and improved efficiency, that is, achieving tasks with fewer resources (as in
quantum fingerprinting).
The majority of research on quantumly enhanced security is done on
QKD, however, many other protocols,
functionalities, and primitives exist
that admit enhancement and that require similar or slightly more involved
quantum technologies. Some of these
technologies include: quantum random
number generators, quantum fingerprinting, quantum digital signatures,
quantum coin flipping, e-voting, Byzantine agreement, quantum money,
quantum private information retrieval,
secure multiparty computation (SMPC),
and position verification.
Since quantum technologies develop rapidly, the possibilities of practical quantum gadgets increase, as more
and more quantumly enhanced protocols become realistic. For example, on
top of simple quantum communication between parties, we can now have
each of the parties having small quantum processors. It is therefore an exciting time for this type of research since
we can now consider tailor-made constructions to enhance the performance
of specific involved cryptographic protocols such as e-voting or SMPC.
Practicality. Research in this category
involves quantum technologies that are
currently possible. While this requirement makes such applications possible,
for adaptation of quantumly enhanced
solutions for wide use, one must establish the necessary infrastructure, namely a reliable and wide quantum communications network. The development of
quantum internet is more than a vision
for the future, since a big initiative pushing towards this direction is currently
under development (“Quantum Internet Alliance”).
2 In the meantime, priority should be given to applications that
involve few parties and do not require a
fully developed quantum network.
Quantum hacking. The use of quan-
tum gadgets opens the possibility
for new attacks, specific to the physi-
cal implementations. Standard side-
channel attacks (for example, timing)
may be less applicable, but there are
new side-channel attacks specific to
the quantum devices. The best known
quantum hacking attacks are the
photon number splitting and beam-
splitting attacks, both exploiting the
fact that the real systems used for qu-
bits are not single photons as they are
modeled theoretically.
10 The thermal
blinding of detectors that leak to the
adversary information on the measure-
ment choices before the classical post-
processing phase,
30 something that in-
validates the security proof. The latter
attacks have been realized against (pre-
vious versions) of the commercially
available QKD systems of ID Quantique
and MagiQ Technologies. Naturally
these attacks are specific to each of the
implementations of the quantumly en-
hanced protocols.
Countermeasures discovered to
“fix” systems after side-channel attacks
come at a cost (for example, better
single photon sources or protocols in-
volving decoy states or monitoring the
detectors), but other side-channel at-
tacks are likely to appear. Interestingly,
quantum theory offers a theoretical
method to deal with all side-channel
attacks on the quantum gadgets with
some extra cost in resources.
Device-independence. What enables
side-channel attacks is the mismatch
between the ideal modeling of the
(quantum) device and the real imple-
mentation. One of the most exciting
new possibilities that quantum theory
offers is that using the fundamental
property of quantum non-locality one
can achieve quantum cryptographic
tasks based only on the classical sta-
tistics/correlation of the measurement
outcomes, without the need to make
any assumption on the (quantum) de-
vices used.
17 In particular, security is
maintained even if the devices were
prepared by adversaries and given as
black-boxes to the honest parties. De-
vice-independent protocols are secure
against any side-channel attack on the
quantum device and have been devel-
oped for many functions: QKD, QRNG,
among others. These protocols come
with some cost in resources, currently
too high for practical use. However,
based on weaker correlations, one can
make protocols that are secure without
trusting some, but not all, devices with
considerably reduced cost compared
to fully device independent protocols.
For example, in measurement-device
independent protocols,
11, 29 security is
maintained without trusting the mea-
suring/detecting device and thus one
avoids the thermal blinding detector
attacks mentioned earlier. In general,
there is a trade-off between the extra
cost in resources and the amount of
trust assumed on quantum devices.
Standardization. For the adoption
of quantumly enhanced solutions by
industry it is important to establish
standards for quantum gadgets compatible and acceptable by the general
cyber security community. For QKD,
discussions already exist for example
within the European Telecommunications Standards Institute (ETSI),
while in the case of quantum random
number generators, ID Quantique, offers the Quantis product that is validated with the AIS31 methodology. It
is important and timely to address the
standards issues for all quantumly enhanced functionalities.
Quantumly Enabled Security:
Secure Use of Quantum Computers
As we have seen, quantum computers
will offer computational advantages
in many problems, varying from exponential to much more modest quadratic or even constant. It is natural that
when such devices are available, one
might want to use this extra computational power in tasks that also require
privacy and security, in other words we
seek security for quantumly enabled
protocols. All security concepts, such
as authentication, encryption but also
more involved concepts as computation on encrypted data and secure
multiparty computation, would need
to be modified to apply to quantum information and quantum computation.
Of course, for this type of question
to be meaningful, we first must have
quantum computation devices of size
that can offer concrete computational
advantages for everyday problems.
This is not the case today, but since we
are expected to cross the classical simulation limit (real quantum computers
that exceed in size those that can be
simulated by classical supercomputers) soon, we are entering the era that
will have realistic quantum speed-ups.
The time for speed-ups being applied
to important everyday problems might
not be too far away.
Research in this category is developing rapidly, and already a number
of protocols exist for quantum encryption, quantum authentication,
quantum non-malleability, blind