Secrecy is important for sending encrypted messages over the internet. Sensitive personal information is often exchanged while remaining vulnerable to hacks, leaks, etc. To make matters worse, we voluntarily accept the risk while being forced to trust the process. This is the price of doing online business.
By Kent Thachek, Co-founder, Simius Technologies
Quantum key distribution (QKD) is the next-generation solution to this problem. This will be the future for encryption standards. We want to improve the transformation of information which has been obfuscated so that only the intended audience receives the message.
As computers become more sophisticated, the codes they use become easier to decrypt. However, the laws of physics can offer us a solution using quantum effects. But let’s make sure we are on the same page.
Simple substitution is the most ancient form of encryption and is considered a basic standard. Swapping characters of the alphabet between different mappings to scramble a message which can be easily pieced together. The rest of encryption follows this as a common standard, but with a twisted variety
Essentially, a lock over the information secures it with a key. Namely, a factor that becomes difficult to reverse compute, and we want to make the lock impossibly difficult to pick as well. Traditional encryption relies on computing resources. For an encrypted message to be hacked, the reverse computation must be feasible. But if we could rely on a messaging system that self-destructs upon interception, it would change the game.
This is where QKD comes in. Using quantum effects to create a random number generator, there is hope in discouraging reverse computation. Although the equipment used might be susceptible to hacking, there are protocols that can be established to mitigate such risks. This leads us to the notion of one-way functions, which are easy to compute but difficult to reverse.
As with multiplying large prime numbers, figuring out the original inputs becomes more difficult with the primes increasing in size. Hence various forms of encryption are based on the number of bits (64,128,256,512, etc). The larger the prime, the more expensive it is to reverse compute. Therefore, a message using increasing numerical complexity to encrypt is bound to make greater difficulty in hacking. Reverse computation is as expensive as it is time-sensitive, but we can only stay ahead of the ball by a small margin.
When using quantum effects to generate keys, this makes it much more difficult for hackers to reverse compute the message. Factoring out these large prime numbers becomes easier by the day with advancements in computation. Quantum encryption, however, quickly breaks this down.
Instead of sending keys over the internet, a special channel and protocol can be used which takes advantage of the laws from physics. Substitution of the random number generator is essential. To get rid of eavesdropping, and identify when a man-in-the-middle attack is present, we must introduce a barrier which they cannot bypass.
This is where any physical phenomena can be used, such as a photon, electron, or even a sound wave, to exhibit quantum effects. This creates the proper random number generator which we need, to stay ahead of any hacking or reverse computation that might attempt to eavesdrop. Not only that, when our private communications are being intercepted, we can detect this.
This is only possible through measurement. When an attacker tries to hack a message that uses QKD, we can detect it. The signal becomes tainted at the point of their interception. Any third party attempting to measure our secure qubits of information will inevitably reveal themselves. This is part of the quantum effects, and our message becomes guarded by the laws of nature. Eavesdropping thus changes the contents of the message, and we can detect this before the data is even sent.
Not only that, the message can be programmed to self-destruct, thereby eliminating the contents from being viewed. Although the equipment can still be susceptible to various vulnerabilities, this is the holy grail for all cybersecurity. The message scrambles itself upon interception because eavesdropping can be easily detected based on a fault-tolerance threshold.
This leads us to a one-time keypad, that becomes ultimately unbreakable. While bits of information is shared, the order in which they are detected becomes key. This is the only way to interpret the message with any degree of accuracy. If photons are polarized at random, the eavesdropper is out of luck.
Case in point, when a hacker attempts to intercept a message secured using QKD, they will need to copy the photons using the correct order of detection. And if they fail, it changes the key. This can be easily detected when checking for errors prior to sending and after receiving a message. Even as small disturbances can change photon polarization, we can still detect these errors.
A single degree of error per photon or quantum bit can add up, past a certain threshold of detection. The hacker would have to be flying very low under the radar, and even then, we could find them dead in their tracks.
The most important takeaway is that this would fundamentally change the infrastructure of the internet if QKD was ever implemented at scale. But it would bring a new level of security unparalleled. Nothing could stop a QKD broadcast, and no one would be able to intercept it unless they had the secret key. It would be game over for spam, phishing, and even spying. Surveillance always goes both ways, and this would make the eavesdropper expose themselves by using the laws of physics to do the dirty work.
About the Author
Kent Thachek is a Disaster Recovery Specialist and Programmer Analyst with a background in Software Engineering, Bioinformatics, and Information Technology, as well as co-founder of Simius Technologies, Inc. With over 15 years of combined experience in programming and cybersecurity, Thachek, has marked his passion for ensuring the success of all technical endeavors through attention to detail and effective communication.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.