News

Fraud-proof credit card possible because of quantum physics

Cards, such as identification cards and credit cards, which are impossible to hack. With a system based on quantum physics this will soon be possible. Researchers from the UT research institute MESA+ and the Eindhoven University of Technology (TU/e) have together developed a method with which you can authenticate physical objects which are impossible to copy. The research has been published today in The Optical Society’s (OSA) new high-impact journal Optica (and is shown on the cover).

Technologists are fighting a continuous battle with people with malicious intent to secure bank cards, credit cards, identification cards and locks of, for example, cars. In bank cards the magnetic stripes have been replaced with a chip with a small microprocessor and a secret code, but the chip can still be copied and hackers have recently managed to discover the accompanying code. Car thieves are currently also already able to steal cars by turning the digital door lock to suit their purpose. To achieve this they don't use a copy of the key but are, armed with just a laptop, able to imitate the 'question-answer' game that the lock plays with the key.

Researchers of the University of Twente have together with the Eindhoven University of Technology developed a method which makes it impossible to hack cards or imitate their properties, even if those with malicious intent have all the necessary information at their disposal, such as the complete structure of the card. The method uses the quantum-physical fact that light particles (photons) can be in multiple locations at the same time. This fact is known from the famous double-slit experiment that forms the basis of quantum physics.

White paint

A card is equipped with a paper-thin layer of dry white paint which contains millions of nanoparticles. If you send a light particle into the paint it will, like in a pinball machine, 'bounce' between the nanoparticles until it escapes. If a bank sends a complicated pattern of light dots that's unique for each transaction (a 'question') into the paint, you will subsequently be able to detect a new unique pattern of escaping light particles (the 'answer') at the surface. The bank will only approve of the card if this pattern of dots is correct.

Quantum physics against digital attacks

If the bank uses 'normal' light in this with a lot more photons than just the light dots, an attacker can measure the entering dot pattern and return the correct dot pattern with, for example, a projector, so that the bank will not be able to see a difference between the real card and the signal of the attacker. The clever solution of the researchers springs from quantum physics. Because a photon can be in multiple locations at the same time it's possible to send a pattern into the paint that consists of fewer photons than light dots. Because there aren't enough photons in that case, an attacker can no longer measure the entire pattern, and will therefore not know which question the bank is asking. He will therefore have no idea which answer to send back, while the bank could check the answer with even just one photon.  

Quantum, but not difficult

According to Prof. Dr Pepijn Pinkse, who leads the research, it is a unique way to provide security suitable for, for instance, (government) buildings, bank cards, credit cards, identification cards and cars. “The best thing about our method, which we've called Quantum Secure Authentication (QSA), is that secrets aren't necessary. So they can't be filched either." QSA can be employed in numerous situations relatively easily, as it uses simple and cheap technology which is already available. The layer of paint is cheap and easy to apply and the read out equipment consists of a simple laser (as in CD players), a simple image sensor and an image-forming chip as is present in every modern projector.

Research

The research has been performed by Sebastianus Goorden, Marcel Horstmann, Allard Mosk and Pepijn Pinkse of the MESA+ Institute for Nanotechnology in the Complex Photonic Systems group of the University of Twente, in collaboration with Boris Škorić of the Eindhoven University of Technology. This research has been made possible by funding from the Foundation for Fundamental Research on Matter (FOM), the STW Technology Foundation, the European Union and the Netherlands Organisation for Scientific Research (NWO).

Here you can find the article Quantum-Secure Authentication of a Physical Unclonable Key.

Joost Bruysters
Press relations (available Mon, Wed)