Quantum key security steps outside the box

US researchers have come a step closer to turning quantum key distribution (QKD) into a “black box” that can be made provably secure regardless of whose boxes sit at each end of a link.

In creating a quantum crypto implementation, researchers rely on models of the systems they've created as proofs of their security. That means any proof of a quantum key distribution scheme is only as complete as the model.

A good example of how an incomplete modelling of a system's physics can be seen is the 2010 argument over whether or not quantum key distribution systems from MagiQ, ID Quantique and others could be forced into an insecure state by “blinding” their avalanche photon-detectors.

Such attacks can be thwarted, however, if the security proof (and the protocol that implements it) can be made device independent.

Hence the importance of the work by Umesh Vazirani (UC Berkeley) and Thomas Vidick (California Institute of Technology). In Fully Device-Independent Quantum Key Distribution a paper that first hit pre-print at Arxiv in 2012 before getting revised and submitted to Physical Review Letters (abstract here) and published at the end of September, they lay out the basis for confirming the security of a system independently of the devices used.

In the world of quantum-based security that's a big advance: it means that, as in classical cryptography, Alice's and Bob's machines can be treated as “black boxes” and only their input-output behaviour need be considered to decide whether they're vulnerable to an attack from Eve.

As APS Physics author Roger Colbeck explains: “Nothing about how the devices generate their outputs need be known, except that they obey the laws of physics”.

Calling their work the “first complete device-independent proof of security of quantum key distribution that tolerates a constant noise rate and guarantees the generation of a linear amount of key”, the authors say that while their proof is “non trivial” it can be implemented in a relatively simple protocol.

The basic assumption is that both Alice and Bob must generate a certain amount of randomness, and that this randomness can't be predicted by any eavesdropper, even if the eavesdropper is the device manufacturer. In the classical world, it's like having confidence that the randomness of a pseudo random number generator is sufficient to protect a communication even from the person who wrote the software.

Putting this in the frame of quantum mechanics, the APS Physics article explains “if the devices held by Alice and Bob violate a Bell inequality (which can be checked directly by analysing correlations in their input-output behaviour), then they cannot be operating according to a preprogrammed deterministic strategy”.

The Vazirani/Vidick paper demonstrates that there's an upper bound to what Eve could learn about Alice and Bob's private key, even as the device manufacturer, and within that framework, privacy amplification (discussed on Wikipedia) generates a new, short key that Eve can't access.

The proof also claims to be an advance on previous device-independent proofs that depended on gathering statistics about device inputs and outputs, since these could only result in a proof if there was a large number of devices to provide inputs to the models. As the Vazirani/Vidick paper notes, such proofs “are polynomially inefficient and unable to tolerate noisy devices”.

To turn proposal into product will, however, need improvements in quantum cryptosystems, because Vazirani and Vidick are forced to assume a noise rate of 2 per cent to achieve a decent key exchange rate – and that's beyond the reach of current QKD systems. ®