TL;DR — Quantum computers are going to render a lot of current encryption techniques obsolete. Though quantum systems are inherently more secure, quantum networks and quantum key distribution suffer from some of the same vulnerabilities that classical networks do. How do we protect the quantum network?
The first system has an opportunity to establish itself as a platform for quantum innovation. However, there’s also a looming question: how do we protect the quantum system from being hacked? While quantum computers will be able to break a large set of current encryption, quantum networks are vulnerable to some of the same issues that plague classical networks.
Quantum data has extra security built in
Quantum mechanics allows us to harness superposition and entanglement, which ends up providing us an extra layer of security (check out my quantum computing primer here for more information about these two properties). A measurement of the quantum state destroys the entanglement. Because entanglement and superposition is broken upon reading the data, detection of eavesdropping is “easy” across the quantum network. For example, if Eve makes measurements in Alice and Bob’s quantum network, she reveals her presence, because Alice and Bob’s qubits will not agree. Having detected a breach, Alice and Bob can immediately make an informed judgement about continuing information transfer, which enables them to minimize data loss.
Eve can’t even copy the quantum states and experiment on those! The no-cloning theorem states it is impossible to copy a quantum states for pure states, and the no-broadcast theorem states the same impossibility for mixed states. There is only one set of information, so Alice and Bob will know if Eve is trying to make measurements. This already ups the difficulty level of hacking a quantum system.
Hacking a quantum network
Theoretically, the laws of physics offer solid proofs of the security of quantum cryptography and quantum networks. Cryptography has always been based on mathematical assumptions. Now quantum cryptography is based on the law of physics. However, the equipment is assumed to be perfect — which is never the case. The imperfections of the security model will be in the equipment.
For example, one quantum key distribution (QKD) network was hacked once a researcher realized that the random number generator was not even close to random. While this was quickly patched, it turned out there was an issue in the FPGA— they were reading out the buffer more quickly than the random numbers were generated. Physics works, still — but this completely breaks the security. A small error in a piece can break the security of the electrical or optical system, which can compromise the entire system’s security
Beyond that, physics can be used to exploit QKD systems. Prof. Makarov, at University of Waterloo, calls it a “light trojan horse” — a new version beyond just hardware and software, meant to exploit physics. The optics in the system can be used for phase modulation — all optics have a reflection rate. Eve can exploit the back reflection (like the end of the optical fiber line) and the phase modulator to get bit values directly by shining a powerful pulse into the optical fiber. There are then no errors and it looks like there is no eavesdropper. As with other security paradigms, papers are published, the differences in the model and assumptions are exploited, and later the security protocols are changed and are secure again — in theory. Here, hardware countermeasures were used: a narrowband filter to restrict wavelength and a detector to measure pulse energy.
Potential hacks aren’t limited to just the hardware. For examples, the no-cloning theorem states that quantum states cannot be precisely copied. However, what if you could physically tap into the network, and copy a quantum state imprecisely (known as imperfect cloning)? You could collect enough information to recover the rest of the data, allowing you to find the approximate quantum state. Can quantum error correcting codes do what locally recoverable computer codes can do, imprecisely copy quantum states and correct the errors to reconstruct a more closely approximate quantum state?
Addressing quantum platform vulnerabilities
Quantum networks have already been implemented in many countries. DARPA has a QKD network in Massachusetts, and there are active networks in Vienna, Tokyo, China, and Geneva. Chinese collaborations have tested a 100km long free-space quantum networks, with a 2000km long network planned for completion by next year. Quantum networks are real, so the potential of hacking a quantum network is a real threat. As commercial companies pop up, selling quantum key distribution equipment, quantum networks will become wider spread.
Device-independent QKD can close a lot of the security loopholes. However, device-independent quantum key distribution takes into account the noise and errors that are present in every system. It won’t eliminate all potential hacks, but is a huge step towards increased security. The devices don’t need to be perfect anymore.
Currently, a kid with a personal computer can start learning about hacking hardware and software all on his or her own. But that sort of equipment is not readily accessible in quantum world unless you are an academic researcher, a government employee with a high-level security clearance, or a specialized technical staff member at IBM, Microsoft, or Google. The strength of cryptographic current security is open source cryptography and mass availability of the equipment needed.
In the end, quantum security will suffer from some of the same problems as classical security in the entire chain — trusting the manufacturer (the NSA has their own semiconductor fabrication facility) and correct implementation. The basic properties of quantum mechanics will make data transmission more secure. Since the security of quantum systems relies on hardware and software, understanding quantum mechanics is going to be crucial for everyone in the post-quantum world.