Agency: Cordis | Branch: FP7 | Program: MC-IAPP | Phase: FP7-PEOPLE-2009-IAPP | Award Amount: 771.68K | Year: 2010
The project Q-CERT intends to gather industrial and academic partners with strong scientific and technical backgrounds in quantum key distribution (QKD) technology, in order to establish research partnerships focused on one common high-level objective: strengthen the security of practical QKD systems by developping techniques and standards (both at the hardware and software level) that will allow cryptographic security evaluation and certification At the hardware level, we will conduct systematic studies of the potential vulnerabilities of QKD systems, by testing experimentally the feasibility of attacks on the optical and electronical layer of the systems. We will in response implement experimentally countermeasures, test their efficiency and develop the theoretical framework allowing to model the entire QKD implementation and prove its security. At the software level, we will push further a formal approach of security proof for an essential part of a practical quantum key distribution protocol : key distillation. We will specify and then develop a software library of key distillation that will present a very high-level of security assurance, validated by the use of formal methods for cryptographic protocol verification. This library will in particular include a state-of-the-art error correction module, based on unidirectional LDPC codes. In order to increase the impact of our work, and to benefit from the fruitful interaction and feedback of the research community, we will publicize parts of our results by integrating them in QKD security standards. The development of such security assurance procedures is expected to greatly strengthen the practical security of quantum key distribution (QKD) systems. We will in particular write security targets for a high-performance QKD system, and for a secure infrastructure relying on a network of QKD links.
News Article | March 30, 2014
Is your healthcare data safe? That’s not something most people think about on a regular basis. We take for granted that our medical records, family histories, insurance coverage and the rest of the data associated with our health is protected carefully by those who create and store it. But the truth is that we are struggling right now as a society to figure out how to secure digital information–both legally and against the threat of data hacking, theft or loss. The United States’ recent adoption of new healthcare laws and procedures includes requirements for hospitals and other care providers to digitize medical records. Digitization of health data is cost-effective, efficient and offers a wealth of benefits. Eventually, patients will be able to log in and access their entire medical history in one place, helping them become more informed consumers of healthcare. Some states, like Massachusetts, have already taken major steps in this direction. But having our healthcare data readily available for positive purposes online means it’s also readily available for those who are interested in exploiting or misusing the information. Recent technological advances have made medical data both richer and more valuable–and thus more dangerous in the wrong hands. For example, the mapping of the human genome and resultant medical advances like genetic testing have made it so that patient information will remain highly sensitive even beyond a patient’s lifetime. While Obamacare has made it illegal for U.S. insurers to deny coverage due to preexisting conditions, it’s entirely possible that people could be discriminated against in the hiring process if employers were able to learn about their genetic predispositions. Genetic discrimination is technically illegal in the U.S. and some other countries, but it is very difficult to enforce these regulations and to prevent misuse of data. Additionally, if our healthcare data isn’t well-protected, biological crime could become a serious problem. Criminals could target patients with specific conditions, leak sensitive information to the press or tamper with medical devices like pacemakers (famously dramatized in a recent season of “Homeland”), for example. We also need to consider who we are giving our health data to and why. Today it’s not just hospitals or doctors who can access our health data; we readily hand it over to many other organizations. Wearable technologies that measure, transmit and analyze data about our health are on the rise today, and while they offer a host of benefits, they have also opened the door to a whole new set of medical security issues. Moreover, genetic testing companies like 23andme and other bioinformatics startups collect some of the most personal health information that exists. Before you sign up for a health monitoring app, purchase a fitness tracking device or send in your saliva sample, it’s important to find out how these companies secure their data and what assurances you have that your information will be kept safe and private–both now and in the future. In both the United States and Europe, there are now strong penalties for loss of customer personal and medical data by companies or organizations. At a minimum, they must comply with HIPAA privacy and security regulations, train all employees on how to protect sensitive information and notify customers — and in some cases local media — of any data breaches. Providers have a strong incentive to prevent breaches, moreover, since they cost an average of $130 to $136 per lost record according to the 2013 Ponemon Data Breach Report. However, one thing that many people–including lawmakers–may not realize is that medical records do not just need to be protected today. Cyber criminals will soon be able to hack messages that were sent in the past, rendering even years-old data vulnerable. Information could even be intercepted today and then stored until a computing device is available that can decrypt that data. And new computers are being developed today that will render many of the mathematics-based security protocols that we rely on obsolete. All organizations that collect, store or analyze consumer healthcare data need to consider how they will respond to this imminent sea change in data security. The best way to protect our data is to be honest about where security vulnerabilities lie and to begin implementing failsafe protocols that will protect us against the technology of the future. We also need comprehensive legislation that addresses these concerns and establishes common data protection standards, and we need consumers to educate themselves and make careful decisions about how and when they share their health information. If we don’t take action to protect our healthcare data now, it may soon be too late. Grégoire Ribordy is the co-founder and CEO of network encryption company ID Quantique, which is based in Geneva, Switzerland.
News Article | May 1, 2013
In quantum communication, messages are sent from Alice to Bob. But if you’re hacked, Eve gets the information instead. I spent the morning at the Waterloo, Ontario Institute for Quantum Computing, one of the world’s top quantum computing and nanotechnology labs. In a brand-new 235,000 square foot, $160 million dollar facility that, inside, looks like the starship Enterprise, I met Alice and Bob. They weren’t very talkative, of course — they’re computers. “In quantum cryptography, you’re sending information from A to B … we call A ‘Alice’ and B ‘Bob,'” says Martin LaForest, PhD and a senior manager at IQC. “The eavesdropper, naturally, is Eve.” One part of the vast facility is given over to Vadim — last name not given — who hacks commercially-available quantum communications devices like these two from ID Quantique for fun and profit. The fun is the success, and the profit is that ID Quantique lets him keep Alice and Bob, and even sends him more machines — as do other quantum cryptography companies. “He’s sort of offering a service to the community,” LaForest says. “If you think you have a good quantum key distribution system, give it to me … and I’ll give it my best shot. And so far, he’s very good.” Modern cryptography is based on our inability to quickly solve challenging mathematical problems, such as the factoring of very large primes. Theoretically almost any security solution available is hackable over time, but realistically you might need months, years, or even decades to crack some of the top 128-bit and 256-bit encryption algorithms available today. That’s not possible with quantum cryptography. “If you want to crack quantum communication, you have to do it in real time,” says LaForest. “When you try to observe it, you perturb it … and you can’t copy it because copying is the same thing, give or take, as looking and copying.” LaForest is referencing the physicist Schrodinger’s cat example. As Schrodinger famously said, you cannot definitely know much about a quantum state, because the act of observing the state changes it. He illustrated that point with a cat in a box which has a 50/50 chance of dying based on the decay of one radioactive particle: a quantum phenomenon. You cannot check whether the cat is alive or dead, because checking changes reality, and so the cat exists in an indeterminate state, neither alive nor dead. And yet, it is still possible to hack quantum cryptography, as Vadim demonstrates every month or so. Alice and Bob communicate via connected photons — particles of light that have been “entangled” in a process even Einstein called spooky — and that communication can’t be intercepted without the intended recipient knowing about it. But once the message has been received, it’s another matter. “Vadim is trying to find the implementation flaws,” LaForest told me. “This is one of the challenges right now — the protocol is secure … but its physical implementation might not be. You can have faulty detectors, or you can play tricks with the electronics.” Which makes the work of Eve — or Vadim — very challenging indeed. But that work, LaForest says, does not go unrewarded by commercial users of quantum encryption systems: “It’s important to note: The commercially available boxes are secure. Most of the time, Vadim finds the problems in what they call the research system, and in the commercial system, those bugs are already fixed.”
News Article | October 15, 2013
ID Quantique, a company that uses quantum mechanics to boost data security, has received a $5.6 million investment from venture capital firm QWave Capital. ID Quantique's services have become far more important since the recent National Security Agency leaks by Edward Snowden that revealed the US government (and ostensibly foreign governments) have the ability to quickly access data from individuals and companies around the world. ID Quantique has commercialized uts Quantum Key Distribution (QKD), a method by which a sender transmits a key encoded with photons to a recipient. The technology, which has been around for some time, is viewed as the next step in protecting data against would-be hackers and is viewed as more secure than traditional encryption because it provides immediate alert whenever a quantum line has been accessed, allowing companies to turn it off before information is obtained. Geneva, Switzerland-based ID Quantique announced last week that R&D company Battelle installed QKD in its operation to facilitate more secure communications between its facilities. According to ID Quantique, its focus is on protecting sensitive data of governments, along with companies in the private sector that want to keep their information away from the prying eyes of foreign governments. ID Quantique did not say what it will do with the cash infusion, but QWave Capital's investment includes a minority stake in the security firm.
News Article | August 23, 2013
In early May, news reports gushed that a quantum computation device had for the first time outperformed classical computers, solving certain problems thousands of times faster. The media coverage sent ripples of excitement through the technology community. A full-on quantum computer, if ever built, would revolutionize large swaths of computer science, running many algorithms dramatically faster, including one that could crack most encryption protocols in use today. Over the following weeks, however, a vigorous controversy surfaced among quantum computation researchers. Experts argued over whether the device, created by D-Wave Systems, in Burnaby, British Columbia, really offers the claimed speedups, whether it works the way the company thinks it does, and even whether it is really harnessing the counterintuitive weirdness of quantum physics, which governs the world of elementary particles such as electrons and photons. Most researchers have no access to D-Wave’s proprietary system, so they can’t simply examine its specifications to verify the company’s claims. But even if they could look under its hood, how would they know it’s the real thing? Verifying the processes of an ordinary computer is easy, in principle: At each step of a computation, you can examine its internal state — some series of 0s and 1s — to make sure it is carrying out the steps it claims. A quantum computer’s internal state, however, is made of “qubits” — a mixture (or “superposition”) of 0 and 1 at the same time, like Schrödinger’s fabled quantum mechanical cat, which is simultaneously alive and dead. Writing down the internal state of a large quantum computer would require an impossibly large number of parameters. The state of a system containing 1,000 qubits, for example, could need more parameters than the estimated number of particles in the universe. And there’s an even more fundamental obstacle: Measuring a quantum system “collapses” it into a single classical state instead of a superposition of many states. (When Schrödinger’s cat is measured, it instantly becomes alive or dead.) Likewise, examining the inner workings of a quantum computer would reveal an ordinary collection of classical bits. A quantum system, said Umesh Vazirani of the University of California, Berkeley, is like a person who has an incredibly rich inner life, but who, if you ask him “What’s up?” will just shrug and say, “Nothing much.” “How do you ever test a quantum system?” Vazirani asked. “Do you have to take it on faith? At first glance, it seems that the obvious answer is yes.” It turns out, however, that there is a way to probe the rich inner life of a quantum computer using only classical measurements, if the computer has two separate “entangled” components. In the April 25 issue of the journal Nature, Vazirani, together with Ben Reichardt of the University of Southern California in Los Angeles and Falk Unger of Knight Capital Group Inc. in Santa Clara, showed how to establish the precise inner state of such a computer using a favorite tactic from TV police shows: Interrogate the two components in separate rooms, so to speak, and check whether their stories are consistent. If the two halves of the computer answer a particular series of questions successfully, the interrogator can not only figure out their internal state and the measurements they are doing, but also issue instructions that will force the two halves to jointly carry out any quantum computation she wishes. “It’s a huge achievement,” said Stefano Pironio, of the Université Libre de Bruxelles in Belgium. The finding will not shed light on the D-Wave computer, which is constructed along very different principles, and it may be decades before a computer along the lines of the Nature paper — or indeed any fully quantum computer — can be built. But the result is an important proof of principle, said Thomas Vidick, who recently completed his post-doctoral research at the Massachusetts Institute of Technology. “It’s a big conceptual step.” In the short term, the new interrogation approach offers a potential security boost to quantum cryptography, which has been marketed commercially for more than a decade. In principle, quantum cryptography offers “unconditional” security, guaranteed by the laws of physics. Actual quantum devices, however, are notoriously hard to control, and over the past decade, quantum cryptographic systems have repeatedly been hacked. The interrogation technique creates a quantum cryptography protocol that, for the first time, would transmit a secret key while simultaneously proving that the quantum devices are preventing any potential information leak. Some version of this protocol could very well be implemented within the next five to 10 years, predicted Vidick and his former adviser at MIT, the theoretical computer scientist Scott Aaronson. “It’s a new level of security that solves the shortcomings of traditional quantum cryptography,” Pironio said. In 1964, the Irish physicist John Stewart Bell came up with a test to try to establish, once and for all, that the bafflingly counterintuitive principles of quantum physics are truly inherent properties of the universe — that the decades-long effort of Albert Einstein and other physicists to develop a more intuitive physics could never bear fruit. Einstein was deeply disturbed by the randomness at the core of quantum physics — God “is not playing at dice,” he famously wrote to the physicist Max Born in 1926. In 1935, Einstein, together with his colleagues Boris Podolsky and Nathan Rosen, described a strange consequence of this randomness, now called the EPR paradox (short for Einstein, Podolsky, Rosen). According to the laws of quantum physics, it is possible for two particles to interact briefly in such a way that their states become “entangled” as “EPR pairs.” Even if the particles then travel many light years away from each other, one particle somehow instantly seems to “know” the outcome of a measurement on the other particle: When asked the same question, it will give the same answer, even though quantum physics says that the first particle chose its answer randomly. Since the theory of special relativity forbids information from traveling faster than the speed of light, how does the second particle know the answer? To Einstein, these “spooky actions at a distance” implied that quantum physics was an incomplete theory. “Quantum mechanics is certainly imposing,” he wrote to Born. “But an inner voice tells me that it is not yet the real thing.” Over the remaining decades of his life, Einstein searched for a way that the two particles could use classical physics to come up with their answers — hidden variables that could explain the behavior of the particles without a need for randomness or spooky actions. But in 1964, Bell realized that the EPR paradox could be used to devise an experiment that determines whether quantum physics or a local hidden-variables theory correctly explains the real world. Adapted five years later into a format called the CHSH game (after the researchers John Clauser, Michael Horne, Abner Shimony and Richard Holt), the test asks a system to prove its quantum nature by performing a feat that is impossible using only classical physics. In the CHSH game, Bonnie and Clyde are separately “questioned” by a detective who gives them each a 0 or 1, chosen randomly. Bonnie and Clyde each “answer” by giving the detective a red or blue card. If either player (or both) received a 0, they must hand in matching colors to win. But if both players got a 1, they must hand in different colors to win. One strategy is for Bonnie and Clyde to decide before the game that they will simply turn in their red cards, no matter what the detective asks them, which will give them a 75 percent chance of winning. If Bonnie and Clyde have only classical physics at their disposal, it turns out that this is the best they can do. But Bonnie and Clyde can significantly increase their chance of winning if they share an EPR pair of particles. The players can agree ahead of time that after the detective hands them their questions, they will measure their particles in carefully chosen ways. The measurements are designed to produce a high chance of identical results when at least one of the players receives a 0, and a high chance of opposite results when the players both get 1s. If they follow this strategy, they have an 85.4 percent chance of winning. The CHSH game is a coordination game, in which two collaborating players — Bonnie and Clyde, say — are questioned in separate interrogation rooms. Their joint goal is to give either identical answers or different answers, depending on what questions the “detective” asks them. Neither player knows what question the detective is asking the other player. If Bonnie and Clyde can use only classical physics, then no matter how many “hidden variables” they share, it turns out that the best they can do is decide on a story before they get separated and then stick to it, no matter what the detective asks them, a strategy that will win the game 75 percent of the time. But if Bonnie and Clyde share an EPR pair of entangled particles — picked up in a bank heist, perhaps — then they can exploit the spooky action at a distance to better coordinate their answers and win the game about 85.4 percent of the time. Bell’s test gave experimentalists a specific way to distinguish between quantum physics and any hidden-variables theory. Over the decades that followed, physicists, most notably Alain Aspect, currently at the École Polytechnique in Palaiseau, France, carried out this test repeatedly, in increasingly controlled settings. Almost every time, the outcome has been consistent with the predictions of quantum physics, not with hidden variables. Aspect’s work “painted hidden variables into a corner,” Aaronson said. The experiments had a huge role, he said, in convincing people that the counterintuitive weirdness of quantum physics is here to stay. If Einstein had known about the Bell test, Vazirani said, “he wouldn’t have wasted 30 years of his life looking for an alternative to quantum mechanics.” He simply would have convinced someone to do the experiment. The Bell test does more than allow a physical system to prove that it is quantum, the April findings show: It gives a way for a complex quantum system to establish just what its internal state is, and what measurements it is doing. Reichardt, Unger and Vazirani showed that if Bonnie and Clyde are winning 85.4 percent of the time over many rounds of the CHSH game, then with almost perfect certainty, they must be doing it by measuring a large collection of EPR pairs — different pairs for different rounds of the game. In other words, Bonnie and Clyde can show, through their game performance, just what is going on inside their quantum devices, without opening the hood. Vazirani likened the new test to an aikido hold, in which a master can bend the wrist of a strong opponent in such a way that wriggling out of the hold would be unbearably painful. “Quantum systems are exponentially powerful, but if we do this simple check, we have a wrist lock on the quantum players,” he said. “It neutralizes their power.” If Bonnie and Clyde want to do as well as possible on the game, they can’t avoid revealing their internal state. Once an aikido master has his opponent in a wrist lock, Vazirani said, he can lead his opponent around simply by pulling his wrist in the desired direction. In the same way, Vazirani and his colleagues show how you can force Bonnie and Clyde to carry out any quantum computation you wish, without letting them sneak in fake computations. The idea is to use a form of quantum computation called computation by teleportation, developed in 1999 by Daniel Gottesman, now of the Perimeter Institute in Waterloo, Ontario, and Isaac Chuang, now of MIT. The new protocol involves randomly slipping in the instructions for these computations during multiple rounds of the CHSH game. If Bonnie and Clyde want to keep hitting their 85.4 percent mark, they also have to perform these special instructions honestly, or their dishonesty will be apparent. The detective can trust the outcome of their computations, even if she doesn’t trust Bonnie and Clyde. We won’t be seeing computers built on these principles anytime soon. The protocol must be made more efficient and fault-tolerant, Pironio cautioned, before it can be used to extract guaranteed computations from an untrusted quantum computer. In any case, the technological challenges in trying to build any quantum computer are immense. Nevertheless, he said, “it’s an important breakthrough.” While testing a real quantum computer using the new protocol remains a distant prospect, the protocol’s potential application in quantum cryptography is already starting to come into focus. When it comes to transmitting secret information, the fact that measurement alters a quantum system becomes a boon, not a curse: An eavesdropper can’t listen in without leaving noticeable traces. The quantum cryptography protocols developed to date offer perfect security, provided they are implemented perfectly. But therein lies the catch: Quantum devices are famously hard to control, and, as we’ve seen, hard to check. As a result, they are potentially vulnerable to “side channel” attacks, in which information leaks out to an eavesdropper through device flaws. Commercial quantum cryptography devices have been dogged by security breaches over the past decade. Reichardt, Unger and Vazirani have now created a quantum cryptography protocol that is, in principle, impervious to such attacks, as it doesn’t require users to trust finicky quantum devices. Instead, the protocol builds in a proof that the devices are working properly, a feature known as “device independence” that has been a major focus of quantum cryptography research for the past 15 years. In the new protocol, the two devices at opposite ends of the transmission share a collection of EPR pairs, on which they perform measurements that determine the bits of a secret key. By mixing in these measurements with many rounds of the CHSH game, the devices can prove to their users that they are really doing what they claim. The security of the key rests on a quantum physics principle called “monogamy of entanglement.” According to this principle, if two particles are entangled as an EPR pair, then neither particle can flirt with even the tiniest bit of entanglement with any other particle in the universe. This means that no matter what tools a potential eavesdropper has at her disposal, nothing will allow her to predict anything about the secret key. The protocol isn’t efficient enough for practical implementation. But by loosening up the requirements about how much information users need to collect about their devices, Vazirani and Vidick have created a protocol whose key transmission rate is well within the bounds of practicality. There are still substantial hurdles to overcome before such an apparatus can be built, Pironio said. Currently, it’s hard to transmit entangled photons over long distances without some photons getting lost in the process, which can compromise security. Vidick remains optimistic, however. “Equipment is getting better very quickly,” he said. While the idea of basing security on the Bell test is “very satisfying,” it’s important to be aware of the limitations of device-independent quantum cryptography, cautioned Nicolas Gisin, of the University of Geneva, a co-founder of the quantum cryptography company ID Quantique. Proponents of the concept are fond of saying that since it’s not necessary to trust your devices, you could even buy them from an adversary. But that idea glosses over potential vulnerabilities. For example, the adversary could simply hide a radio transmitter inside one of the boxes that would broadcast the values of the secret key to an eavesdropper. “Unconditional security does not exist,” Gisin said. What device-independent quantum cryptography does offer, though, is the promise that the only parts of your system that you have to check are the portions that use classical physics — like the box itself and the program that runs the protocol and tallies the results. Unlike the quantum devices, these are parts you can check as thoroughly as you wish. “Provided the classical part is trusted, you don’t have to trust the quantum part,” Gisin said. For Vazirani, the most important implications of the new work lie not in its potential applications, but in its philosophical significance — the fact that it is possible to probe the secret inner life of a quantum system. A classical being isn’t permitted to peek inside a quantum system and “see what is happening behind the scenes,” Vazirani said. “But it turns out that in this indirect way, you can look behind the curtain. “To me, what’s most exciting is that it is possible to do this at all,” he said. “It need not have been this way.”