2.4


Quantum: An Additional Threat?

Antonio Acín

Antonio Acín

Antonio Acín is an ICREA Research Professor at ICFO-The Institute of Photonic Sciences. He has a degree in Physics from the Universitat de Barcelona (UB) and in Telecommunication Engineering from the Universitat Politècnica de Catalunya. He got his PhD in Theoretical Physics in 2001 from the UB. After a post-doctoral stay in Geneva, he joined ICFO in 2003. At ICFO, Prof. Acín leads the Quantum Information Theory group. He is also AXA Chair in Quantum Information Science since 2016.

Cryptography is the art of sending private information in a secure way. Nowadays, it is mostly based on computational security: existing protocols are secure because hackers need to solve a problem for which no efficient algorithm is known. For example, to connect to your favourite websites or for remote connections, you daily use the RSA protocol, which is based on the fact that there is no efficient algorithm to factorize large numbers. Computational security is convenient because it is cheap: it is a software solution and does not require buying any device, just running a program. However, computational security is also risky.

Indeed, the advent of quantum computers, which exploit the collective properties of quantum states such as superposition and entanglement,¹ sheds some doubts on the applicability of some security algorithms, because quantum phenomena will give quantum computers a very large computational power. In 1994 already, the famous Peter Shor, at Bell Labs at the time, designed an efficient quantum algorithm for factorization. An eavesdropper with a quantum computer will be able to factorize large numbers and hack RSA. This is not currently perceived as a risk, because as far as we know nobody has the technology to create a quantum computer powerful enough to run Shor’s algorithm at the moment. However, are we sure about this? And even if this is indeed the case, how long will it take for someone to have such a powerful quantum computer?

But even without a quantum computer, there is no proof that no classical efficient algorithm exists to solve the problems exploited by cryptographic protocols. In the case of RSA, it is in principle possible that a non-quantum algorithm for efficient factorization already exists. It seems unlikely simply because so many attempts to find such an algorithm have failed so far. But one cannot exclude that someday, smart hackers will find efficient non-quantum algorithms that turn our security into a mere illusion.

To alleviate these risks, two approaches are possible. The first one is to maintain the paradigm of computational security and to design new protocols based on problems that are also difficult to solve for a quantum computer. This is known as ‘postquantum cryptography’ and has a big advantage: it is again a software solution, hence cheap, and its integration with existing infrastructures is straightforward, as you only need to run a different program. It maintains, however, some of the previous risks: there is and will be no proof of the non-existence of an efficient algorithm. We cannot exclude the possibility that a smart hacker equipped with an efficient algorithm breaks the protocol.

Quantum algorithms and computers will impact cyber security, but we can already prepare our systems for quantum resilience.

The second approach is ‘quantum physical security’, a change of paradigm in security applications. Using quantum phenomena, it is possible to design quantum cryptography protocols whose security is based on the laws of quantum physics. An eavesdropper aiming at hacking them would not need to solve a complex computational problem, but to hack the quantum implementation. The big advantage of quantum cryptography protocols is that security can be proven. The main disadvantage is that it is a hardware solution: you need to buy a separate and expensive device. Because of that, the security may be sensitive to the implementation, and the integration with existing infrastructures is harder.

The best approach going forward is to combine both quantum physical security and quantum-resistant cryptography. On the one hand, by designing post-quantum protocols with as much evidence as possible of their resistance against quantum computers. On the other hand, by developing cheaper quantum cryptography protocols and improving their integration in existing infrastructures, so that a layer of quantum physical security can be added to strengthen our encryption techniques as soon as it is technically possible. Secure communication is a tentacular issue, where various levels of confidentiality, risk and budget, amongst others, need to be considered. Having more tools to face all these challenges only makes us stronger and it is now clear that quantum physics provides new recipes to ensure our secrets remain secure. With the two approaches combined, hackers will have a much more difficult time, as they will have to face complex computational problems and quantum phenomena at the same time.

1 How Does a Quantum Computer Work? Michael Tabb, Andrea Gawrylewski and Jeffery DelViscio, Scientific American, July 7, 2021