Quantum Physics and the Probability of Secure Encryption Systems

BY KEVIN A. McQUEARY Hawaii Pacific University December 3, 2010 STSS 6600: 20th Century Intelligence Operations CAPT Carl O. Schuster F 6:00-9:00 pm

2 The accessibility to inexpensive and increasingly powerful computing machinery coupled with the advent and subsequent global footprint of computer information networks has exponentially magnified the challenge of signal intelligence in both creating and decrypting secure electronic communications. Technology experts theorize that the current architecture of computing machinery has reached its limit in processing and speed and anticipate viable developments in a new architecture, quantum computing, to emerge in the near future. The relative power of quantum computing over the current architecture will render current methods of encryption feeble by comparison. A parallel technology, quantum key encryption, is already emerging. Either technology, if perfected, represents a tremendous leap forward in cryptographic science and has the potential to force the signal intelligence community to reinvent itself. History is punctuated with the development and the breaking of codes. Rulers of societies and military commanders have relied on timely and reliable communication in order to govern their nations and command their armed forces. They quickly and painfully learned the consequences of their messages falling into the wrong hands. It was this inherent danger of revealing precious secrets or divulging vital information to the enemy that spawned both the development of codes and ciphers and the counter industry in signal intelligence to break them. One of the earliest documented attempts at secret communication was chronicled in the 5th century BC by Herodotus on the war between Greece and Persia. Demaratus, an exiled Greek, had knowledge of a military buildup and secret invasion. Still loyal, he devised a plan to warn his former people about the invasion. He removed the wax from a pair of wooden folding tablets, inscribed a message, and then recoated them with wax. This method of secret communication, steganography, is hiding the existence of a message without altering it. The tablets were sent with a family to their destination, all the while undetected by Persian patrols. Once delivered, the daughter revealed the secret when the wax was removed. Consequently,

the Greeks were able to prepare for battle and actually executed a remarkable attack, humbling the Persian forces, despite having inferior numbers and a weaker navy.1 The need to transmit secure information across insecure channels spawned an industry. The science of cryptography continues to become more and more complex as information becomes increasingly more valuable. Cryptanalysts are nearly keeping pace with advances in technology. The search continues for the holy grail of cryptography, the unbreakable code. The answer may be found in emerging technologies in the realm of quantum physics. Current paradigms for the encryption of signal communications utilize mathematical algorithms to mask the message. One of the earliest developed was a symmetric, or secret, key system consisting of two main algorithms, one for encryption and one for decryption. In order for secure communication to occur there has to be an exchange of the key before the message is sent. This can still be a very secure form of communication. Extremely complicated, single use encryption keys are virtually impossible to decrypt. The problem with this method is in the key exchange and management. It is too dangerous to send the key across insecure channels. The communicating duo has to meet to exchange the key in person, which may be improbable or impossible. There is also the option of having a third party serve as a courier, but that method severely escalates the risk of compromise. Moreover, since the key needs to be unique for each duo, the number of keys that must be exchanged and managed grows exponentially with the size of the group communicating.2 Traditionally, descriptive analogies for illustrating cryptographic communication schemas involve the players Alice and Bob as the agents attempting to send a secure communication, with Eve playing the role of the eavesdropper attempting to intercept and interpret the secure communication. In the aforementioned symmetric key schema, imagine Alice purchasing a

1 2

Singh, Simon. The Code Book. (New York: Anchor Books, 2000) 4-5. Michael Stephen Brown. Classic Cryptosystems in a Quantum Setting. (9 April 2004) http://arxiv.org/pdf/quantph/0404061 (accessed 30 November 2010), 1-3.

4 fireproof lockbox with two keys from her local do-it-yourself store. She meets with Bob and gives him a key. When Alice wishes to send Bob a secure message, she simply writes it, places it inside the lockbox, and sends it to Bob. If Bob receives it, he can easily open it and read the message because he has the key. If Eve intercepts the lockbox, she cannot open it because she does not have a copy of the key. The difficulty of key exchange intrinsic to the symmetric model was overcome in 1976 when mathematicians Whitfield Diffie and Martin Hellman published the first schema for public key encryption. (It later emerged that Malcolm J. Williamson invented it separately a few years earlier for the GCHQ, the British signals intelligence agency. That information was kept classified until 1997.)3 Unlike the symmetric model this model uses two main algorithms to create distinct encryption and decryption keys. The encryption key, known as the public key, is made available in the clear for anyone to use. Once encrypted the second key, known as the private key, is the only way to decipher the message. This method has the advantages of open dissemination and a single reusable encryption key, with virtually no risk to the security of the system. In addition to securing messages, it is also commonly used for business transactions over networks. The drawback for public key encryption is efficiency, in that it requires a great deal more computing power, especially as the key algorithms increase in complexity.4 Going back to the Alice and Bob metaphor, imagine Alice bulk purchasing boxes that can be secured with padlocks. Alice places in each box an open padlock (i.e. the public key) that can be locked without a key. If Bob wishes to send Alice a secure message, he simply goes to wherever Alice keeps the pre-staged boxes and takes one. He places the message in the box and secures it with the padlock. Once he secures the box, Bob cannot open it to get the message back out. Only Alice can open the box once the padlock has been secured because

Wikipedia. Diffie-Hellman key exchange. (19 October 2010) http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange (accessed 30 November 2010).
4

Brown, 3-5.

5 she has the only (private) key. If Eve were to intercept a locked box en route to Alice, she could not open it because she does not have the key. Both of these methods have been reasonably effective in securing electronic communications, discounting virus, Trojan horse, or tempest attacks, which defeat them due to access that precedes encryption. Speaking about Pretty Good Privacy, a public key schema invented by Phil Zimmerman, National Security Agency deputy director (from 1994-1997) William Crowell is on record for having said that if all the personal computers in worldapproximately 260 million computers-were to be put to work on a single PGP encrypted message, it would take on average an estimated 12 million times the age of the universe to break a single message.5 History proves otherwise, of course, but it was not an unreasonable thing to say at the time, and it has significance coming from the deputy director of the NSA. The mission statement of the NSA is to protect U.S. national security systems and to produce foreign signals intelligence information. The NSA Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information. The NSA Signals Intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. They also enable Network Warfare operations to defeat terrorists and their organizations at home and abroad, consistent with U.S. laws and the protection of privacy and civil liberties.6 To add further credibility, the NSA also shares with the general public some of the significant contributions cryptologists have

Singh, 317-319. National Security Agency, Mission. (15 January 2009), http://www.nsa.gov/about/mission/index.shtml (accessed 30 November 2010).

6 made to the defense of our Nation through the Center for Cryptologic History and the National Cryptologic Museum.7 Suffice it to say that both methods are very reliable means of security. Private key encryption, assuming the key used is of sufficient length and a one-time use, is impossible to break unless the key is stolen. Public key encryption has been particularly effective, and there have been many evolutionary tracks that have improved it over the years. Yet all public key encryption schemas are vulnerable to a brute force key search attack because everyone has access to the public key, but that requires computing power that is extremely advanced and expensive so it is generally impractical in terms of time and money. Another potential vulnerability to the public key schema is a man in the middle attack, in which Eve would intercept the Alices public key, alter it with her public key system, and then republish it. Eve could then intercept any messages from Bob and decrypt them without knowing the Alices private key. However, to avoid detection, Eve would have to then encrypt Bobs message with Alices public key and send it to her. This method is extremely difficult to execute but most successful when Eve has access to the infrastructure of the transmission media, as she might if she was employed at an Internet Service Provider.8 The NSA takes communications security very seriously. Naturally, in a capitalist economy businesses that produce information security products want to expand their market footprint, which would inevitably extend internationally. Partially through Crowells urging, on 15 November 1996 the Clinton Administration passed Executive Order 13026, which permitted exporting of strong encryption systems if the producers create and maintain key recovery

National Security Agency, Cryptologic Heritage (15 January 2009), http://www.nsa.gov/about/cryptologic_heritage/index.shtml (accessed 30 November 2010). 8 Wikipedia. Public Key Cryptography. (29 November 2010) http://en.wikipedia.org/wiki/Publickey_cryptography (accessed 30 November 2010).

7 agents (i.e spare keys) that could be made available to duly authorized government entities.9 Worldwide demand for strong encryption understandably was riding in accordance with the expansion of the Internet and the infusion of computers into everyday life. The concern with availability of strong encryption systems to the private sector was the potential use by non-state acting criminal elements, such as gangs, terrorists, and drug cartels. By insisting on making spare keys available to law enforcement agencies (with authorization), Crowell helped abate concerns over national security. The Order was met with much protest by First Amendment advocates and civil libertarians, whose stated concerns over the security of the spare keys.10 The end state of the Order was to consider software as a non-technology and non-military encryption systems currently fall under the control of the Department of Commerces Bureau of Industry and Security. Exporting of encryption systems aside, the coming threat to both the private and public key methods is the arrival of quantum computing. As stated before, under anything but exceptional conditions current levels of encryption are remarkably difficult to defeat. One of the main reasons for this is that computers in widespread use today function under the laws of classical physics. Information is stored and manipulated in bits, which exist one of two states, i.e. 1 or 0. The trends in technological advancement are pushing the limits of those laws by attempting to create for faster and more powerful computing machinery at smaller and smaller scales. The crux of the matter is that objects on an atomic scale behave differently, functioning under a new set of laws we call quantum physics.11 Unlike classical physics which can describe things in absolute terms like on or off, quantum physics describes things in terms of probability. In a quantum computer, information would be stored in quantum bits, or qubits which like bits have a value of 1 or 0 but unlike bits

Keith G. Tidball and Richard A. Best, Jr. (4 November 1998) The Encryption Debate: Intelligence Aspects. http://www.sci-links.com/files/CRS-_Encryption_Intelligence-_11-98.pdf (accessed 30 November 2010), 2. 10 Tidball and Best, 3-5. 11 Brown, 7-9.

8 can also exist in a superposition state of both.12 Quantum physics is still theory, but a functioning one. Einstein himself was dedicated to finding a unified theory that merged classical and quantum physics. Niels Bohr, one of the founders of quantum mechanics, was quoted anyone who can contemplate quantum mechanics without getting dizzy hasnt understood it.13 To better understand the potential of quantum computing it may help to better explain the superposition state, starting with the uncertainty principle. In quantum physics, the Heisenberg Uncertainty Principle ( x p >= /2) is the statement that locating a particle in a small region of space makes the velocity of the particle uncertain. Conversely, measuring the velocity of a particle precisely makes the position uncertain. There are no states in which a particle has both a definite position and a definite velocity. The narrower the probability distribution is in position, the wider it is in momentum. Physically, the uncertainty principle requires that when the position of an atom is measured with a photon, the reflected photon will change the momentum of the atom by an uncertain amount inversely proportional to the accuracy of the position measurement. The amount of uncertainty can never be reduced below the limit set by the principle, regardless of the experimental setup. The uncertainty principle is related to the observer effect, with which it is often conflated. In the Copenhagen interpretation of quantum mechanics, the uncertainty principle is a theoretical limitation of how small this observer effect can be. Any measurement of the position with accuracy x collapses the quantum state making the standard deviation of the momentum p larger than Plancks Constant ( /2).14 In essence, the more you know about the location of a particle the less you know about its movement, and vice-versa. The uncertainty principle is a component of superposition, which is traditionally described by the metaphor of Schrdinger's cat. Schrdinger's cat helps illustrate what a

12 13

Brown, 8-9. Singh, 320. 14 Ian Marshall and Danah Zohar. Who s Afraid of Schrdinger s Cat? (New York: Harper Perennial, 1998) 181-183.

9 strange theory quantum mechanics is. In all other scientific theories, we have models of how we think things work. For example, we know that distance traveled equals time traveled multiplied by velocity. If you travel for two hours at 50 miles an hour, you will go one hundred miles. We can measure the time with a clock and the distance with the odometer on your car. Quantum mechanics is not like that. What we measure in experiments is not described by quantum mechanics. Instead quantum mechanics gives the probability that we will make a given measurement. Of course probabilities occur all the time in classical science, because we almost never know everything we need to make a completely accurate prediction. For example, if you want to make a trip of a hundred miles, you cannot know ahead of time exactly how long it will take. You can only give an estimated time; you might run into a traffic jam, get a flat, etc. In quantum mechanics probabilities are different. Quantum mechanics only describes how probabilities change with time. In the Schrdinger's cat metaphor, we place a live cat in a box with a lump of radioactive material, along with a sinister device that will release either food or a gaseous poison if it detects radioactive decay, depending on which sensor is activated by the decay. If the material in the cat example has a 50% probability of decaying in one hour, then in one minute it will have only a slight chance of having decayed. After 10 hours it will have a probability very close to one of having decayed. Quantum mechanics gives an exact model of how that probability changes over time. It says nothing at all about the state of the cat as these probabilities change. Science tells us what the probabilities are, but is completely silent on what (if anything) happens between observations.15 In the quantum mechanical model nothing ever happens. The material never has to decay. The probability just keeps getting closer and closer to one. There is nothing to force a real event to happen. This is very confusing because what we observe is always a real event.
15

Marshall and Zohar, xiii-xv.

10 We see the material decay at some particular time. But until we actually observe it the cat exists in a state of superposition; it is both alive and dead at the same time! It is our observation of the cat that determines its state. When we apply these principles in computing, you can see very quickly how much more powerful a quantum computer is compared to a traditional one. In binary, an array of 7 bits can represent any number between 0-127, one at a time. But if that array is 7 qubits, they simultaneously represent all numbers between 0-127. In that array, you essentially get 128 computations for the price of one. If you extend that array out to 250 qubits, you get 1075 combinationsmore than the number of atoms scientists estimate are in the universe.16 With such amazing computing power, simple brute force attacks of existing public and private key encryption systems would be broken almost instantaneously. Quantum computers dont exist yet to any functional degree, and they may never, but progress is being made. But more progress is being made in the quantum sciences in the creation of usable quantum encryption systems. Quantum key encryption involves the creation of a one-time keyImagine Alice and Bob want to share a secret key, but Eve is listening. Alice, the sender, has a random key that she wants to transmit. Alice begins by transmitting a random set of bits using a random choice of rectilinear and diagonal polarization schemes (or bases). Alice encodes each key bit as a qubit in the specified basis. Bob, the receiver, also chooses schemes randomly to receive the bits and records his results.17 Once the message is complete, Alice now contacts Bob on an unsecure line and then tells him which polarization bases she used for each bit. She does not tell him the exact orientation. At no point does Alice reveal her key, or Bob his results. Bob replies only by telling her which times he guessed the correct basis. He should have received the correct bit on those

16 17

Singh, 327-239. Singh, 339-341.

11 occasions. But in cases where their bases dont match, they discard that bit. Once they have completed that initial polarization check, they are ready for an integrity check.18 Of the set of agreed-upon bits, they choose a random subset and compare. (For arguments sake, its a set of 75 out of a 1000 bit string.) If the data jives, then that substring is discarded and the resultant shortened set of bits is not a message, but is a new random key that can be used for encryption. The likelihood of an eavesdropping event not affect one of those bits is less than 1 in a billion.19 If they detect a mismatch then they know that Eve has been eavesdropping. They can then discard all and begin again. Suppose Eve is trying to intercept the message. She has to randomly choose a scheme to receive each bit. If she guesses the entire key string correctly, Bob would receive the message unaltered. The likelihood that an eavesdropping event will affect at least one of those bits is nearly infinite. Note that when she chooses the wrong scheme, she alters the state of the bit, which is received in the new state by Bob. It can be shown that no strategy Eve employs can prevent Alice and Bob from detecting her eavesdropping.20 The argument then is that quantum key distribution protocols can provide a guarantee for secure key distribution using a one-time cipher that cannot be intercepted without awareness by the sender and receiver. This works great in theory. In practice, success is marginal. The computing machinery they are using to exercise quantum cryptographic systems are currently facing their biggest challenge with environmental noise. Because they cannot purify the signal with the equipment they have available, they have to accept bit mismatch at about 20% to perform communications. At that rate tests have shown that in hacking tests, the hackers have refined their process to be indistinguishable from the acceptable noise threshold. Regardless,

Singh, 341-343. Singh, 344-346 20 Singh, 346-347.

19

18

12 developers are optimistic. Such field testing demonstrates that quantum key encryption is possible, and with continued refinement could become a standard in the near future.21 Whichever technology, quantum computing or quantum key encryption, comes to fruition first will be a watershed moment in signal intelligence operations. Either would necessitate significant changes in the national security policy. Quantum computing would immediately render all current forms of strong encryption useless, and whichever government entity (or rogue entity) will have a supreme advantage over foe and friend alike. It is more likely that quantum key encryption will be developed to an effective level of function. The latter would result in a better state of peace. It would be a significant burden on the intelligence community in terms of the collection and analysis phases of the intelligence cycle. But there is arguably less danger from a foe that could know all your secrets than from a foe that could hide all of his. One of the prevailing characteristics ascribed by prominent military historians when discussing the American Way of War is that they are agile / adaptable. Undoubtedly, the American intelligence community will acclimatize to either or both technologies. But given the current state of global affairs, perfection of quantum key encryption is the more desirable event. Having the security of impenetrable communications on the home front would enable the intelligence community to focus their efforts where needed to greater effect.

Zeeya Merali. Quantum Crack in Cryptographic Armour. (20 May 2010). Nature News. http://www.nature.com/news/2010/100520/full/news.2010.256.html (accessed 30 November 2010).

21

13 References Brown, Michael Stephen. Classic Cryptosystems in a Quantum Setting. 9 April 2004. http://arxiv.org/pdf/quant-ph/0404061 (accessed 30 November 2010). Marshall, Ian and Danah Zohar. Who s Afraid of Schrdinger s Cat? New York: Harper Perennial, 1998. Merali, Zeeya. Quantum Crack in Cryptographic Armour. 20 May 2010. Nature News. http://www.nature.com/news/2010/100520/full/news.2010.256.html (accessed 30 November 2010). Singh, Simon. The Code Book. New York: Anchor Books, 2000. Tidball, Keith G. and Richard A. Best, Jr. The Encryption Debate: Intelligence Aspects. 4 November 1998. http://www.sci-links.com/files/CRS-_Encryption_Intelligence-_11-98.pdf (accessed 30 November 2010). Wikipedia. Diffie-Hellman key exchange. 19 October 2010. http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange (accessed 30 November 2010). Wikipedia. Public Key Cryptography. 29 November 2010. http://en.wikipedia.org/wiki/Publickey_cryptography (accessed 30 November 2010).