? Using a mathematical operation, we first create the public key from the private key before sending the public key to our communication partner – and thus to the entire world. Our partner sends their message to us, which they have encrypted by means of the public key, again via a public channel. However, only we can decode the message using the private key.

The crux of the problem is the mathematical operation. "For these kinds of encryption systems, we need mathematical problems that can only be easily solved when you have the private key," says Karen Azari, assistant professor at the Faculty of Computer Science at the University of Vienna and an expert on cryptography. One example of such a mathematical problem is that you can quickly multiply two large prime numbers, but deriving these two prime numbers from the product is extremely complicated.

For example, the widely used RSA cryptosystem (which is just one example of procedures using a public key as described above) is based on the assumption that potential hackers are not able to solve this problem, referred to as factorisation. Other methods, such as those used for digital signatures or other cryptographic situations, share the same core concept – the security of our digital communication is based on mathematical problems of which we assume that they will take intruders a very long time to solve.

Problematic assumptions

But how large must the two numbers be to guarantee the security of the RSA encryption? "This is the core problem on which I focus," says Azari. "In practice, we are applying parameters for which we actually have no security proofs. We can therefore only guarantee a level of security that is too low."

Coming from a theoretical background, the computer scientist can specify parameters that would be secure for encryption. However, there is still a gap in research that needs to be closed, says the expert on cryptography, "We as cryptographers want to offer safety not only against known methods of attack but also against future methods. This means that we can translate any attack on a cryptographic procedure into an 'attack' on the underlying mathematical problem. By translating the cryptographic attack into the solution to a mathematical problem, such as efficient factorisation, we deduce secure parameters for the cryptographic procedure."

Karen Azari strives to improve this translation process to find the smallest-possible parameters that could guarantee interception-free communication. "If there are security losses in the translation process, I will ultimately have to recommend larger parameters that are not practical to implement." However, these security analyses themselves are based on assumptions about the solvability of mathematical problems. But what if these assumptions no longer hold?

Quantum computers as a threat

"Most of the systems we use are based on mathematical problems for which efficient attack methods were actually already possible, if an attacker had a high-performance quantum computer," says Azari. So by using our usual encryption methods, we not only wager a bet that nobody has such a quantum computer but also that this will never change. Hackers could store large quantities of encrypted data already now and decrypt them in the future using quantum algorithms.

This fact is obviously no cause for alarm, since quantum computers are still at an early stage of development. Still, quantum computers pose a risk, especially for data that must remain confidential in the long term, such as medical or military information. Security experts agree that this is a threat to reckon with. One solution could be the use of cryptographic procedures that are based on problems for which quantum algorithms are not useful – this is called post-quantum cryptography.

"In general, many systems are already migrating to these post-quantum cryptographic methods," explains Azari. "Researchers are also developing hybrid methods, which are secure as long as the conventional system is not cracked and as long as the post-quantum problem has not been solved. Both approaches offer the benefit that we do not need to change our physical infrastructure, but again, we cannot prove that it is secure."

Quanta against quanta

Ultimately, post-quantum cryptography, too, is based on mathematical problems. "In theory, faster traditional algorithms or new mathematical paradigms could crack this type of encryption," says Mathieu Bozzio, theoretical quantum physicist at the University of Vienna. Bozzio and his colleagues are therefore pursuing a different approach to ensure data security: What if we did not have to wager a bet at all?

This is the notion behind quantum cryptography, which mainly exploits two properties of quantum systems. "On the one hand, from a quantum physics perspective, it is impossible to perfectly copy an unknown system," explains Bozzio. "If I do not know anything about a quantum particle, I cannot create two of these particles carrying the same information." This fact breaks with conventional cryptography, which enables the replication of unknown messages without difficulty.

"On the other hand, quantum physics is subject to the uncertainty principle. When you try to measure a particle, you will destroy part of the information that this particle carries," adds the physicist. In combination with effects such as entanglement, this provides various opportunities to use quantum effects to counteract the threat posed by quantum computers.

Diverse quantum cryptography

For example, physicists in the 1980s and 1990s already proposed using light particles to generate secret keys. The beauty of quantum key exchange is that any attempt at cracking the key will inevitably be revealed by the underlying laws of nature. So here, the security guarantee is based not on an assumption about mathematical problems but on the validity of the laws of physics – a safe bet.

"Quantum cryptography provides demonstrable safety based on the laws of nature, which makes it so valuable," says Bozzio. Furthermore, this field offers numerous other procedures that would be impossible using conventional means and that go far beyond quantum key distribution. The physicist explains, "For instance, we can delocalise keys, keeping them on two different servers at the same time. If one server is hacked, the data is still secure." Another possible application according to Mathieu Bozzio is blockchain technology – quantum cryptography could improve its resilience to manipulation attempts.

The drawback? Quantum cryptography generally requires a different kind of hardware which is currently still prone to loss of signal and to malfunctions. However, industry research could contribute to developing market-ready products.

People as a security risk

The University of Vienna has a pioneering role in this field. Successful start-up companies have developed from the Quantum Optics, Quantum Nanophysics and Quantum Information research group. For example, most recently from the research groups of Borivoje Dakić and Philip Walther. With QUBO, the experts strive to offer quantum-based solutions for tasks such as secure financial transactions as well as for faster computer chips.

So while post-quantum encryption methods seem to be the method of choice for public communication, physics offers approaches that can protect our privacy in the long run, even without having to bet on anything – at least as long as we handle our data in a responsible way. After all, the greatest security vulnerability is the one between the keyboard and the chair, i.e. the human who believes that ‘1234’ is a secure password, right? Is there nothing we can do about the security risk of us humans?

"While very simple passwords will never provide strong security guarantees, we have cryptographic mechanisms that make attacks very costly even for insecure credentials. In a well-designed system, passwords would also never be stored in plaintext," says Azari. Bozzio would rather circumvent the issue: "We could generate passwords using a random generator based on quantum physics, which we could test to see if it actually generates random numbers." Turns out that quantum physics is also effective against human failure.