We’d like to thank Audible for supporting
PBS.
Quantum computing is cool, but you know what
would be extra awesome - a quantum internet.
In fact if we want the first we’ll need
the latter.
And the first step to the quantum internet
is quantum cryptography.
Quantum theory may seem like an obscure subject
of questionable relevance to the average person.
But in fact much of our technological world
depends on our understanding of the quantum
properties of the subatomic universe.
And soon, perhaps very soon, we’ll be interacting
with the weirdness of quantum mechanics even
more directly – with the coming of quantum
computing and the quantum internet.
Today we’re going to talk about the latter.
Specifically quantum cryptography and quantum
key distribution – the foundations of the
prospective quantum internet.
We may come back to quantum computers in detail
– but for now just a word on why their advent
will demand a quantum internet.
The logic gates of a quantum computer exist
in a state of quantum superposition of many
simultaneous configurations.
This allows the iterations of certain types
of calculation to be done in parallel, and
vastly more quickly than in a classical computer.
For example, a quantum computer can calculate
the prime factors of large numbers extremely
quickly.
This is bad because prime factoring is a cornerstone
of internet cryptography.
For the best description of classical internet
cryptography … on the internet … head
to Infinite Series.
By comparison, my summary will be pathetic,
but here it is: To send encrypted emails or
credit card details two parties need to share
a cryptographic key.
This can be as simple as a number that you
need in order to unscramble a message.
The most secure way to do this would be to
meet under a bridge on a rainy night to swap
a key in advance – a so-called private key.
That’s impractical, so we use public keys.
The most widespread example is the RSA protocol.
Choose two prime numbers - one of which is
large.
Multiply them together to get an even larger
number and broadcast that as your public key.
Anyone can then send you encrypted messages
by scrambling the message with the public
key using a special one-way function.
It's a mathematical process that can't be
undone with the public key - only with its
prime factors, which only you have.
All of this works as long as the public key
can't be easily factorized back into its two
primes.
This is another type of one-way function - it's
much, much harder to factorize large numbers
than it is to create them by multiplication
in the first place.
At least as long as we're limited by classical
computing.
Once quantum computers can factorize public
keys quickly the entire public key system
falls apart.
There are two levels of snooping that encryption
should prevent: simple eavesdropping and man-in-the-middle
attacks.
Eavesdropping is just someone reading some
of your message data without you noticing.
In a MITM attack someone fully intercepts
and controls a communication stream, essentially
impersonating both parties to each other.
The latter is especially dangerous because
the attacker could potentially control the
sharing of a public key, inserting their own
key in the middle.
Entire new levels of authentication are required
to fix this.
Of course you could just meet under a bridge.
A metaphorical quantum-mechanical bridge,
which allows the sharing of a secure private
key.
Enter quantum key distribution.
This is a scheme to allow the generation of
a shared private key, which can be used with
a traditional encryption algorithm, or as
a one-time-pad which encrypts each message
for a one-use key.
While QKD doesn’t really solve the authentication
problem, it does make undetected eavesdropping
impossible.
QKD is actually two different schemes – at
least that we’ll look at today.
Each highlights a different fundamental weirdness
of quantum mechanics – the Heisenberg uncertainty
principle and quantum entanglement.
These will be the keys to unbreakable
cryptography of a quantum internet.
We’ll start with Heisenberg, which of course
we’ve done an episode on already.
The uncertainty principle tells us that we
cannot simultaneously know the values of certain
pairs of properties – for example, a particle’s
position and momentum.
These are so-called complementary or conjugate
variables.
Another example is the polarization of a photon,
a quantum of electromagnetic wave.
Polarization defines the direction that its
electric and magnetic fields … wave.
You can either measure the vertical-versus-horizontal
polarization OR the diagonal-versus-other-diagonal
polarization.
Rectilinear and diagonal polarization are
complementary properties.
Measure one perfectly and you lose all information
about the other.
An unmeasured photon exists in a state of
maybe-vertical maybe-horizontal – a superposition
of the two, with maybe a preference for one
or the other.
It also exists in a superposition of diagonal
states.
You can measure the state by, for example,
sending the photon through a polarizing filter.
That act forced the photon to make a choice
– first which basis – rectilinear or diagonal
– then which actual direction.
So for example, pass a randomly-polarized
photon through a horizontal polarization filter
like a polarized sunglasses lens and the photon
will either decide it’s vertically polarized
and be blocked or horizontal and get through.
Run that now-horizontally-polarized photon
through a vertical filter and it’ll be blocked
because its vertical polarization component
has been measured to be zero.
Try it with two polarized sunglasses lenses
at 90-degrees – all light gets blocked.
In fact here’s an quantum experiment you
can do at home.
Place a third polarization filter in between
the two at a 45-degree diagonal.
Bizarrely, now some light gets through.
What did you just do?
You just switched between different quantum
representations of reality and then back again,
and so invoked the uncertainty principle.
See, any photon coming out of the first filter
has its rectilinear polarization perfectly
measured, which means its diagonal polarization
is completely undefined.
So when it reaches that diagonal filter it
has a 50-50 chance of passing through.
Then its diagonal polarization is perfectly
defined, making its rectilinear polarization
undefined so it has a 50-50 chance to traverse
that third vertical filter.
This is the basis of one of the first quantum
key distribution algorithms developed in 1984
Bennett and Brassard and known
as BB84.
And no, no astromech droids were named after
this key distribution protocol.
Which works like this:
Imagine we have Alice and Bob – no, Albert
and Niels - who want to decide on a private
key for their messages, but don’t want to
meet.
Albert generates a random string of bits,
0’s and 1’s and encodes these bits using
photons polarized in a particular basis, and
uses a randomly chosen basis, either rectilinear
or diagonal, for each of the photon.
These bits are then sent over an open channel
to Niels who then randomly picks a basis of
his own for each photon and projects onto
that.
If he uses the same basis that Albert did,
he gets the same result, i.e. Albert sent
a 1 and Bob also gets a1, otherwise he will
get a random result – Albert sends a 1 but
Niels will get a 1 or 0 with equal probability.
Over that same public channel they randomly
pick a subset of those bits and Albert reveals
which basis was used for those photons, and
what she sent.
If Niels used a different basis he ignores
the result because he knows it will be random.
If he used the same basis he should get the
same answer.
If he doesn’t, they know something was up
- and this is where the quantum part becomes
useful.
If someone... not Eve ... Werner, intercepted
these messages, which were after all sent
on a public channel, and did his own measurements.
He will have disturbed the system in a way
that Albert and Niels could detect.
That’s because Werner, like Niels, can only
pick a random basis each time on which to
project the photons.
If he picks the right one, the photon state
is unchanged, otherwise it will project the
photon onto a random state, meaning Niels
isn’t guaranteed to get the same answer
as Albert, even though they know they used
the same basis.
In this way, Albert and Niels can detect a
man in the middle attack.
They would know that someone had knocked.
Once they have done this test and verified
that the information wasn’t intercepted,
they discard the non-matching measurements
and keep the rest.
Each translates to a bit – 1 or 0 depending
on the basis choice – rectilinear or diagonal.
That gives a number that becomes their private
key, which now only they know.
It’s possible for Werner to get lucky and
guess the exact same basis as Albert and so
not disturb the state.
But the chance is 1 in 2 to the power of the
number of photons, which quickly gets close
enough to impossible given that Werner only
gets one shot.
This makes eavesdropping on the channel impossible.
Man-in-the-middle attacks are in principle
still possible because Werner could impersonate
Albert and Niels from the very start.
But there are classical authentication methods
that can make this very difficult.
So that’s BB84, and it's one path to a secure
quantum internet.
Another way to generate secure keys using
quantum mechanics was developed by Artur Ekert
in 1991.
It uses a similar choice-of-quantum-basis
mechanism but with the added frill of quantum
entanglement.
In fact it looks for violations of Bell's
inequality.
Here we definitely have to direct you to our
full episode on quantum entanglement for the
details.
But the super-brief summary: create a pair
of particles with a quantum property that
is correlated between the two – for example,
electrons with opposite spin axes or photons
with 90-degree polarizations.
Our choice of measurement direction will set
the diection of those spin or polarizations
axes.
Here’s where the entanglement comes in:
choose an axis or basis on which to measure
one of those particles – say up-down for
spin or rectilinear for polarization - and
the other also becomes “measured” in that
basis.
It will have the opposite when measured in
the same basis.
But even if measured in a different basis
to its entangled partner, the results of the
measurements will be correlated in a way that
depends on the choice of measurement basis
at both ends.
This gives us another way to transmit a secure
key.
This time Albert creates a set of entangled
particle pairs and transmits one half of those
pairs to Niels.
He then chooses a set of bases to measure
his own particles.
The choice of basis represents a set of bits.
Niels chooses a random set of bases to measure
the particles he receives.
Because they’re entangled, the outcome of
Alberts and Niels measurements should be correlated
in a very particular way defined by Bell’s
theorem.
If not then they know that the message was
tampered with by someone, even if they can’t
say their name.
But it was probably that Werner dude – he
must have made some measurements and disentangled
the particles en route.
If Bell’s theorem is satisfied, the entanglement
remained intact, no tampering occurred.
Albert and Niels can create a private key
based on the basis choices that happened to
match, just like with BB84.
For now, the classical internet is still moderately
safe – or at least it’s biggest vulnerability
is human stupidity.
Which to be fair will still be the case in
a quantum internet.
But come quantum computers even the smartest
classical security protocols will be compromised.
Then we’ll also need a quantum internet
… which we know how to do in theory, but
it’s a different matter to actually build
one.
Quantum states – and particularly entangled
states – are notoriously fragile and so
it’s hard to transmit them across large
distances.
We’ll show you how to construct a vast,
planet-spanning network of encrypted quantum
states real soon.
Your browsing history may one day depend on
it, and I assume that history isn’t just
old episodes of Space Time.
We’d like to thank Audible for supporting
PBS.
Audible’s selection of audiobooks includes
Audible Originals, audio titles created by
storytellers from around the literary world.
For example, you can check out Bill Byrson’s
Application of science, where Bill tells the
story of scientific instruments that created the first
map of Britain and the device that measures
the temperature of the sea from space.
It’s an exciting narrative that explores
the importance of collaboration in the field
of scientific discovery.
Visit audible.com/spacetime OR text spacetime
to 500-500 to learn more.
Members own their books and can access them
anytime.
To learn more, visit audible.com/spacetime
OR text spacetime to 500-500.
Today we're covering comments from the last
two videos - our episode on the galaxy without
dark matter, and our coverage of the event
horizon telescope's black hole image.
Let's get to it.
AspLode asks about the interaction between
dark matter and black holes.
Do they interact?
Can dark matter form a black hole?
Well assuming that dark matter is some sort
of exotic particle - which is the going hypothesis
- then black holes would definitely attract
dark matter gravitationally, and occationally
eat the stuff.
But not too much of it.
One of dark matter's definig qualities is
that it doesn't clump together - it remains
diffusely spread out through our galaxy.
Occasional dark matter particles would be
snared by black holes - and they would add
to its mass just like regular matter.
But dark matter alone could never clump together
densely enough to produce a black hole by
itself.
Munrais asks whether putting radio telescopes around the sun would improve the resolution of an interferometer.
Hell yeah it would.
The minimum resolvable distance is inversely
proportional to the separation of the antennas.
Tommy Barlow states that nor the event horizon,
nor anything near it, was imaged.
Yeah, That's right.
The event horizon is invisible.
But the telescope DID resolve down to the
size of the event horizon.
What was imaged was light escaping from the
photon sphere that was produced a the magnetically
driven jet.
That's probably around 5 times larger than
the event horizon, in the case of this quasar.
But seriously, the "light from outside the
event horizon because we can't actually see
the event horizon telescope" doesn't have
such a nice ring to it.
The Inebriati logs the following: Day 37,736:
Einstein still appears to be right about general relativity.
I know, right?
At what point do we just give up trying to
disprove the old man and just settle for the
fact that it's probably all right?
Answer: never.
That's not how science works.
Still - nice run, Albert.
Belodri writes from Austria to inform us that
their phone ring is now me saying Zwicky.
Belodri, please notify us if you're ever coming
to New York so I can not leave the house.
Randomly hearing that while walking down the
street would creep me out too much.
