# Paving the way for fast, secure quantum communications

StoryJune 14, 2016

## Quantum key distribution (QKD) will play a central role in the next generation of secure communications, and new software from university researchers helps quickly evaluate security protocols for QKD.

Quantum key distribution (QKD) will play a central role in the next generation of secure communications, and new software from university researchers helps quickly evaluate security protocols for QKD.

In a major breakthrough for secure quantum communications, researchers at the University of Waterloo’s Institute for Quantum Computing (IQC) in Canada recently discovered an efficient numerical approach for evaluating the performance of QKD protocols. They also developed the first available software to quickly evaluate the security of any protocol for QKD.

“Secrecy is becoming increasingly important in light of the hacking efforts around the world. But it’s even more important than often appreciated, due to the fact that quantum computers may be coming online in the near future,” says Patrick Coles, an IQC postdoctoral fellow and one of the researchers behind the discovery and software. “Quantum computers could break many aspects of our current Internet security, which is based on the computational difficulty of certain problems. This would be catastrophic … so it’s imperative to explore new methods of encryption.”

The secrecy in QKD centers on the foundations of quantum physics, particularly Heisenberg’s uncertainly principle. It allows two parties, referred to as Alice and Bob, to establish a shared key to exchange photons. Since photons behave according to the laws of quantum mechanics, you can’t measure a quantum object without disturbing it. So if an eavesdropper, called Eve, intercepts and measures the photons, it causes a disturbance that Alice and Bob can detect. No disturbance means Alice and Bob can guarantee the security of their shared key.

Loss and noise create some disturbances, but a small disturbance implies that a small amount of information about the key is available to Eve. Characterizing this amount of information allows Alice and Bob to remove it from Eve at the cost of the length of the resulting final key. The main theoretical problem in QKD is how to calculate the allowed length of this final secret key for any given protocol and the experimentally observed distance.

“I thought it was incredible that quantum physicists could play a central role in revolutionizing the way we do secret communication and wanted to contribute,” Coles says. “Our approach has three main advantages: it’s robust, user-friendly, and relatively fast.”

By “robust” he means that it can handle any protocol, which is impressive because previous analytical methods were limited to idealized protocols without experimental imperfections. “Our approach enables exploring new protocol ideas and, in particular, protocols that are practical to implement with existing optical hardware,” Coles says. “Also, any imperfections in your devices can be explicitly accounted for in our software. The robustness is crucial for the analysis of real, practical systems.”

Until now, only a handful of skilled experts in the world were capable of analyzing the security of QKD protocols. “Our software has the potential to bring QKD analysis to a much wider audience,” he notes. “You simply enter a description of a protocol of interest and the computer does the calculation.”

Then there’s speed: “Calculating the secret key output of a QKD protocol is essentially an optimization problem,” Coles says. “The main reason we can make our software is because we proved a mathematical theorem that reformulated the problem into an efficiently computable form. It typically takes a few seconds to run our software and get the answer to your problem.”

And, as you can imagine, QKD technology has military applications. “The U.S. Office of Naval Research is interested in QKD for secure communications between naval vessels,” Coles points out. But adversaries may also exploit QKD, so it begs the question of whether there is a potential for eavesdropping.

With quantum computing coming online, quantum-safe cryptography will become necessary. “This refers to encryption methods that cannot be efficiently attacked by quantum computers,” Coles explains. “But another method is to find mathematical problems that even a quantum computer can’t efficiently solve.”

QKD isn’t vulnerable to retroactive attacks, whereas methods based on computational difficulty are. “A retroactive attack is one in which the eavesdropper records the ciphertext and public key, and then waits years for computational power to improve,” Coles says. “Once computers become fast enough, the eavesdropper obtains the private key and plaintext.”

So the future of quantum-safe crypto may well “end up being some combination of keys generated by QKD and keys generated via computationally difficult tasks,” Coles notes.

Future advances in QKD will include “global networks, either on the ground or via satellite,” he says. “We’ll need to choose the best protocols for these networks, and our software should be a useful tool to help guide that choice.”