YSM Issue 87.4

More documents

Recommendations

Info

FEATUREcryptographyQU A N T U MC O M P U T I N GAn uncertain future for information securityBY JACOB MARKSOn September 10th, news broke that roughly five million Gmailaccounts had been hacked, and their passwords had been stolen .This followed on the heels of a cyber attack against CommunityHealth System, Inc., in which personal data of more than fourmillion patients was compromised , and came soon after a credit cardtheft that affected Home Depot locations all over the world, makingthe home improvement store the largest retailer yet to succumb tocomputerized security theft.Every day, it seems,governments and corporationsfall victim to data leaks caused byanonymous online crusaders orforeign terrorist organizations—leaks which call into question theefficacy of modern computersecurity measures. But quantumcryptography, the use ofquantum mechanical principlesto make and break codes,could irrevocably alter the waycyber crimes are committedand defended against. Ifrecent advances in quantumkey distribution come to fullfruition, they could reconfigurethe cybercrime landscape,and give renewed hope forinformation security.Deriving from the Greekwords kryptos, for ‘hidden’, and graphein, for ‘writing’, cryptographyis defined as the science of writing secret codes . For thousandsof years, the practice has been used to protect state secrets and totransmit war strategies. The ancient Greeks wrote messages alongcloth wound around sticks of a specific diameter, and the Romansdeveloped the first substitution cipher, called the Caesar Shift, inwhich each letter in a message was shifted forward a certain numberof places. Later ciphers, such as those produced by the Enigmamachines used by German forces in World War II, involved multiplesubstitution schemes, or arrangements of the alphabet to encryptmessages.But the advent of the computer in the latter half of the twentiethcentury spurred a cryptographic revolution couched in a new type ofsecurity By allowing for the electronic transmission of large quantitiesof data, the computer introduced the need to securely transmitinformation at a distance. In the past, sender and receiver sharedspecial knowledge about howthe message was encrypted—such as the diameter ofthe stick. But computersnecessitated a cryptosystemthat could securely transmitinformation between peoplewho did not share a previouslyagreed upon key.The solution, public-keycryptography, makes use of aone-way problem—somethingthat is easy to solve in onedirection, but hard to solvein the other. RSA, one of theIMAGE COURTESY OF WIKIPEDIAD-wave: D-Wave Two, pictured above, is the world’s most complexquantum computer. Created in 2013, D-Wave Two is comprised of 512qubits, and performs an optimization algorithm orders of magnitudefaster than classical computers.IMAGE COURTESY OF 33RD SQUAREmost widely-used public keycryptosystems, is rooted in theassumption that it is easy for acomputer to multiply two largeprime numbers, but muchharder for it to factor the resultinto the two initial primes. However, public key systems like this relyon the limited computing power of cryptanalysts, or code-breakers.Although hard to solve, the problem of factorization is certainlypossible, and as computing power has increased, the key lengthneeded to ensure information security has increased as well. In 2009,a 768 bit RSA key (an integer represented by a string of 768 0s and1s), was successfully factored by Thorsten Kleinjung and colleagues, and some people believe that the 1024 bit RSA keys now in use will32 Yale Scientific Magazine October 2014 www.yalescientific.org
cryptographyFEATUREbe breakable in the near future using only classical computers.Furthermore, quantum computing, a subset of quantumcryptography, threatens to dissolve public-key cryptographyentirely. Quantum computers use qubits , the quantum analog ofclassical bits, to perform operations on data. Whereas bits can takethe value of either 0 or 1, qubits exhibit the quantum property ofsuperposition. This means that they can simultaneously be 0 and1, or any combination of the two. As a result, quantum computerscan theoretically use Shor’s algorithm , an algorithm developed byPeter Shor in 1994 for the efficient factorization of prime numbers.In short, quantum computers may be able to solve the one-wayproblem that is the very foundation for public-key encryption.Because of this, perceptions of quantum cryptography are oftenskewed. “Most people think that quantum cryptography will limitinformation privacy”, Yale Professor of Applied Physics StevenGirvin acknowledges, “but the truth is that it will actually enhanceprivacy.” Although quantum computing may one day be used tobreak existing public key cryptosystems, quantum key distribution‘Mostpeople think thatquantum cryptography willlimit information privacybut the truth is that it willactually enhance privacySteven Girvincould replace these flawed alternatives and pave the way for securecommunication, even over public channels.Quantum key distribution, or QKD, is a subset of quantumcryptography that allows two parties to produce a shared randomkey , which they can then use to encrypt and decrypt privatemessages. It is split into two main branches, superposition, andquantum entanglement, the concept that particles are producedwhose states cannot be described independently, and respectively.The most successful implementation of QKD, BB84 , falls into thefirst category. Named after Bennett and Brassard, BB84 uses photonpolarization states to transmit information from sender to source.The sender selects two complementary states, each described by twobases. By the Heisenberg uncertainty principle, which states thatit is impossible to measure two interdependent physical quantitiessimultaneously, only one of the two states can be known.For each photon, the sender chooses a random bit (0 or 1), and oneof the two bases that describe the state, and prepares the state of thephoton based on both of these random choices. The recipient mustalso randomly choose a basis in which to measure the photon, andwhen the sender and recipient use the same basis, they will observethe same state. The resulting string of shared choices becomes theirkey, and the rest of the photons are discarded.One of the benefits of this system is that it is impervious toeavesdroppers. Due to the no cloning theorem , the act of observing asystem changes its state, so if an eavesdropper intercepts transmittedphotons, the sender and receiver will know they are being spied on.Dr. Girvin expounds, “there are no quantum Xerox machines; youcan’t copy quantum information.”In the past few years, BB84 and protocols involving quantumentanglement have been used to successfully distribute keys throughair, and via optical fibers, reaching distances of up to 148 kilometers.QKD was used to secure the results of a 2007 Swiss election, and theChinese government uses QKD to protect state secrets.Although companies such as ID Quantique offer quantum keydistribution services, the system has not been universally adopteddue to its lack of robustness, range, and reasonable price. But thisis bound to change. Battelle is working on building a 650 kilometeroptical fiber for QKD, and the Chinese government plans tocomplete construction on a 2000 kilometer link between Beijing andShanghai by 2016. If researchers succeed in their goal of expandingquantum key distribution to satellites, we will soon have a securecommunication network connecting disparate parts of the globe .If quantum key distribution matures into a feasible cryptosystem,and is adopted as the standard, then it will free us from the limitations ofexisting public-key systems, and render the code-breaking capabilitiesof quantum computers worthless. It is important to realize, however,that cryptography is only one aspect of information security. “Thebiggest security problem today is people”. Dr. Fischer, who teachesa course at Yale on computer security cautions, “the easiest way tobreak in is to trick or bribe someone into giving you the access tothe data. Even the most sophisticated technological measures can’tprevent this” . Instead of breaking codes through brute force andcomputational power, cyber criminals will turn to manipulation to gainaccess to sensitiveinformation.In theory, asuccessful attackagainst quantumcryptography wouldviolate the lawsof physics. Therecould, however, beattacks based onthe physical objectsused to transmitthe data, such asthe detector usedIMAGE COURTESY OF WIKIMEDIAThe Caesar Shift Cipher, invented by the Romans, was the firstsubstitution cipher. Each letter in the alphabet was shifted forward apre-set number of places, with z looping back to a.IMAGE COURTESY OF WIKIPEDIAThe Scytale is a type of transpositioncipher used in ancient Greece, which involvedwrapping cloth around a stick.for observing the photons. Unless we are wrong about the laws ofphysics, quantum key distribution has the potential to be both secure,and feasible. Where humans are involved, cryptosystems can alwaysbe broken. Nonetheless, quantum cryptography may reconfigure therelationship between code-makers and code-breakers.www.yalescientific.org October 2014 Yale Scientific Magazine 33
Page 1 and 2: Yale ScientificEstablished in 1894T
Page 3 and 4: 5NEWSLetter from the editorYale Sci
Page 5 and 6: F R O M T H E E D I T O RCrime, Jus
Page 7 and 8: biomedical engineeringRobert Langer
Page 9 and 10: anthropologyYale team explores soci
Page 11 and 12: Defending against herpesBY PATRICK
Page 13 and 14: Swarmsby zachary millerart by chris
Page 15 and 16: nutritionFOCUSA Smarter Way to Trac
Page 17 and 18: The take-home message: “Eat more
Page 20 and 21: FOCUSwomenDR.VIVIANIRISHDr. Vivian
Page 22 and 23: by theresa steinmeyerart by carrie
Page 24 and 25: FOCUSaddictionenough buprenorphine
Page 26 and 27: FEATUREgeologyd e at hva l l e y’
Page 28 and 29: FEATUREepidemiologyMYSTERY PANDEMIC
Page 30 and 31: REINVENTINGBY ISABELLE ROSSI DE LEO
Page 34 and 35: FEATUREundergraduate profileYetunde
Page 36 and 37: FEATUREmeteorologyMYTHbustersThe No
Page 38 and 39: FEATURETV show reviewSCIENCE IN THE

YSM Issue 87.4

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?