This quantum key/password distribution
hardware, called QkarD and engineered at Los Alamos National Laboratory, is theoretically unhackable by outsiders. Photo by
Los Alamos National Laboratory
What Ashley Madison needed was quantum cryptography.
The same could be said for the U.S. Office of Professional
Depot and Anthem
Health Insurance, and any number of hacker targets in recent years…even PBS.
Quantum cryptography is the use of physics, specifically quantum mechanics, to build secret codes. It is so secure, so
difficult to intercept, some call it unhackable. Banking, medical, business and government records around the world could
be made secure from outside intruders.
As the name suggests, the idea is based on quantum mechanics — a branch of physics that explains the peculiar behavior
of atomic and subatomic particles. Theoretical physicist Richard Feynman once
said, “It is safe to say that nobody understands quantum mechanics.” We’re going to take a stab in this article at explaining
it. But before we dive into its murky principles, let’s tackle why quantum cryptography is needed in the first place.
Even though encryption has existed since the age of Caesar,
it’s only in the last five to 10 years that the topic has moved from being small-scale — an attack on a home computer
or a single company — to multi-level attacks that can impact millions of people at a time, said Richard Moulds, a data
security, cryptography expert and vice president at Whitewood Encryption Systems. Think eBay,
JP Morgan Chase or the federal Office
of Personnel Management. The stakes have always been high: Codebreakers led
to the execution of Mary Queen of Scots in 1587 and helped
defeat the Axis powers in World War II. But modern data breaches implicate the personal information — home addresses,
phone numbers, credit cards — of whole swaths of society, and the cost of dealing with these hacks are huge.
Data breaches cost U.S. companies $6.5 million on average in 2014, according to The
Ponemon Institute. If your company lost over 500,000 records, this number jumped to $11.9 million.
Naturally, these costs get passed onto the consumer, and since 2005, the annual cost per capita for data breaches has risen
from $138 to $217. That means you are losing 200 bucks each year due to data breaches. (For a cool visual of the world’s biggest
hacks in recent years, check out Information
Annual number of data
breaches and exposed records in the United States from 2005 to 2014 (in millions). Graph by Statista. Data source: Identity
Theft Resource Center
Hacking With Light
Hackers or codebreakers have become increasingly adept at breaking the modern security that safeguards digital information.
That’s because at the end of day, most types of computer encryption and passwords are based on a random number, and hackers
are getting better at guessing or stealing those numbers.
Take, for example, RSA encryption, which is the foundation for most Internet security today. RSA uses math to conceal data
with two randomly selected prime numbers.
“Getting a [traditional] computer program to generate a random number is almost an oxymoron because computer programs do
the same thing over and over and over again. They do what they’re programmed to do, and they don’t do things randomly,”
Moulds said. “As the bad guys’ computers get better, faster and stronger, then in principle, those random numbers get easier
Such was the case of last year’s hack of Sony Pictures. Infiltrators used an
advanced computer program with enough brute force to guess the company’s passwords. Once inside, the hackers alleged to
have collected sensitive data for nearly a year, before
they started wiping many of the computers and tried to publicly
damage the company’s reputation.
But if the Sony hack seemed bad, it pales in comparison with what could have happened, had the bad guys used a quantum
The pursuit to build the first quantum computer mirrors the Cold War-era space race or the WWII-era hunt for a nuclear
weapon. Such a computer would use the quantum physics of photons — light particles — to outmatch any traditional
computer or digital security system that has ever been created.
Unlike classic computers that use electricity to represent information in binary bits (1s and 0s), quantum computers use
photons to represent information as 1s, 0s or both values simultaneously. That’s because at the quantum level, photons can
exist in more than one state at once. (Remember, quantum mechanics doesn’t make sense). As such, a quantum computer can make
more than one calculation at once, significantly cutting the time it takes to process information. For instance, a quantum
computer could guess the random numbers that reinforce most passwords and data encryption in a matter of minutes.
Last week, the National Security Agency issued a
bulletin that warned companies to prepare for the emergence of a quantum computers.
“Our ultimate goal is to provide cost effective security against a potential quantum computer,” the statement reads.
The advisory, wrote Dan Goodin wrote for Ars
Technica, signals the growing recognition that quantum computing “could soon represent a practical threat on U.S. national
security. Until now, the lack of consensus about how long it will take for scientists to build a working quantum computer
has kept the NSA from making such concrete recommendations.”
As Goodin points out, it could take 10 to 50 years before a quantum computer is ready to replace our PCs, but the components
for such a device exist. On August 14, physicists at Bristol University in the UK announced that they had engineered a 4-inch
by 1.5 inch optical chip that can serve as a quantum central processing unit (CPU).
“It can implement all the basic gates [or circuits] required for quantum computing,” said University of Bristol physicist
Anthony Laing, who led the project. His group teamed with Nippon Telegraph and
Telephone (NTT), a major telecommunications company, and their invention was reported in the journal Science.
oxide based quantum optics lab-on-a-chip. Photo by University of Bristol
Bristol University’s optical chip tests quantum theories with unprecedented speed. Quantum experiments that would otherwise
months to a year can be completed in just minutes, even seconds, with this chip. It would allow Laing and other physicists
to can push the limits of computer science. Consider the Church-Turing thesis, which is named after American mathematician
Alonzo Church and the British mathematician and Engima machine codebreaker Alan Turing.
“Church-Turing thesis is a foundational idea in computer science that every realistic, physical system should be efficiently
simulated by a classical computer,” Laing said, but since quantum computers don’t operate by classical laws, they’re immediately
in conflict with the idea. Some strong supporters don’t believe that quantum computers could ever exist, because they’re
forbidden by this thesis.
Dr. Anthony Laing with his students Chris Sparrow, Jacques
Carolan, and Chris Harrold (left to right) stand behind the universal linear optical processor, with its electronics, photon
source and photon detection system. Photo by University of Bristol
“So MIT computer scientist Scott Aranson had a neat idea. He said instead of building the final package [quantum computer],
let’s just build a quantum device that can specifically overthrow the Church-Turing thesis,” Laing said. The result was a
phenomenon called called boson sampling.
“We were able to implement 100 boson experiments back-to-back in rapid fire with three and four photons,” Laing said. That’s
not at the scale where they could challenge the Church-Turing thesis, but by using more photons and building a larger version
of the device, which would be relatively easy to do, they could disprove the Church-Turing thesis, and in essence, could shake
what we know about the traditional computer.
The Antidote: An unbreakable quantum password
Quantum computers are knocking on humanity’s door. Google
wants one. IBM wants one. The
NSA wants one. The devices could solve complex math problems, create new drugs or speed up your Google searches, but when
used nefariously, they could tap your encrypted messages. In fact, computer scientist Lov
Grover and MIT mathematician Peter Shor
conceived the “quantum software” for the job around 20 years ago.
So what can everyone else do to protect their digital messages and data from the potential of quantum hackers?
Simple. “You send the messages in a quantum state,” said Boston University quantum physicist Alexander
Quantum cryptography uses photons to send secret messages between two people. Think of it as a tin-can telephone, wherein
a nylon string transmits two people’s voices via tin cans. With quantum cryptography, the string is replaced by a stream of
photons — the basic unit of rays of light. So rather than sending email as electronic bits (1s and 0s), the two people
send quantum messages using photons with two different physical states.
Due to the foundations of quantum — namely the Heisenberg Uncertainty Principle — it’s impossible to
copy or intercept these photons without altering them and alerting the message recipient. To return to the tin-can telephone
analogy, it’s impossible for an eavesdropper to intercept a quantum message without cutting the string.
“It would be the niche of absolutely secure communication. It means no one could break it. It’ll stay secure for
10, 20, 30 years down the road, unlike many conventional encryption technologies,” Sergienko said. As long as the equipment
isn’t flawed, that is.
In 2003 and 2004, Sergienko teamed with scientists at Harvard University and BBN Technologies to build a
three-node, 18-mile network for sending quantum encrypted messages along fiber optic cables in Boston. Since then, groups
in Europe and Japan
have demoed citywide networks. China plans to build a 1,200-mile
quantum connection between Beijing and Shanghai, while the Ohio-based research and development company is constructing
a quantum network that
stretches from Boston to Georgia to California.
However, distance is a major impediment to quantum messages, as photons tend to be absorbed or disturbed the further that
they travel through a fiber optic cable.
“Several papers show an upper limits of 124 to 186 miles. Also, the longer that you go, the lower the rate. The question
is how useful is sending data 186 miles at one bit per second, when everything in modern telecommunications goes at megabits
and gigabits per second?” said Sergienko.
This bandwidth issue could take years to fix. Scientists at Los Alamos National Laboratory in New Mexico are not only working
on ways around it, but on how to reinforce our current data security with quantum mechanics. Last autumn, Los Alamos struck
the biggest deal in its history with Richard Moulds’ parent company Allied Minds to commercialize these products.
Earlier this month, it unveiled a quantum-based generator that creates random numbers — the same random numbers that
fuel passwords and other current forms of digital security. The quantum number generator — dubbed The
Entropy Engine — looks like a regular computer board that you would slide into a server. Unlike passwords made by
conventional computers, these quantum passcodes (or keys) would be difficult to guess by brute force, thus, impeding brute
force attacks like the Sony Picture hack.
“Eventually, random number generators like the Entropy Engine would be placed in data centers to continuously generate
passwords and data encryption. Most people would be consuming it as a security service from their email, Internet or cloud
provider, rather than buying hardware. The cost might run between $5,000 and $10,000,” Moulds said.
Quantum random number generator churns out encrypted passcodes/keys so fast that it could make life harder for hackers
like the ones that struck Ashley Madison or Home Depot, where an insider possibly revealed the passwords or weakened security
systems so hackers could access an internal network.
“Our quantum random number generator generates entropy so rapidly that one could create new cryptographic keys very rapidly
and not need to reuse keys,” said Los Alamos physicist and leader of the quantum communications team Raymond Newell. “As an
analogy, if you only have one key, you’ll need to build all your locks to match it, and anyone who steals your key can open
all your locks. But if you have many many keys, you can build a different lock for each [door], and anyone who steals a key
can open only one lock.”
Moulds points out that another issue with the Ashley Madison hack “was that they only bothered to encrypt some of
“The attacker wasn’t interested in accessing accounts, he or she was focused on attacking and discrediting Ashley
Madison as an organization. Therefore being able to steal large quantities of non-encrypted personal information was exactly
what the attacker was looking for – details about sexual preferences is much more sensational than passwords,” Moulds
said. “What this shows, is that for organizations that acknowledge that they might suffer a data breach (which really
should be everyone) then they should encrypt all data that might be interesting to anyone. To encrypt only a subset of your
data is like locking the front door but leaving the windows open.”
The next stage is beefing up security that involves moving quantum keys, which would involve a quantum network. Los Alamos
ran its secure communications on a
secret quantum Internet for two years and has since put that technology into a package called QkarD.
“The first targeted market would be not directly to consumers, but rather for the type of Internet corporations that are
securing their internal communications,” Newell said. “Our team and others around the world are working on those distance
challenges, but it will be two to five years before QkarD reaches consumers.”
Newell’s team is working to circumvent the problem and send faster quantum messages via the air like satellite signals.
Chinese scientists are also developing a quantum satellite, slated to
launch in 2016.
“If you think about the progression from where we are today and how we can make sure that our security in 20 years is able
to withstand quantum computing effects. We’ve got to migrate our cryptosystems over the next two decades to much stronger
systems,” Moulds said
The post The race for the unbreakable
password is almost over appeared first on PBS NewsHour.