IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
ITNW 2164 ResearchPaper
1. 1
Manuel Garza
ITNW 2164
Prof. Yeater
November 21, 2013
Quantum Technology: A Threat to Modern Cryptography
A new threat has arisen in the world of cryptography over the last couple of decades. This
is due to our ability to manipulate and analyze atoms and photons. We can now send data more
securely, and perform certain computational tasks at the quantum level at speeds which belittle
even our best supercomputers. A few of these tasks involve solving algorithms extremely fast
and recognizing patterns in very large numbers. Coincidentally, modern cryptography methods
use algorithms and large numbers to encrypt and send data. Because of this, a new cryptography
method using quantum technology has emerged with the hopes of providing much more security
than modern encryption algorithms. The advancement of quantum technology threatens modern
cryptography methods because current encryption algorithms can be cracked instantaneously
with quantum computation, and quantum cryptography offers more secure methods of data-
encryption and key distribution.
Generally speaking, what is a quantum computer and how does it differ from classical
computers? According to Network World, “…quantum computers use qubits (or quantum bits)
to encode information. However, unlike silicon-based computers that use bits which are zeroes
or ones, qubits can exist in multiple states simultaneously” (Network World). Quantum
superposition, or the ability for qubits to exist in multiple states at once, offers an exponential
2. increase in computing power when compared to a parallel number of classical bits. Consider a
three-bit string and a three-qubit string. There are eight different possible combinations of three-
bit strings while the three-qubit string offers 512 different combinations. This difference in
computational power can be demonstrated by using numbers where “n” equals the amount of bits
or qubits being used. Bits are equivalent to 2n
while qubits are equivalent to 2(n^2)
. The power
increase is not the same as a power increase in classical computing terms. The power increase we
receive through quantum computers is related to the amount of steps we can perform at one time
when compared to a classical chip with a parallel amount of bits. So what does this mean to
modern cryptography methods and what are the implications of quantum computation?
Modern cryptography methods are considered secure because they use very large
numbers to safely encrypt and send data. This security is because classical computers cannot
crack the keys used for encryption in a sufficient amount of time thus deeming the cracking
process near worthless. Mosca explains “that with a conventional computer, finding a pattern for
an EC cipher with N number of bits in the key would take a number of steps equal to 2 raised to
one-half N. As an example, for 100 bits (a modest number), it would take [2.sup.50] (1.125
quadrillion) steps. With a quantum computer, it should take about 50 steps, he says, which means
code-breaking would then be no more computationally demanding than the original encryption
process” (qtd. in Wood). One of the most common encryption algorithms currently being used is
RSA, which is somewhat similar to EC encryption but slightly more complicated. RSA is used a
lot in protecting online purchases and transactions. Being able to instantaneously crack RSA
encryption could have severe implications for online shopping and banking. RSA is also used in
the transfer of much more secure encryption algorithms like AES. AES is used by banks to make
transactions and is used by the United States government to send sensitive information.
3. 3
Compromising RSA encryption could also mean compromising AES and other more secure
encryption algorithms. So why can we not just use these more secure encryption algorithms to
send data and scrap all the others like RSA and EC? The problem is that these much more secure
encryption methods are limited in their use.
Higher security encryption algorithms like AES are called symmetric algorithms. The
term symmetric comes from the fact that both the sender and receiver must use the same
algorithm and encryption key in the transfer of data. The problem then lies in getting the
algorithm and encryption key to the receiver in a secure manner. This is where encryption
methods like RSA come in. These methods of encryption are called asymmetric algorithms and
operate slightly different. Willie Schatz mentions, “The system uses two mathematical keys to
encrypt and decrypt computer data. Each user has a private key as well as a public key that's
made available to all other system users. A sender encrypts data with the recipient's public key,
and the recipient decrypts the data with its private key” (Schatz). The public keys are generated
from the factors of random large prime numbers. The private key is generated through
mathematics using the original prime numbers from the public key and the extended Euclidean
algorithm. This allows the private key to remain hidden while still providing the ability to verify
if the message received actually came from the sender. There lies the vulnerability with this
algorithm. All decryption and verification relies on a single private key generated by these prime
numbers. Given that the public key is a direct factor of these prime numbers, we would be able to
crack the private key by reverse engineering the public key down to its factors. As mentioned
before this is not currently feasible with classical computers given the time it takes to crack the
prime numbers used in RSA key generation. But, quantum computers will be able to crack it
extremely fast compared to classical computers. So what can be done to counteract this
4. vulnerability to quantum computers?
There are a handful of options we can use to combat the threat that quantum computing
poses to cryptography. The first and most obvious option is to increase the amount of bits used in
the encryption keys. This will increase the amount of time it will take to crack the encryption
since the quantum computer must compute factors of numbers with over two-thousand bits. The
current record for factorization of RSA encryption keys is set at RSA-768. Cliff Saran writes,
“The researchers actually used several hundred processors to complete the task in two years”
(Saran). He also explains that their research was equivalent to two-thousand years of computing
on a single processor performing more than 100 trillion operations. A single quantum processor
alone would cut the amount of time it takes to crack these encryption keys in half. Combining
multiple quantum processors should exponentially reduce the amount of operations and time
needed to perform such a task. But we have not even reached the one-thousand bit threshold,
which is normally used today, when cracking RSA encryption keys with classical computers.
Although some experts believe that 1024-bit keys will be cracked in the near future, many are
still resistant to this claim. Increasing the amount of bits used in encryption keys might be the
answer to stopping the threat of quantum computing, but what negative affects come along with
using such large numbers?
According to Srinivasa Ramanujan Institute of Technology, “…with every doubling of
the RSA key length, decryption is 6-7 times slower” (SRIT 140). That means as the keys enlarge
to ensure security, it decreases the performance of the CPU on the machines running them. As
the performance decreases, the amount of people the server can process at one time decreases.
The workload would need to be passed on to more servers which would cost companies much
more money to provide the same services they do with lower bit encryptions. To decrypt a block
5. 5
of data using a 4096-bit encryption key, it would take a second of CPU time on the server. But
speed and capacity is not the only issue here. Using this much time to decrypt one block of data
leaves the server susceptible to distributed denial-of-service attacks. Any user with malicious
intent could just send waves of random data for the server to process thus shaving off one second
of processing time from the CPU for each log on. Although there are many security devices to
stop this sort of attack from a single user, it is near impossible to stop such an attack when using
a botnet. There must be equilibrium between speed and security to operate efficiently, and
increasing the number of bits in encryption keys might not provide that. Quantum computing is a
threat to modern cryptography but might quantum technology supply us with another form of
cryptography that is much more secure?
The arrival of quantum computing also brings upon the arrival of quantum cryptography.
Quantum cryptography harnesses a few major characteristics of quantum mechanics to securely
communicate data without the worry of interception from a middle-man. The first characteristic
is quantum superposition. Quantum superposition allows a particle to exist in multiple states at
once. This creates true randomness such that we cannot predict indefinitely which state a particle
will ever be in when observed. This is good for cryptography because we never want anyone but
our target recipient to know what we are sending. But how can the target recipient know that the
bits of information he is receiving is from the correct source if it is completely random? Another
characteristic is needed in combination with quantum superposition to effectively transmit data.
The second characteristic is quantum entanglement. Quantum entanglement is a bizarre
behavior in the quantum world where two particles are locked in a “connective” state relative to
the other. This “connective” state can exist at any location in the universe at any time. Quantum
entanglement forces a particle to behave in a way that is relative to its partner particle. As
6. mentioned above particles are random and unpredictable due to superposition, but quantum
entanglement allows predictability of the second partner particle. The first partner particle is still
in a random state, but the state of the second partner particle can be known with certainty after
measuring the first. The second partner particle can either be the same as the first particle (both
being zeroes or ones), or the opposite of the first particle (one being zero and the other being one
and vice versa) depending on the entangled state it is in. This gives added security by generating
a random outcome while still knowing the result. If a man in the middle were to try and intercept
the particles sent, he would not be able to replicate and resend the same outcome to the recipient
machine. But why would a man-in-the-middle not be able to replicate the message successfully?
This is due to the last characteristic incorporated from quantum mechanics.
The last characteristic of quantum mechanics states that when a particle is observed, the
current state of that particle is destroyed. This destruction of particles occurs during the
measuring process at both ends of the sender and recipient. Since any observation or
measurement will destroy the quantum state of that particle, anyone trying to intercept that data
would have to generate and send a new particle with no knowledge of what state is in. Since
there are many possible outcomes and the particle sent is completely random, there will be
inconsistencies when both the sender and recipient perform a security check with each other.
This characteristic alone shuts down any possibility of snooping and man-in-the-middle attacks
which are the main threats presented to classic cryptography by quantum computing. But how
does quantum cryptography work exactly when combining all three characteristics of quantum
mechanics?
Combining quantum superposition, quantum entanglement, and observational destruction
of particles gives us a very secure and reliable way to transmit data without worrying about data
7. 7
interception. It works with the sender entangling a pair of photons. The sender then transmits one
of the entangled photons to the intended recipient and measures the other entangled photon
destroying it in the process. The sender now knows the state of the sent entangled photon based
on the measurement performed. The recipient then measures the photon received, also destroying
it. The sender will transmit multiple photons with both the sender and receiver noting the
resulting measurements. Half of the photons sent will not be entangled for security purposes. The
sender will now randomly choose from the entangled photons sent and will ask for the results of
those photons from the recipient ignoring the rest. The amount of photons chosen equates to the
size of the key. If the recipient’s results match that of the sender’s predicted results, they know
their communication is safe and can begin the session using their results as private keys to
decrypt data. This type of cryptography provides a very secure connection since we have the
quantum line to send photons and exchange keys, and we have the classical line to transport data
normally using the secret keys for the encryption processes. Using the quantum line only for key
exchange allows us to combine it with classical more secure encryption like AES.
As mentioned above, AES should still be secure even against quantum computers; the
only problem is transporting the keys in a secure manner to the recipient. Quantum cryptography
allows us to transport a secret key without fear of snooping. Even if someone were to capture
packets on the classical data line, they would not be able to decrypt the information without the
secret key that was transported using quantum cryptography methods. A quantum computer
would have to try every combination of numbers for every combination of digits just to attempt
to crack a secret key sent with quantum cryptography. Sending a larger bit AES key using the
quantum secret keys is just another roadblock for a hacker to attempt to get through. Mohit Arora
explains that “…even with a supercomputer, it would take 1 billion billion years to crack the
8. 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion
years)” (Arora). The ability to securely transfer an AES encryption key would be enough to stop
brute force attacks. Considering the time it would take to crack such a key, it would be infeasible
to believe that a brute force attack would still be a viable method even with quantum computers.
We could even use RSA encryption when transporting the quantum results back to the sender
just to ensure another step must be taken just to figure out the possible size of the secret quantum
key. Although quantum cryptography seems extremely secure, there are still problems that need
to be solved before there is widespread distribution.
Quantum cryptography is currently being used by the United States government as a way
to transfer secret information. Quantum cryptography works amazingly well, but the problem lies
in the fact that it cannot travel over long distances. Without the use of an actuator, the photon
signal will fade “limiting maximum transmission distances to approximately 100 km” (Hiskett et
al. 1). This is far less than the distance between most fiber networks in use between cities today
causing communication to be very limited. But, Hiskett et al. have demonstrated that with an
actuator, they can amplify the distance up to 148.7 kilometers. This distance is far enough to
reach almost all of today’s fiber networks and research is still being done to further the photonic
signal. Wireless communication has even been shown to be possible with quantum entanglement.
“We demonstrated the distribution of entanglement via optical free-space links to independent
receivers separated by 144 km between the two Canary Islands La Palma and Tenerife” (Lo et al.
5). Although the quantum free-space technology is currently not as feasible as classical wireless
methods, the technology is rapidly evolving. Many believe satellite communication will be
possible very soon. This technology only furthers the possibility of having truly secure
communication over a network.
9. 9
In conclusion, quantum computing and quantum cryptography are threatening modern
cryptography methods by rendering them unsecure, and by providing a more reliable and secure
way to distribute keys. Quantum computing will have a substantial impact on asymmetric
encryption methods like RSA. The ability for qubits to exist in quantum superposition allows a
quantum computer to greatly reduce the number of steps needed to factor large numbers when
compared to modern computers. The inability of modern computers to factor large numbers is
the basis of security when it comes to asymmetric encryptions like RSA. Quantum computers
will still take a very long time to crack symmetric algorithms like AES, but the fact that AES
must securely transfer a key to the recipient makes it hard to use it exclusively. It is still possible
to use AES when the key is transferred with RSA, as long as the RSA key is large enough to
combat quantum computing. The problem with large RSA keys is that it greatly increases the
amount of time needed to process and decrypt the message. This process time leaves the server
vulnerable to distributed denial-of-service attacks that can be easily achieved by sending random
data to the server.
Quantum technology has given us another cryptography method that can be used more
securely than asymmetric algorithms like RSA. Quantum cryptography offers secure key
distribution through the use of quantum mechanics. There are three main characteristics of
quantum mechanics that are used by quantum cryptography. Quantum superposition, quantum
entanglement, and observational destruction of particles give us a secure way to create and send
random keys used for encryption. Quantum superposition allows true randomness when creating
encryption keys. Quantum entanglement gives us a way to securely check if the data sent reached
the recipient without interception from a third party. Observational destruction of data ensures
that a man-in-the-middle cannot capture the qubits of data sent by entangled photons. We can
10. combine quantum cryptographic methods with classical cryptographic methods to securely
transfer AES keys and create many roadblocks for an attacker to break through. Using RSA to
send the results of the measured photons hides the quantum key length. Random photons are
selected from the measured results to determine if the connection is secure. If the connection is
secure, AES keys can then be sent securely hidden behind the quantum key. Three different keys
need to be cracked thus extending the amount of time it takes for the attacker to decrypt the data
making it nearly impossible.
Quantum technology is still evolving and it is barely in its infancy. The maximum
communication distance with quantum cryptography is a slight problem, but researchers are
currently working on extending that distance with amplification devices. Wireless technology is
even in the works for quantum cryptography with a record set very close to that of ground fiber
network technology. A lot of progress has been made and the threat of quantum technology is
becoming more apparent. Quantum computers will not completely wipe out modern
cryptography methods, but quantum cryptography will become one of the most secure types of
encryption. Quantum cryptography will be the base method for securing communication and
transporting keys in the future when quantum computation advances and becomes more
widespread.
11. 11
Works Cited
"Is Quantum Computing real? The answer is yes and no. And yes and yes. And no and no."
Network World 26 Sept. 2011: 33. Computer Database. Web. 1 Dec. 2013.
Wood, Lamont. "The clock is ticking for encryption: the tidy world of cryptography may be
upended by the arrival of quantum computers." Computerworld 21 Mar. 2011: 32+.
Computer Database. Web. 1 Dec. 2013.
Schatz, Willie. "The secret to encryption." InformationWeek 15 May 1995: 74+. Computer
Database. Web. 1 Dec. 2013.
Saran, Cliff. "Untitled." Computer Weekly (2010): 64. Computer Source. Web. 8 Dec. 2013.
SRIT. International Conference on Emerging Trends in Electrical, Communication and
Information Technologies. Vol. 1. India: Elsevier, 2012. Print.
Arora, Mohit. "How Secure Is AES against Brute Force Attacks?" EETimes. N.p., 7 May
2012. Web. 6 Dec. 2013.
Hiskett, P. A., D. Rosenberg, C. G. Peterson, R. J. Hughes, S. Nam, A. E. Lita, A. J. Miller,
and J. E. Nordholt. "Long-distance Quantum Key Distribution in Optical Fibre." New
Journal of Physics 8.9 (2006): 193. Print.
Lo, Hoi-Kwong, Xiongfeng Ma, and Kai Chen. "Decoy State Quantum Key
Distribution."Physical Review Letters 94.23 (2005): n. pag. Print.