Assessing Vulnerability of Quantum Systems Against Arbitrary Unauthorized Listeners

The following is a brief blogpost about my paper that appeared in Physical Review A: https://journals.aps.org/pra/abstract/10.1103/PhysRevA.109.022608

This paper presents a new way to test the vulnerability of quantum computing and communication systems when we do not know the intentions of unauthorized listeners.

When using quantum communication or computing systems, classical data must be encoded into states of quantum systems, such as polarization of photons. These quantum systems often interact with the environment – anything that resides outside the intended quantum system – which causes encoded data leaks into the environment. Therefore, an eavesdropper – an unauthorized listener – can access parts of the encoded data by monitoring the environment.

To test the vulnerability of quantum computing and communication systems, we must measure the amount of information that is leaked to an eavesdropper. For instance, in quantum wiretap, we maximize the amount of information transmitted to an intended user while restricting the amount of information leaked to an eavesdropper.

Current measures of information leakage assume that the eavesdropper is interested in extracting the entirety of the data encoded in the quantum system. Whilst this may be the case, the eavesdropper might attempt to extract as much information as possible (fishing expedition) or might be interested in estimating subsets of the data (e.g., whether someone has a particular disease in contrast to wanting their entire health record). If we impose strong assumptions on the eavesdropper, we might miss some security holes by unintentionally excluding eavesdroppers that use them. This is akin to underestimating our enemy, which is never a good strategy.

In this paper, we develop a measure of information leakage that searches for any piece of information that the eavesdropper can reliably extract from the quantum system. This is referred to as maximal quantum leakage – finding the maximum amount of information that can be gained – which enables us to hypothetically understand the worst damage that an eavesdropper can be inflict. On this basis, we can assess and strengthen security and privacy of quantum systems.