Computer security systems may one day get a boost from quantum physics.
That is because there is a new way to make a security device that has proved notoriously difficult to build: A “one-shot” memory unit, whose contents can be read only a single time.
The research shows in theory how the laws of quantum physics could allow for the construction of such memory devices, according to computer scientist Yi-Kai Liu of the National Institute of Standards and Technology (NIST).
One-shot memories would have a wide range of possible applications such as protecting the transfer of large sums of money electronically. A one-shot memory might contain two authorization codes: One that credits the recipient’s bank account and one that credits the sender’s bank account, in case the transfer ends up canceled. The memory could only be read once, so only one of the codes can end up retrieved, which means only one of the two actions can be performed, not both.
“When an adversary has physical control of a device, such as a stolen cell phone, software defenses alone aren’t enough; we need to use tamper-resistant hardware to provide security,” Liu said. “Moreover, to protect critical systems, we don’t want to rely too much on complex defenses that might still get hacked. It’s better if we can rely on fundamental laws of nature, which are unassailable.”
Unfortunately, there is no fundamental solution to the problem of building tamper-resistant chips, at least not using classical physics alone. Scientists tried involving quantum mechanics as well, because information encoded into a quantum system behaves differently from a classical system.
Liu is exploring one approach, which stores data using quantum bits, or “qubits,” which use quantum properties such as magnetic spin to represent digital information. Using a technique called “conjugate coding,” two secret messages, such as separate authorization codes, can end up encoded into the same string of qubits, so a user can retrieve either one of the two messages. But as the qubits can only be read once, the user cannot retrieve both.
The risk in this approach stems from a more subtle quantum phenomenon: “Entanglement,” where two particles can affect each other even when separated by great distances. If an adversary is able to use entanglement, he can retrieve both messages at once, breaking the security of the scheme.
However, Liu said in certain kinds of physical systems, it is very difficult to create and use entanglement, and shows in his research that this obstacle turns out to be an advantage: Liu presents a mathematical proof if an adversary is unable to use entanglement in his attack, that adversary will never be able to retrieve both messages from the qubits. Hence, if the right physical systems end up used, the conjugate coding method is secure after all.
“It’s fascinating how entanglement — and the lack thereof — is the key to making this work,” Liu said. “From a practical point of view, these quantum devices would be more expensive to fabricate, but they would provide a higher level of security. Right now, this is still basic research. But there’s been a lot of progress in this area, so I’m optimistic that this will lead to useful technologies in the real world.”