INNOVATE
Leveraging Quantum Cryptography for Online Voting
Opportunities and Challenges
The technologies that can be derived from the physics theory of quantum mechanics are both a threat to and an opportunity for online voting. On one hand, quantum computers are a threat because nowadays the majority of the properties that an online voting system has to meet are based on conventional cryptography. This includes the use of encryption for confidentiality and integrity, and digital signatures for authenticity. As demonstrated by Shor’s quantum algorithm, once quantum computers with a certain processing capacity are available, they will be able to break these cryptosystems, which base their security strength on mathematical properties that quantum computers will be able to easily solve. On the other hand, quantum random generators and quantum communications are an opportunity because they may provide more robust random numbers (which can be used to boost the security of encryption and digital signing primitives) and more secure communications (e.g. by conducting quantum key distribution).
Quantum computers
As we have already explained in a previous post, quantum computers represent data in a radically different form than the binary encoding used by conventional or “classical” computers.
There are several underlying theories to quantum physics, one of the most accepted is the superposition of states. According to Simon Singh, superpositionists argue that if we do not know what a particle is doing, then it is allowed to do everything possible simultaneously. There is a well-known experiment, called double-slit experiment, in which photons are sent through two slits. We do not know whether a photon passed through the left slit or the right slit, so we assume that it passed through both simultaneously. Each possibility is called a state, and because the photon fulfills both possibilities it is said to be in a superposition of states. This is illustrated in the parable of Schrödinger’s cat. It is this superposition of states that will give quantum computers the capacity to resolve complex problems that are unsolvable by classical computers.
Despite the fact that quantum computers will have a significant impact on cryptography, only a few fledgling quantum computers exist today — and their extremely limited capacity makes a pocket calculator seem like a supercomputer.
“We do not have serious quantum computers today, nor are we likely to have them soon. Time will pass. Eventually, probably, quantum computers will be developed by a few technologically advanced organizations. Only they will have the capability of using quantum cryptographic algorithms. Much more importantly, the rest of us will need cryptography that runs on conventional computers to protect us from the few quantum computers in existence. More time will pass. Eventually, maybe, quantum computers will become a bit more mainstream. Only then might quantum cryptographic algorithms possibly become useful.”
- Keith Martin, 2020
There are different estimates. For example, in 2016 the United States’ National Institute for Standards and Technology (NIST) estimated that quantum computers would be available in 20 years, that is: by 2036. More recent estimates by the EU Agency for Cybersecurity (ENISA) suggest that some threat agents could have quantum computers in the next five to 10 years.
Quantum mechanics and random number generation
Random numbers are extremely important in cryptography for key generation. According to Keith Martin, some of the best random number generations are based on quantum mechanics.
Random numbers are important in cryptography because they are used for encryption. As we have already explained, encryption is used to protect the secrecy of the vote: the more random the numbers are, the more difficult it is to break the encryption.
Quantum random number generators (QRNG) are based on certain physical phenomena that according to quantum mechanics cannot be predicted, e.g. noise generated in an electronic circuit by a photodiode, nuclear decay of some radiation source, photons traversing a semi-transparent mirror, etc. Several commercially available products exist, such as the Quantis QRNG PCIe.
Unfortunately, these quantum random generators are not intended for the general public, which means that for the time being this technology can only be used by the election servers in back-end operations: for the anonymization procedures, for server-side encryption, for protecting the communications, etc., but not yet for the encryption of the vote.
Quantum communications and key management
In turn, quantum key distribution (QKD) addresses the problem of establishing a common secret key in two different locations for conducting secure communications. This is conducted using a special quantum channel, which guarantees that an eavesdropper of the communication would be detected, and the process aborted. This is the main difference with classical cryptography, which already has secret key distribution mechanisms.
In the case of online voting, key exchange for establishing a secure connection between the voting server and the voting client (i.e., the devices used to cast the vote) is very important. Thus, online voting can benefit of this kind of technology. However, it must be taken into account that QKD require the use of specific hardware for this purpose and that, after establishing the key, the rest of the communication is based on classical cryptography (although this is not necessarily a problem, because symmetric encryption can still be used if the length of the key is increased accordingly).
There is no question that quantum mechanics and quantum computing will play an important role in the future of online voting, as both potential challenges and great benefits.
This article was written by Adrià Rodríguez Pérez, Public Policy Researcher, and Jordi Cucurull, Cryptography Researcher at Scytl.
