Mathematician Anne Broadbent, cryptographer Carlisle Adams and software engineering student Sherry Wang joined forces to demonstrate a proof of concept for an approach to protecting password authentication in a quantum age. 

CMC Microsystems is a founding member of the IBM Quantum Hub at Université de Sherbrooke’s Institut quantique and has cloud-based access to IBM’s most advanced quantum computing systems.  CMC facilitated the research through the IBM Quantum Hub, and CMC’s team of quantum scientists helped refine the method used to test their idea about how to prevent adversaries from making copies of existing quantum software. “This was challenging because quantum computers are an experimental technology and careful configuration is needed to avoid and mitigate errors. CMC provided excellent advice and helped us extract useful results” says Wang. 

“It was much harder than we expected. There was a lot of noise,” she says. 

Conventional computers use bits (binary logic) that are either a 1 or a 0 to do computations or store data. Quantum computers harness the strange ways that tiny superconducting wires, photons or atoms behave when operated in the quantum realm. This includes being in a superposition of different states  and in an entangled state. The result is computing power that cannot be matched by classical machines. For example, in 2019, Google claimed its quantum computer was 100 million times faster than the world’s fastest supercomputer. https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html 

Broadbent is a theorist whose research agenda is focused on how quantum information can’t be copied.  When she was discussing her work with Adams, an expert in cryptography and security, they realized this “uncloneability” could help stop quantum hackers. 

‘This was challenging because quantum computers are an experimental technology. CMC provided excellent advice and helped us extract useful results’

Currently, websites have a file that holds the hash values, or cryptographically protected fingerprints of the passwords for all the users who can login. That’s where the attackers go, says Adams. 

“They get a copy of the password file, and they try various passwords to see if they can match any of them. If they are successful, they can become that user. But it depends on them actually getting a copy of the password file.” 

Two-factor authentication protects companies and consumers today because if attackers obtain a copy of the password file, they still need to the know the other factor to impersonate the user.  But looking to the future, in a world where attackers have access to quantum computers, quantum copy protection could prevent adversaries from copying password files, they say.  In other words, if your bank has a quantum computer, it should be able to stop attackers from copying password files.   

The team sees their work as an early step to address gaps in security methodologies in quantum computing. 

Wang was an undergraduate student when she began the project and is now completing her Master’s degree.  She presented their paper at the IEEE Conference on Quantum Computing and Engineering last year, and it was published in the proceedings of the conference.  

Broadbent estimates there are only a few dozen quantum computers around the world, but that 10 years from now, they will be more widely available. 

“The security issues are pretty urgent,” says Adams. 

To learn more, see the full paper here: 

Sherry Wang, Carlisle Adams and Anne Broadbent, “Password authentication schemes on a quantum computer” 

https://ieeexplore.ieee.org/document/9605295

February 2022

Photo: ^© Anne Broadbent