Developing a quantum key system to make mobile transactions safer

Developing a quantum key system to make mobile transactions safer
Using off-the-shelf materials, researchers from Oxford University built this hand-held prototype for receiving quantum keys. – could such a device be adapted for use in mobile devices?
Using off-the-shelf materials, researchers from Oxford University built this hand-held prototype for receiving quantum keys. – could such a device be adapted for use in mobile devices?
View 2 Images
Using off-the-shelf materials, researchers from Oxford University built this hand-held prototype for receiving quantum keys. – could such a device be adapted for use in mobile devices?
Using off-the-shelf materials, researchers from Oxford University built this hand-held prototype for receiving quantum keys. – could such a device be adapted for use in mobile devices?
Illustrated charts demonstrating how the QKD system works
Illustrated charts demonstrating how the QKD system works

If you're looking for the most secure way to send data, quantum cryptography, or to be more specific, quantum key distribution (QKD) is it, according to security experts. Based on the laws of physics, when executed properly, QKD promises iron-clad security since any attempt to steal a quantum cryptographic key not only changes it, but also tips off the sender and receiver. So why not use it to make mobile transactions more secure, if not, hack-proof?

There's a reason commercial QKD hardware is used mainly by large institutions such as banks and government agencies. For starters, quantum cryptography requires expensive equipment that's usually only found in optics labs and that only these large-scale organizations can afford. Secondly, said equipment between sender and receiver has to be carefully aligned so they can detect the transmitted photons, which is extremely sensitive to noise. Just the slightest movement is enough to change their polarization and mess up the encryption, which is why, while the idea of using quantum cryptography in mobile devices is appealing, the reality is a different story.

Issues such as arbitrary hand movements during transactions, device misalignment, and fluctuating light levels would make it impossible, while the cost of the gear involved would make it unaffordable.

However, a new study by University of Oxford scientists, with support from Nokia, shows that these obstacles are not unsurmountable. Using off-the-shelf equipment, they developed a compact and low-cost prototype that can send, via ultra-fast LEDs and moveable mirrors, unbreakable secret keys at a rate of more than 30 kilobytes per second over a distance of 0.5 meters to a terminal, regardless of hand movements.

"The idea is that this gadget would be a mobile object that talks to something that is fixed," says study author Iris Choi, a technology associate for the University of Oxford-led National Quantum Technology Hub.

The device makes use of a reference frame independent (RFI) QKD protocol that allows polarization encoding without the need for a point-to-point link connecting all the polarization bases. In their experiments, the researchers encoded qubits in three polarization bases: horizontal-vertical, diagonal-anti-diagonal, circular left-circular right.

"Only one of those bases needs to have a fixed alignment between the transmitter and the receiver," explain the researchers. "As the circular basis is unaffected by relative rotations of the transmitter and the receiver in polarization encoding, it is therefore used to transmit the secret keys. The two linear bases can have any relative alignment and are used to assess the security parameters of the quantum channel."

The system uses six resonant-cavity LEDs to produce these six optical states, each of which is filtered into a different polarization. A one-nanosecond pulse in a random pattern is produced by one of the channels every four nanoseconds. This is picked up by the six polarized receivers on the other end from their matching LEDs, and the photons are then converted into the key.

To prevent hackers from exploiting the variations in wavelengths to uncover the polarization of each channel, the researchers also equipped both the transmitter and the receiver with filters to mask their different wavelengths. This way, they would all shine with the same color, regardless of their polarization.

However, this still leaves one question: how do you generate a quantum key that will not be compromised by the user's hand motions? The answer lies in a beam-steering system to guide the photons to their intended destination so that the device can transmit a large number of bits in less than a second without losing too many of the particles.

Illustrated charts demonstrating how the QKD system works
Illustrated charts demonstrating how the QKD system works

To do this, the researchers first analyzed the fluctuating movements of a spot produced by a person holding a laser pointer and then used them to improve the efficiency of elements such as bandwidth and field of view in the beam-steering system. To ensure a tighter alignment between the transmitter and receiver, as well as further correction for hand movement, the researchers installed an independent LED beacon (of a different color than the QKD ones) and a position sensitive detector (PSD) at each terminal. The latter measures the precise location of the beacon and moves a microelectromechanical systems (MEMS) mirror to align the incoming light with the fiber optics of the detector.

While this proof-of-concept is the first to show that secret keys can be sent securely from a handheld device to a terminal, there's still room for improvement. As the researchers note, the design could be miniaturized further so it can be integrated into mobile phones. Other areas for further study include ways to increase the transmission rate, as well as the range of the device so that it can, for instance, connect with a Wi-Fi hub.

In any case, this demonstration is a step forward for a real-world security application. As it stands, there is an urgent need for a better banking security solution. ATM skimming attacks, for instance, are increasing worldwide, with the US alone experiencing a 546 percent increase from 2014 to 2015, and the global banking industry losing more than US$2 billion annually.

On a related note, quantum cryptography could also help boost the adoption of mobile payments among merchants and consumers by allaying security concerns. According to a study conducted by Oxford Economics and Charney Research, security fears are one of the biggest reasons people in developed countries (as opposed to developing countries like China and India) are reluctant to embrace mobile payments.

Of 2,000 consumers surveyed across 10 countries, including the US, UK and Germany, 55 percent believed that mobile money is less secure than a physical wallet; 70 percent worried about their information being stolen; and 74 percent said they were more likely to use it if there was greater protection against fraud losses. Quantum cryptography could very well be the solution to this issue, but as the Oxford researchers note, technology costs will have to be kept low in order to ensure mass adoption.

The study was published in Optics Express.

Source: The Optical Society

Cool tech, but absurd use cases and examples, and the tech itself is "faked" - unstealable-keys is not the same thing as defenses against keys being stolen: the diodes are in physically different places, those keys will always be subject to theft on that account alone - not to mention the fact that a phone is a computer spewing out RFI revealing its internal operations at all times...
Banking crime is caused by idiots, not technology failures. Users who fall prey to malware or re-use passwords, phone companies who port numbers improperly, staff who get social-engineered, and security people who sit back and do nothing when skimming solutions exist (chip cards are more than 20 years old, but mag-stripe still rules in banking - that's idiot banks doing that, not the fault of the antique tech they should have stopped using last century already).
Norway is TIME's happiest country, followed by Denmark, Iceland, Switzerland, Finland, Netherlands, Canada, New Zealand, Australia, and Sweden. Is it a coincidence that the happiest countries have the highest levels of direct democracy?
Encryption could enable US to shift to direct democracy via online referendums. We could vote securely on our cellphones for every law to pass or not to pass. Although no voting system is absolutely safe, encrypted online voting is more secure than actual voting systems. It is the key to good government and will increase voter participation enormously.
Some are still not convinced however, and others are afraid that real democracy will dilute their power. Still others don't believe that the voting public is capable of casting an educated vote. However, in more direct democratic countries, voter participation is close to 100% and people educate themselves on the issues because unlike in America, they know their vote counts.
Quantum computing will eventually make online communications 100% secure. With EOV and soon quantum computing, America has a chance to become the happiest country instead of number 14 on TIME's list.