UTFacultiesTNWResearchDept ANPAQONewsCRYPTOGRAPHY WITHOUT SECRET KEYS

CRYPTOGRAPHY WITHOUT SECRET KEYS

Most security methods, for instance for access to buildings or for digital signatures, use cryptographic keys that must at all costs be kept secret. That also is the weak link: who will guarantee that the key doesn’t get stolen or hacked? Using a physical unclonable key (PUK) – this can be a stroke of white paint on a surface – and the quantum properties of light, COPS-AQO researchers with colleagues from Eindhoven University of Technology present a new type of data security that does away with the need of secret keys. They present their method in the journal Quantum Science & Technology.

Information security, in online banking for example, often works with a combination of a public key and a private key. The public key is known to everyone, but for creating a digital signature, a private key is necessary. This is a cryptographic method that only works if private keys are kept secret. But are we certain that these keys can’t be intercepted, by negligence or by a computer hack?

The alternative the researchers present in their paper, is a physical key that cannot be cloned, a PUK (Physical Unclonable Key). This can be a stroke of white paint that strongly scatters light because it consists of many nanoparticles. The result is a unique speckle pattern. Making a key with exactly the same scattering properties is impossible: no paint surface will be the same. The PUK’s properties can be publicly available, but only the owner of the key is capable of scattering the light in the right way.

Quantum

Using a complex spatial pattern, the sender transmits light pulses to the key of the receiver. These pulses consist of a small number of photons which are in a quantum state. Under the laws of quantum physics, this quantum state will be disturbed as soon as it is measured. This means that, without having the PUK, no one will be capable of determining the quantum states of the photons. The key, however, will effortlessly translate the photonic signal to comprehensible information. Anyone can send light to the PUK, but only the PUK owner will be able to decrypt the light pattern to information that makes sense.

In this way, a secret message can be sent without the need of storing secret keys. The receiver, in turn, can also indicate that they know the information stored in the light pulses, and authenticate themselves. So, using standard cryptography, signing a message is possible as well. The PUK is different from other hardware keys on the market, like the Yubikey or readers used by banks, which still use secret digital keys.

Glass fibre

Although the programming of light and the scattering is complicated, there is no need for exotic technology: the PUK is cheap and creating the light patterns can be done using a light modulator that is part of a regular beamer. The technique now works over one meter of free space. An important future application the researchers now work on, is secure transmission of data over a glass fiber.

The paper ‘Asymmetric Cryptography with Physical Unclonable Keys’ by Ravitej Uppu, Tom Wolterink, Sebastianus Goorden, Bin Chen, Boris Skoric, Allard Mosk and Pepijn Pinkse, is published in Quantum Science & Technology on 15 October 2019