Let's recap crudely: the basis of cryptography is to encrypt or decrypt messages by means of a secret key. Cryptosystems in general develop their "force" around this key and normally when trying to discover it, we must factorize two enormous prime numbers, or we must solve the discrete logarithm problem, as is the case of the "ElGamal" scheme. The numbers are chosen to be so large that even with the processing power of a supercomputer, the key cannot be discovered, taking into account an intractable time, if we are thinking about making an attack on the aforementioned key.
However, the resistance of these systems lies primarily in their "mathematics". For the issue of prime factorization, if some day mathematicians achieve an ultra-efficient execution algorithm, any cryptosystem dependent on this mechanism would be put at risk.
Quantum Cryptography is a paradigm that tries to address this "vulnerability" taking advantage, among other issues, of the Heisenberg uncertainty principle.
In a nutshell: Quantum Cryptography is that branch of Cryptology that uses physics to develop a 'completely' safe cryptosystem, maintaining the secrecy between different independent entities. One of the meanings of the word qubit refers to the essential behavior of the smallest particles of matter and energy. This translates mainly into the fact that the security of a quantum cryptographic system depends more on its physical properties than on any mathematical aspect.
So, Quantum Cryptography uses photons to transmit a key, which can of course be used to encrypt or decrypt information; however, it is natural to ask how a photon can become just a key and how we attach information to it. It is precisely at this moment, where the spin of the photon and its relation to the binary 1 and 0 exist. For example, from the string 1010101011 we could say that an X photon with the vertical spin is assigned a 0. However, we still have the following problem: if the core of our cryptosystem lies in the key, what would be the safest way to exchange it with our recipients, without its being compromised?
The quantum contribution to the security of the key distribution process lies precisely in the fact that a spy cannot extract information, without revealing a malicious presence to the participants, since by the laws of quantum mechanics it is not possible to copy states.
There are several protocols for the quantum distribution of private keys. The "simplest" was proposed in 1984 by C.H. Bennett and G. Brassard, and it is known as BB84. Various modifications were then proposed, giving rise to other substantially equivalent protocols.
However, the reader should be aware that to study in detail the most subtle aspects of Quantum Cryptography, several highly specialized sources should be consulted. This article only aims to give an elementary account of the most basic notions.
As I pointed out, the basic unit of our quantum system is the qubit, physically denoted by the spin, | 0> and | 1>. However, given the characteristics of the model, the quantum state can be an overlap of the two elementary states, which is crucial for it.
The evolution of a quantum state is described by quantum transformations, which are linear unit operators defined in a Hilbert space I suggest reviewing the above in detail, looking at other sources not specified in this article). The power of quantum computing is based on quantum parallelism, derived from the fact that, in applying a transformation to a quantum state, the superposition of all the states of the base is like to operating simultaneously with all the n-bit chains. This, in turn, allows an exponential increase in the calculation speed.
But as my title implies, one of the most difficult problems when carrying out secure communications using a private key system is the secure distribution of the keys. Precisely one of the reasons for the success obtained by the common cryptosystems of factoring of prime numbers, which we described briefly, is that they make it possible to avoid distributing the secret key. Although, despite its functionality, the security of this system has never been proven mathematically, since, as we have already stressed, it is not known if factoring a prime number, some day, can be achieved in "polynomial" time. Additionally, the hypothetical construction (which is much more real than hypothetical) of a quantum computer, in which the Shor algorithm is implemented, allowing factoring in polynomial time, would clearly imply the irremediable destruction of these cryptosystems.
The laws of quantum mechanics, on the other hand, allow us to deal with the problem of the secure distribution of private keys. Participants can transmit the private key through a quantum channel such as a fiber optic cable. In this case, the polarization states of a photon can be used to design a quantum cryptographic protocol, for the distribution of a single-use random key, in principle as we would do with Vernam encryption. There are different quantum key distribution protocols called QKD, designed to exchange private keys for a single use, which can even be used in symmetric security systems. These protocols can be carried out with current technology. In fact, Quantum Cryptography is the first commercial application of Quantum Mechanics.
Broadly speaking, the phases of a key generation protocol are: generation and distribution of the key, analysis and correction of errors and extension of privacy. Below, each of them is described for the BB84:
Step 1: Alice generates a random string of zeros and ones (for example, by flipping a coin).
Step 2: For each bit of the chain, Alice randomly chooses one of the two bases B1 or BX and sends Bob, through a quantum channel, the corresponding qubit, using a polarized photon, according to the following alphabet:
• If you have chosen B1: 0 codes it as | 0> (horizontal polarization) and 1 as | 1> (vertical polarization).
• If you have chosen BX: 0 codes it as | +> (45º polarization) and 1 as | -> (45º polarization).
When Bob receives each photon, he has no way of knowing which alphabet has been encoded, so he measures it by choosing, also randomly, for each of them the base B1 or BX. About half the time Bob will choose the same base as Alice, and the other half will choose the base opposite to the one used by her.
Step 3: In order to locate and eliminate the bits in which the measurements have been made with different bases, the information contrast process is performed, called shiftting or base reconciliation.
Bob communicates to Alice, through the classic channel, what base he has used in each measurement. In response, Alice communicates the positions in which she has used the same base. In these positions, Alice and Bob must have matching bits.
Step 4: Alice and Bob erase from their strings, the bits in which different bases have been used and keep the rest. In this way, if there have been no noises or spying interference, they have a common key, called a raw key, whose length will be approximately half of the initial string.
If there have been spies, any espionage strategy will introduce discrepancies in Bob's code. For this reason, to detect the presence of spies, Alice and Bob can compare certain positions, randomly chosen from their raw codes, on the public channel. If the discrepancies exceed a fixed rate, they abort the protocol and start again.
But, in a practical system of quantum key distribution, errors can appear, due to technical imperfections of the emitter or receiver, or simply to changes in temperature, and not to the presence of a spy. Therefore, it is important to determine a rate of admissible errors in which the process must be aborted and for this, it is necessary to analyze the effects of possible espionage strategies on the protocol to be used.
When the error rate is below a specific "threshold", the generated key will be accepted and a debugging process will be carried out, in which errors can be detected and corrected with classic codes using the classic communication channel.
Strategies of individual attacks against protocol BB84
In an ideal model, the source emits individual photons and Eve attacks each qubit independently. As a first option, let's assume that Eve has spied on the communication and that she acts as follows:
She intercepts the photon sent by Alice, randomly chooses one of the two bases B1 or BX, measures the received qubit, saves the result of the measurement and sends Bob the resulting qubit. After the base reconciliation phase, Eva is left with only the bits corresponding to the positions in which Alice and Bob have used the same base.
This strategy of individual attack is called Intercept-Forward and is a kind of man in the middle for the model.
One might suppose that we are facing another system which is highly likely to be attacked, just like a classic cryptosystem, so it is natural to consider if in fact Quantum Cryptography is more effective than Classical Cryptography when it comes to establishing secure communications, and if it is worth developing it.
I believe that we are facing another clear problem of basic implementation.
The theory of quantum cryptography, as long as the laws that govern quantum mechanics do not change, is completely safe, a priori. What can go wrong is how it is implemented, either because of the obvious difficulties we have when creating "pure" quantum devices in our "classic world", or because of flaws in the design of their protocols and algorithms, as well as because of an attempted attack like the one described above, so the signal-to-noise ratio cannot be measured for whatever reason, and therefore the system does not detect the disturbance.
That said, it is clear that quantum systems can be improved to take into account these vulnerabilities and reduce attacks against them. Therefore, I think that quantum systems, at least from a theoretical point of view, are not in danger of being broken at all, unlike ciphers based on mathematical algorithms. They can thus be considered perfectly safe for the time being.
And this is just one of the reasons, of vital importance, for cryptographic systems to be open, to be subject to the scrutiny of as many experts as possible, and for the results of such investigations to be published without restrictions.
We must convince ourselves that security through obscurity is not viable, and it is inadmissible that it be taken into account for the development of any cryptographic model.