Is quantum communication really safe as we expect?
- Raspberry Pi 5 vs. Mini PC with Intel N100 Processor
- Huawei NearLink Surpasses Bluetooth and WiFi on All Fronts
- Huawei: First Wi-Fi 7 Router BE3 Pro with 2.5G Port at US$68
- What are the differences between WiFi6 WiFi6e and WiFi7?
- PBX On Raspberry Pi
- FreePBX vs. FusionFBX
Is quantum communication really safe as we expect?
Recent years, more and more concerns about what quantum communication is, whether quantum communication can replace traditional communication, and the authenticity of the unconditional security of quantum communication claimed by scientists.
Some articles about the popularity of quantum communication have been published on the Internet.
While answering many people’s puzzles, they have also caused some heated discussions.
Unfortunately, many controversial questions have not been answered authoritatively for a long time.
For those eager to get answers, carry out For people who have explored more deeply and extensively, it is unavoidable to regret again and again.
The issue of quantum communication security involves many aspects of knowledge such as quantum theory, information security management, and network communication.
It is extremely difficult to fully discuss such a large issue.
Discussions on topics in other fields, so discussions on this issue tend to be limited to a single perspective, and in view of the lack of detailed introductions about the current construction of quantum communication networks, the focus of discussions often loses sight.
In view of this, based on the discussion results of everyone and my own thinking, we will discuss this issue in a comprehensive manner. Before talking about it, we need to clarify that I am not an expert in all the above fields, so all the objects, theories, and conclusions mentioned need to be discussed in the category of doubt first.
The purpose is not to draw any conclusions, but to In order to guide more professional people to carry on this very valuable topic.
Again, all the conclusions in the article may be wrong, and experts are very welcome to correct them.
What can quantum communication do?
If you ask this question to any ordinary person, the answer he gives may be to use quantum technology to replace traditional means of communication.
For example, the current optical fiber, relay, routing, switch, and server will be replaced by a new quantum network. , Sending and receiving e-mails, Internet access, instant messaging, etc. will all use quantum communication means, our information will be able to obtain unconditional security and confidentiality, no longer worry about our account being stolen, no longer worry about being deceived by false WIFI.
Unfortunately, this is a false impression that quantum communication cannot yet do this.
Due to technical limitations, the code rate of quantum communication is extremely low, and may only achieve a transmission rate of tens of bits per second.
Of course, the exact bandwidth depends on the specific project, but there will be no essential improvement, so quantum communication must It can only be used in the field of extremely lightweight communication.
There are only a handful of such fields. At present, only key distribution can be used in this system, and such a network needs the support of traditional communication networks in order to work.
The full name of the current quantum communication network should be the quantum key distribution network system.
As for whether such a lightweight application that is only responsible for key distribution is worthy of the name of quantum communication is debatable, but this is not important.
We only need to know that even if this quantum network is put into practical application, in fact, in daily life, you You still can’t see its existence, and almost all your security measures are still under traditional communication encryption methods, almost all information is still transmitted on traditional optical fibers, and your account will still be stolen. If you are not careful, you It will also be cheated by fake WIFI.
You may be a little disappointed seeing this, as if this is not what you originally thought?
Yes, maybe because it feels like it’s too much to explain, or because you feel like you’re going to be disappointed, our scientists haven’t had the patience to clarify this clearly.
Is quantum communication network construction expensive?
Compared with ordinary fiber optic network construction, this is indeed the case, but I don’t know whether it is a little more expensive or several times more expensive, or it is an order of magnitude more expensive.
Quantum communication networks still use optical fibers, but because quantum communication transmits and receives photons of the order of single photons, low-loss optical fibers need to be used. These are not ordinary optical fibers, they are all laboratory-grade high-purity optical fibers, and they are not expensive.
How weak is the light of single photons, and how does it compare with the light transmitted by ordinary optical fibers?
To put it more vividly, I am afraid it is similar to the comparison between a bean candlelight and sunlight.
Traditional laser transceiver equipment cannot meet the requirements of quantum communication at all, so all equipment must be dedicated, plus single quantum generators, detection devices, repeaters, etc., all of which are tailor-made for quantum networks , although it cannot be said that they are all laboratory-level devices, compared to ordinary communication equipment, they can be called a model of high technology.
China is the first country in the world to build a quantum network on a large scale.
These devices have not formed an industrial scale, and the law of the industrial price formation mechanism cannot escape.
Therefore, the construction of a quantum communication network is a scientific research and practical project that requires a large investment.
It costs a lot of money, so people are more concerned about whether such a high-intensity investment is worth the money.
Are the current means of security and secrecy failing?
At present, two methods of symmetric key and asymmetric key are basically used in the field of communication and information security, and information security depends on the encryption length of the key.
The symmetric key means that the information sender and receiver use the same key.
When transmitting information, the sender encrypts it with the key, and the ciphertext is sent to the receiver through the public network, and the receiver uses the same key to decrypt it.
Symmetric keys cannot be directly transmitted over the Internet in plain text.
The asymmetric key uses a pair of different keys.
One key is a public key, which is used by the sender to encrypt information, and the other key is a private key, which is used by the receiver to decrypt.
The public key allows clear text transmission on the Internet.
Speaking of this, it is inevitable to mention that because the public key allows plaintext transmission, the private key is only kept locally and not published online, so quantum communication is not needed for protection. In this case, only the symmetric key needs to be protected by quantum communication.
Due to the prism door and the proliferation of hackers, people are increasingly concerned about network security issues.
Whether there are loopholes in the key encryption mechanism and whether there is a backdoor in the encryption algorithm have always been questioned by people. such as symmetric encryptionIn the DES algorithm, it is not known where the digital matrix of one of the S boxes comes from.
Some people suspect that there is a hidden backdoor in it, which can directly crack the information. However, after decades of application, no obvious loopholes have been found in theory and application. Algorithm analysis did not find possible backdoors.
The current method of cracking the key is to crack it by force, that is, trial and error one by one.
The effective key of single DES encryption is 56 bits, and the effective key of enhanced version 3DES is 112 bits.
Single DES is not safe, and there have been specially designed machines that can crack it very quickly, so now all symmetric keys use 3DES , and 3DES is safe enough.
Decades of practical conclusions, we can believe that the information encrypted by the key is safe enough, and the existing technical means cannot be cracked.
The current communication process adopts a one-time pad system, that is, every time a message is transmitted, it is first encrypted with a temporary key.
After use, the key is invalidated, and the next time the message is sent, a newly generated key will be used.
Theoretically, it has been proved that as long as the key is not reused, it is impossible to crack the information encrypted by a key of equal length or longer.
So we don’t see dark clouds in the sky of key encryption for the time being.
When evaluating the security of quantum communication, we will compare it with the security strength of traditional key encryption.
Be prepared for danger in times of peace, quantum experts tell people that future quantum computers will be able to crack asymmetric keys in seconds.
But at present, there are too many problems in quantum computing.
If you really understand this field, you will know how confusing the claims here are.
Many things are actually unknown, even the stability of quantum computing and the feasibility of multi-step quantum computing.
Whether the actual time-consuming (but not the time complexity) of quantum computing will increase exponentially with the scale of the problem is unknown.
Using the experience of traditional algorithms to predict the performance of quantum computing will eventually surprise people.
Quantum experts do not know more about these issues than ordinary people, and if there is a new quantum computer, there must be a new quantum encryption method, we can wait patiently.
Of course, it is good to have the feeling of being prepared for danger in times of peace, but sometimes it is difficult to distinguish the difference between this and unfounded worry.
Everyone has different judgments and naturally takes different actions. The heart is prepared, but wait and see the changes, after all, the sky has not changed.
What is the difference between a key and a password ?
Movies often see cipher-breaking geniuses with pencils on their ears deciphering encrypted information in seconds.
This gives the impression that there are indeed geniuses who can gain insight into the decryption method from the characters falling like raindrops on the screen.
I had to correct some confusing things like keys and passwords. A password is a password you use every day.
When you try to enter a system and log in to an account, you need to enter this thing called a password, which is equivalent to a key to a door.
When you open the door, everything inside is actually is a resource you can have. Of course, the password you use to encrypt the file is also the password, such as the compressed package password.
The key is not something you can see, it is used by the system to encrypt information transmitted over the Internet.
You use the key every day, but you don’t feel its existence at all. The key is a security guard that silently protects your transmitted information from being stolen.
Password cracking and key cracking are not the same thing at all. All the movies are about password cracking.
Maybe this person knows what the person who set the password likes. Because he has more personal information, he can try it with a purpose.
For example, some people like to use birthdays or phone numbers as passwords, or simply set auspicious numbers such as 888888 for their bank cards at ATMs .
Password setting will reflect personal preferences. Many companies have special requirements on how employees set passwords.
The purpose of these requirements is to destroy personal preferences for passwords as much as possible, making passwords appear more random. But I believe very few people do this really randomly.
The key can be different, and the randomness of the key is realized through an algorithm.
We can safely agree that the key has no rules to follow at all, and the genius who cracks the key may be no one but God.
Key distribution management
It is necessary to have a preliminary understanding of the distribution management process, because it involves too many technical details, impatient readers can just skip it, and it will not affect the follow-up content understanding.
As mentioned above, the encryption methods are divided into symmetric encryption and asymmetric encryption, because the private key in the asymmetric key is stored locally and is absolutely not allowed to be published on the Internet.
Only the public key can be transmitted in plain text through the public network. Therefore, there is no requirement for secret key distribution for asymmetric keys, and naturally there is no need to use quantum communication methods to keep them secret.
We only need to examine the distribution management of symmetric keys.
There are many mature key distribution management organizational structures and management processes, and the specific implementation technical means are similar
. Since the organizational structure of quantum key distribution has not been published, we assume a relatively common simplified model and use it to describe the distribution logic of quantum keys.
Regardless of the method used for key distribution, several principles must be adhered to:
1. The key is not allowed to be transmitted online in clear text at any time
2. The key is transmitted on the Internet as indirectly as possible (only random numbers are transmitted)
3. Users must unconditionally trust KDC (Key Distribution Center)
4. Users must trust themselves unconditionally
Conditions 1 and 2 restrict the key from being intercepted in plaintext on the public channel, but the ciphertext is not protected, so we require the encrypted key to have a high encryption strength, usually using 3DES encryption .
We need to remember that the channel security encryption strength of the traditional key distribution system is equivalent to this 3DES .
Here, the security of the channel is additionally emphasized, because the place where quantum communication works is only the channel. We expect quantum communication to provide higher encryption than 3DES degree.
KDC is a real security weak link, because it may store the keys of all users. We currently do not have any technical means to ensure the absolute security of KDC .
Everyone will be happy, you can use quantum means to protect the KDC , because the work of quantum key distribution is to transmit the master key from the high-level KDC to the next-level KDC in turn .
Unfortunately, the quantum key distribution system is only responsible for the security of this part of the communication physical link, that is, the security from one end to the other end of a section of optical fiber.
At present, there is no quantum encryption method to protect each node on the link, including the middle Repeaters, routers, switches, servers, what was the original security status of these facilities, and they will remain the same after the implementation of the quantum communication project. KDC includes a bunch of routers, switches, servers, etc.
We must trust it unconditionally, not because it is unconditionally safe, but because if we want to continue the key distribution work, we need to endure insecurity in some links.
Fortunately, in a complete communication network, the number of KDCs is strictly controllable, and certain technologies and strict management regulations can basically make us feel at ease about it.
Usually KDC adopts hierarchical management. The figure below is a simple organizational structure diagram of the key distribution of the secondary KDC .
This figure shows the key distribution of each node after the key distribution is completed:
- KDC-P is the highest-level KDC , including two subordinate KDC nodes KDC-A and KDC-B , and locally saves the master key PK of this node and the master keys PKA and PKB of subordinate nodes
- KDC-A is a secondary KDC , including two end users UA1 and UA2 , and locally saves the master key PKA of the node and the master keys PK-UA1 and PK-UA2 of subordinate nodes
- KDC-B is a secondary KDC , including two end users UB1 and UB2 , and locally saves the master key PKB of the node and the master keys PK-UB1 and PK-UB2 of subordinate nodes
- UA1 is an end user, and saves the master key PK-UA1 of this node locally
- UA2 is an end user, and saves the master key PK-UA2 of this node locally
- UB1 is an end user, and saves the master key PK-UB1 of this node locally
- UB2 is an end user, and saves the master key PK-UB2 of this node locally
In the initial state, only the master key PK is saved in the top-level KDC-P , and other nodes are in the state of key distribution. Next, we simulate a key distribution process from the top-level KDC-P to the end user UA1 .
Step 1: KDC-P encrypts the random number R1 with PK , generates PKA , and requests the public key from KDC-A .
Step 2: KDC-P uses an asymmetric encryption method to encrypt PKA with a common key , and sends the ciphertext to KDC-A ; or sends the key to KDC-A through non-communication means, such as a messenger . At this stage, quantum communication can be used to send PKA to KDC-A
Step 3: KDC-A decrypts the received PKA ciphertext with the private key to obtain PKA , or receives the key sent by the messenger. At this stage, the PKA sent by KDC-P through the quantum channel can be received
Step 4: KDC-A uses PKA to encrypt the random number R2 , generates PK-UA1 , and requests the public key from UA1
Step 5: KDC-A encrypts PK-UA1 with the public key in an asymmetric encryption method , and sends the ciphertext to UA1 ; or sends the key to UA1 through non-communication means, such as a messenger . At this stage, the current technical capabilities and economic conditions limit the use of quantum communication methods
Step 6: UA1 decrypts the received PK-UA1 ciphertext with the private key to obtain PK-UA1 , or receives the key sent by the messenger.
In the above process, only the second and third steps use quantum communication technology.
Since asymmetric encryption is also used at this time, it can be considered that the security strength of this process is at least not lower than the encryption strength of the asymmetric key, and there is no secret that can be leaked. loophole.
This stage is the process of key initialization that occurs during the initial operation of the system. For a mature system, this process has already been completed, so the key distribution work is actually the process of updating the master key.
We assume that the above-mentioned master key initialization process has been completed, then the process of updating the master key will be as follows, still using the example of updating the key from KDC-P to UA1 .
The key changes for each node will be:
- KDC-P master key PK –> PK#
- KDC-A master key PKA –> PKA#
- UA1 master key PK-UA1 –> PK-UA1#
The specific key update process is described below:
Step 1: KDC-P self-updates the master key and replaces PK with PK#
Step 2: KDC-P uses PK# to encrypt random number R1 to generate PKA# , then PKA encrypts random number R2 to generate session key K1 , uses K1 to encrypt PKA# , and forwards R2 and PKA# ciphertext to KDC -A . At this stage, quantum communication can be used to directly send PKA# , or send R2 and PKA# ciphertext
Step 3: KDC-A receives R2 and PKA# ciphertext, uses PKA to encrypt random number R2 to generate session key K1 , uses K1 to decrypt PKA# ciphertext, and replaces PKA with PKA# . At this stage, the PKA# or R2 and PKA# ciphertext sent by KDC-P through the quantum channel can be received
Step 4: KDC-A uses PKA# to encrypt random number R3 to generate PK-UA1# , then PK-UA1 encrypts random number R4 to generate session key K2 , uses K2 to encrypt PK-UA1# , and combines R4 and PK -UA1# The ciphertext is forwarded to UA1 . At this stage, the current technical capabilities and economic conditions limit the use of quantum communication methods
Step 5: UA1 receives R4 and PK-UA1# ciphertext, uses PK-UA1 to encrypt random number R4 to generate session key K2 , uses K2 to decrypt PK-UA1# ciphertext, and uses PK-UA1 to PK-UA1 # replace
In the above
To summarize the above key distribution process, traditional technical means, the key is transmitted on the public network in the form of ciphertext, even if it is monitored, the difficulty of cracking the key depends on the encryption strength of the symmetric key.
Since the quantum communication security method does not apply to the KDC , but only protects the optical fiber physical communication link between the KDCs , it can be considered that the weakest KDC node in the network has not improved its security even if it uses quantum communication technology.
Using quantum communication means, when the key is transmitted in ciphertext, the channel security level is not less than the length of the encryption key.
When the key is transmitted in plaintext, the security level depends on quantum security technology. At this time, if the quantum communication is not unconditional Security, the key transmission process may cause leakage.
Network security is the security of the entire system.
According to the principle of wooden barrels, the amount of water filled depends on the shortest piece of wood.
The degree of network security is also determined by the least secure links.
Therefore, compared with the attacker, the attack power The measurement standard is determined by the sharpest spear, and defense is far more difficult than offense.
At present, all aspects of network communication are basically protected by key encryption. The information that needs to be kept secret is transmitted in ciphertext on the network link.
The exception is the KDC and the end user itself. If we ignore this shortcoming, then basically In the above, we are more confident that the entire traditional network communication is under strict key protection.
Even if anyone who tries to steal secrets obtains the encrypted information, it will become worthless because it cannot be cracked.
I think we should agree with this point of view.
When quantum communication is put into this network, the wooden barrel principle must also be used to evaluate the security level of such a network.
Of course, to be fair, factors such as KDC and end users are still excluded .
The unconditional security we expect scientists to give refers to the security of the entire network, not the security of a certain part. In addition to KDC , there are actually many network devices, such as routers, switches, servers, repeaters, etc. Are they unconditionally safe in quantum networks?
Of course not, we have not thought of any quantum means to make these devices unconditionally safe. I heard the thief let out a sigh of relief.
Just now, my Internet was restored, and the network was inexplicably interrupted for a small night.
A practical network needs to consider the occurrence of various unexpected situations, in fact, unexpected situations happen every day.
This leads to another question that no one has ever answered, which is how robust is a quantum network?
You must know that the construction of quantum network is really a bit of a luxury.
With such a large investment, it must be used wisely, and it must be used well, and it must be easy to use.
If the key is distributed like a bank, if the network is blocked, the business cannot be processed; if the army is fighting, the command system cannot issue orders, and the army will not know how to execute them.
When this happens, it is sometimes more deadly than safe for a practical network. Network construction is not only a security issue, but also usability issues.
After all, an unavailable network has the same effect as no network.
These two issues will be discussed later.
Is quantum communication really safe as we expect?