|
 |
|
|
 |
 |
|
||
 |
|
|
|
|
|
|
||
 |
|
|
|
|
|
|
||
 |
|
|
|
|
|
|
||
 |
|
|
|
|
|
|
||
 |
|
|
|
|
|
| Author: Mario Stipčević, Ruđer Bošković Institute, Croatia | | Full
paper | Presentation
| |
Abstract
Today we live in the age of knowledge and communications. Possessing knowledge and means of communication and intelligently managing these resources, rather than fighting wars, is the best way to gain power and profit. The biggest profit is achieved not by producers of goods but by those who produce know-how and critical information on how to produce goods. Global two-way communications (especially since invention of the world-wide-web) seem to be the most important accelerator of marketing as well as for producing and spreading of knowledge. Further examples of using of global communication channels are: e-business (communicating and signing confidential documents), e-banking (issuing bank orders), e-shopping etc. Many of these are of wide public interest. In short, a lot of critical data is stored or travel through communication channels (computer networks, telephone lines, internet, etc.) and there is a clear need to protect such data. This brings us to the art and science of data protection, namely the cryptography.
The most basic problem in cryptography is establishing a secret key between two parties that have no previous common information, in the presence of an eavesdropper. By the Kerchoff's principle it is assumed that the eavesdropper obtains a maximum possible quantity of information from the communication channels and that he/she is familiar with the protocol.
Generally, cryptography can be divided into two types: classical and quantum. In classical cryptography an eavesdropper has all the information needed to calculate the secret key with a high probability. In quantum cryptography an eavesdropper can at most obtain a limited information about the secret key and the upper bound on his/her information can be made arbitrarily small.
Consequently we say that classical cryptography is "computationally secure", whereas quantum cryptography offers so called "unconditional security".
Classical cryptography
Roughly speaking, contemporary classical cryptography makes use of existence
of mathematical problems which can be easily defined but are very hard
to solve. Nevertheless they can in principle be solved if enough computational
resources and/or time is available.
For example, it is quite easy (and can be done fast on modern computer) to multiply 1000 prime numbers and obtain a resulting large integer number. However, a task of finding all prime factors of the same large number typically takes many millions of years of calculation on the same modern computer. In a slightly different setup security of the famous RSA public key protocol relies on apparent hardness of the factoring problem.
The main problem with the classical cryptography is that hardness of underlying mathematical problems hasn't yet been strictly proven. This means that one day someone could invent better algorithms for factoring and finding discrete logarithms and that the whole cryptography would collapse instantly. Yet another threat comes from apparent possibility to construct quantum computers which are already known to be able to solve this two particular mathematical problems with great speed. A quantum computer with mere 2000 quantum bits of memory could break PGP or RSA in a blink of an eye.
Quantum cryptography
Fortunately there exists another cryptographic technique, namely the quantum cryptography, which is completely immune to computational attacks by both classical and even quantum computers. The main characteristics of the QC are the following:
- an eavesdropper can not have exactly the same information as the legitimate users;
- legitimate users can calculate an upper limit to the amount of information leaked to the eavesdropper (colloquially: they can detect eavesdropping);
- legitimate parties can obtain a highly secret key about which the eavesdropper can have at most limited amount of knowledge which limit is under control of the legitimate parties.
Quantum cryptography (QC) is a set of cryptographic primitives which rely on laws of quantum physics rather than on unproven mathematical puzzles. The most important and the most studied primitive is the quantum key distribution protocol (QKD). This protocol makes possible to establish a (highly) secret key between two parties which do not share a secret initially. It is an equivalent of (or substitute for) the classical public key protocol, except that here an interactive two-way communication is needed to establish a single key. Interactivity is the price paid for going from computational to unconditional security.
The main technical requirement for QC is existence of a quantum channel between any two points that wish to communicate a secret key - usually it means an uninterrupted mono-mode optic fiber link. Alternatively, single quanta of light can be sent over the clear air.
In this presentation we will present several interesting QC techniques pursued today.
Open questions
- So far the QC has been limited to distances of some 100 kilometers through optic fiber and some 40 kilometers through the air.
- Current price is approx. 100.000 US$ for a pair of transcieving stations, but one can expect drastic price cut in next 5-10 years.
- It is too early to speak about availability of products but restrictive export rules of this technology to "problematic" countries can be expected.
- Quantum signature seems problematic without some additional theoretical studies and availability of quantum memories which currently does not exist.
Conclusion
Increasing security concerns stimulate search for new cryptographic solutions. A solution which apparently offers a qualitative leap in security is the quantum cryptography. In spite the fact that it is only about one decade old, the QC has already became an emerging technology. The infrastructure needed to support quantum cryptography is quite demanding, but the trends are that a large portion of it, namely the fiber optic going to or close to the end user, will be widely used anyhow for other purposes such as the cable TV or broadband internet. This makes quantum cryptography even more appealing.
Preparations for the quantum key infrastructure (QKI) have already begun. For example in Europe FP6 project "SECOQC" which started on 1. April 2004. gathers 12 countries with a budget of 11.6 MEur. It would be interesting to follow further development of this intriguing technique.