Quantum resistant blockchain: QKD and quantum resistance. Part B

You can read part A here

Here’s how QKD works:

Alice and Bob want to talk. But they must be sure Eve can’t detect what they are saying. So they use encrypted messages that can be encrypted and decrypted by the use of a shared secret key. The key must be unique and secure. This secure key must be established and agreed on between Alice and Bob in such a way that Eve can’t get the key. The key consists of a number of random bits consisting of the usual variation of either 1 or 0. (Don’t confuse this with private- public key cryptography. Private- public key cryptography is used to sign and authenticate messages. This is something totally different. Decrypting and encrypting messages with a shared secret key is to make sure no one can read what you are sending.)

So before Alice and Bob can start a secret conversation, they need to establish a secret key that only they have. To establish the secret key, Quantum Key Distribution is used. First the key is created by Bob. (Not by using QKD. QKD will only be used to send the secret key to Alice.) After the secret key is generated by Bob, he will send the key, so the random variation of 1’s and 0’s, to Alice using QKD. QKD is basically a method of sending and receiving information by making use of quantum superpositions or quantum entanglement and transmitting information in quantum states, usually by using photons. This abstract description should make this understandable:

4 different types of particles can be sent. The first set of particles can be imagined as 45 degree tilted particles: \ and /. (I will call these 45s) The second set of particles can be imagined as 90 degree tilted particles: | and — . (I will call these 90s)

The 45s can be translated to bits. Either a 1 or a 0. The 90s can also be translated to bits. Same here: either a 1 or a 0.

The 45s can be translated into bits by guiding them through a receiver, while that same receiver can’t translate the 90s into bits with a higher certainty than 50%. The 90s can be translated accurately to bits by a second type of receiver, which in turn can’t translate 45s with a higher certainty than 50%.

This can be visualized like so: The 45s receiver will send the particles through a “X shape”. The | or the — can’t fit through this unaltered, because the X won’t let them, so if you send a | or an — through the X shape, it will come out as a / or a \. The chance is 50% for either outcome, while the / or the \ fit through unaltered and will be registered as the intended bit. (Either a 0 or a 1.) While the — or the | are altered from an intended 0 to a 1 or vice versa with a 50% chance.

For the 90s receiver it’s the exact opposite. It will send the particles through a + shape, where the — or the | fit through unaltered, but the / and the \ can’t get through unaltered.

So the 4 kinds of particles are sent over a quantum channel from Bob to Alice. They are generated by a same principle as receiving the particles: by sending particles through an X or a +. This happens randomly though, so neither Bob nor Alice know up front whether they need to translate with a 90s or a 45s receiver. So Bob can’t tell Alice what receiver she needs to use and thus to receive, Alice makes a random choice for the translation of each particle: she either uses the 90s receiver or the 45s receiver. She uses this randomness to translate the whole sequence into bits. On average 50% of the sequence will be 45s and 50% will be 90s. Therefore half of the translated bits are correct, while the other half will be translated with a 50% accuracy. As a result, the total translation will be for 75% correct. So she now has a sequence of bits that is for 75% accurate. To complete the key generation, Alice now will send Bob information about which receiver she has used for each received particle. She can do this over an insecure network. Bob checks which bits Alice has translated with the right receiver, and knows which bits are correct. So now he sends here information on which bits are the correct ones. This can be done without revealing whether it is a 0 or a 1, it will just indicate which bits at what position in the sequence she has measured with the right receiver, and Alice knows whether that is a 0 or a 1. Now they both know which bits Alice has correct of Bobs original sequence. They both disgard of the ones Alice has wrong, and they end up with a similar and unique key.

Now if Eve would be “listening” she would have to read all the particles the same way. Only when she reads this, she will, (just like Bob and Alice) not know which receiver to use and she will randomly switch receivers. The result for Eve will be the same. She will have 75% correct. But, (and this it where it goes wrong for Eve), after she has read the sequence, she has altered 25% of the sequence. (50% went through the correct receiver and are unchanged, and the other 50% went through the wrong receiver and thus half of the output of that 50% is is altered. So 50% of 50% = 25%) This results in Eve sending the sequence through to Alice, but this sequence is only for 75% the correct sequence as Bob has sent. Now if Alice translates that sequence, she will have a 62,5% correct bit sequence.

If Alice and Bob compare bits, they will know the percentage of bits that Alice has right, is around 62,5%, instead of 75%. Now they know someone has tried to listen, and they won’t use that key and try to generate a new key.

Very cool tech. But here come the flaws:

- The first problem with QKD is that an attacker can prevent Alice and Bob to exchange a 100% safe secret key, simply by listening in on their channel. Alter-by-listening. The attacker doesn’t even have to register the secret key. Simply the fact that Alice and Bob know that someone is listening, will make them discard the key and not be able to securely communicate.

- A second problem is the possibility of a Man In The Middle attack. (MITM attack). The problem is this: after they have exchanged their info on a 75% accuracy, they have now agreed on the fact that they use the same key and start a conversation. Note that we stopped talking about Alice and Bob, and instead use they. The thing is: they can’t know for sure who they are talking to. Maybe there is someone literally in the middle of the communication channel. And maybe this is the person who is sending the 75% accurate answer back. So Bob would be talking to the attacker, instead of Alice. Or maybe the one sending the bits to Alice is the attacker instead of Bob. So the listener could be performing an MITM attack. Alice and Bob just have no way of knowing for sure who they are talking to. So to prove for themselves that Alice and Bob are actually talking to each other, and not to an attacker, they need to have a shared secret that only they both know. So the first message they would exchange would be the shared secret to authenticate themselves to each other. Like in a movie it would be something like “It’s cold in november” “Yeah, but only when it rains”. They both know what the other is supposed to say, and thus they know they talking to the right person. The obvious problem is: how will you let each other know in advance what the shared secret is without a secure communication channel? Wasn’t QKD supposed to be that secure channel? Apparently you need a secure communication channel before you can securely use QKD, which you wouldn’t need to use if you had a secure communication channel in the first place.. See also here for a paper on this subject.

- The encrypted messages can be sent over any conventional insecure network. But the key distribution by QKD needs to be done over a special network. This creates the third problem, and this should maybe be the first problem, since it ends practical use in the near future. QKD needs you to send your key exchange over a special network: a quantum communication channel which allows quantum states to be transmitted. So for this to work, this network needs to be there. Worldwide preferably if people around the world would want to be able to use this system. Like a second internet. But that network doesn’t exist. (Yet, you could say, but there are no plans to create such a network either. And again here you could add “yet”.)

- Oh, and also, sending and receiving of quantum states presents another problem: you would need a quantum-key distribution box to send and receive keys. Which the average Joe isn’t going to buy since the vulnerability by Alter-by-listening and MITM attacks. So yeah, publicly and wide scale used QKD? Not very likely.

Really cool and interesting on a scientific level though.

On a side note: A truely quantum resistant blockchain needs a quantum resistant signature scheme. Quantum Resistant Bockchain exists in full glory as we speak. QRL uses XMSS sinds launch, a quantum resistant signature scheme. “NIST currently intends to approve both LMS and XMSS.”

How do you rate this article?



Allen Walters
Allen Walters

Fascinated by blockchain and future proofing cryptocurrency. Discover the tech before it gets relevant. Twitter: @IgnoranceIt

Quantum resistant blockchain in 7 parts
Quantum resistant blockchain in 7 parts

Quantum resistant blockchain and cryptocurrency, the full analysis in seven parts.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.