Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. A unique aspect of quantum cryptography is that Heisenberg’s uncertainty principle ensures that if Eve attempts to intercept and measure Alice’s quantum transmissions, her activities must produce an irreversible change in the quantum states that are retransmitted to Bob. These changes will introduce an anomalously high error rate in the transmissions between Alice and Bob, allowing them to detect the attempted eavesdropping.
Toward its practical realization, tremendous progress has been made during the past decades. Metropolitan QKD networks have been successfully deployed and is going to be a continental scale. Huge imminent investments in quantum technologies will bring concepts like a global quantum Internet and quantum Internet-of-Things, closer to reality. United States with the new NSF ‘Quantum Leap’ initiative, in Europe and in China, the idea of a quantum Internet is gaining significant traction.
Proponents say that such a quantum internet could open up a whole universe of applications that are not possible with classical communications, including connecting quantum computers together; building ultra-sharp telescopes using widely separated observatories; and even establishing new ways of detecting gravitational waves. Some see it as one day displacing the Internet in its current form. “I’m personally of the opinion that in the future, most — if not all — communications will be quantum,” says physicist Anton Zeilinger at the University of Vienna, who led one of the first experiments on quantum teleportation1, in 1997.
The Internet as we know it was not designed to be secure, and hacking, break-ins and espionage are unfortunately par for the course today. A quantum internet would be much more secure – as well as being much faster – since it exploits key features of quantum physics such as quantum entanglement.
However, there is an increasing understanding that the security of a QKD system relies not only on theoretical security proofs, but also on how closely the physical system matches the theoretical models and prevents attacks due to discrepancies. The most critical vulnerability is that current technology and hardware does not meet the conditions specified in the QKD protocol. These hardware ‘non-idealities’ include on-demand single photon emitters, lossless photonic channels between sender and receiver, perfect photonic detectors, and perfect alignment of bases throughout the system, says Jeffrey Morris who serves as the Sergeant Major of the Army Cyber Institute. It is also possible to jam quantum network by blinding a photon detector with a strong pulse, that could present an opportunity to hack photons the user is not aware are arriving.
While previous research considered single lone wolf attacks with individuals tampering with quantum information systems, such as an eavesdropper Eve in a quantum setup with Alice and Bob. Neil Johnson at George Washington University in Washington, DC, and a few colleagues have discovered a new form of vulnerability that will enable quantum terrorists could bring the quantum internet to its knees almost instantly and without revealing their identity. More worrying still is that there is no obvious way to counter this new kind of attack.
However, the researchers led by Johnson considered more recent trend wherein human adversaries tend to operate in groups – with the added modern twist that they need not be in the same geographical location but just need a means of synchronizing their actions (e.g. through some common clock).
The team begins their study by creating a mathematical model of the quantum internet. This is a network over which a large number of entangled photons can coexist. Our analysis leverages the fact that whatever the future quantum technology, the necessary intercommunication across geographical distances will likely rely on electromagnetic waves – and hence a bosonic field of photons.
For the purposes of the model, Johnson and co think of it as a kind of quantum cloud of entangled photons that people interact with by injecting their own photons carrying quantum information. A key feature of such a system is that the entire entangled internet has its own existence described by a single quantum function.
Therefore, they based their analysis around a model of a generic, global quantum system which has a global quantum state stored in a bosonic field. Ultimate quantum technology limit in which an extended geographical space is covered by a quantum cloud within which the global quantum state is coherent.
The question that the researchers wanted to investigate is how a malicious actor might destroy this cloud and the information it contains. One approach would be to simply break the entanglement, which is a famously fragile form of existence. But this would be something of a sledgehammer—a classical attack on a quantum system.
Instead, the team is interested in a much more subtle kind of quantum attack. And they seem to have found it. This kind of attack would involve injecting some random information that becomes entangled with the rest, thereby making the original information impossible to retrieve from the mix.
By itself this does not work. A lone-wolf attacker cannot overwhelm the quantum state with random information. “The correct state (i.e. initial state) can in principle be recovered using purification or distillation schemes,” say Johnson and co.
But if quantum terrorists work in unison, an entirely different scenario unfolds. Johnson and co show that if several attackers inject their quantum information into the network at the same instant, they can disrupt the global quantum state. In that case the initial state of the system cannot be retrieved, even in principle.
How many terrorists are needed for this to happen? The shocking conclusion is that it requires only three or more quantum terrorists working in unison. “Our findings reveal a new form of vulnerability that will enable hostile groups of [three or more] quantum-enabled adversaries to inflict maximal disruption on the global quantum state in such systems,” say the team.
What’s more, these attacks will be practically impossible to detect, since they introduce no identifying information; they require no real-time communication, since the terrorists simply agree in advance when to attack; and the attack can be over within a second.
Just how this kind of attack could be countered isn’t entirely clear, although the team has one idea. “A countermeasure could be to embed future quantum technologies within redundant classical networks,” they say.
So instead of the quantum internet existing as a global quantum state, it would instead be a set of connected quantum systems each existing within classical networks and connected together. That would prevent an attack on one part of the network from spreading to other parts.
Indeed, the quantum internet is likely to take this form in its early stages anyway.
Nevertheless, quantum terrorism is a new threat that will give security experts some sleepless nights. And significantly more work will be needed to fully understand the threat and how to mitigate it. As Johnson and his team put it: “Countering this threat properly will require a new understanding of time-dependent quantum correlations in many-body light-matter systems.