Quantum Malware: Hacking Quantum Dense Coding

The next revolution in information and communications technologies (ICTs) will come from a development of a Quantum Internet (QI), integrating quantum communications and quantum artificial intelligence (QAI), with companies and states cooperating and competing on a strategic advantage over the development of quantum technologies: the race for quantum supremacy. The development of an artificially intelligent quantum world wide web may produce a new civilizational jump, greater than the Fourth Industrial Revolution.

In terms of foreseeable quantum technologies integration scenario, the most probable one is an accelerated integration of quantum computation and quantum communications in a hybrid quantum/classical infrastructure, until a full transition is achieved, as the research on nanotechnology and biotechnology is synergized with the research on quantum technologies, cloud and edge computing, quantum biology and open quantum systems, from the moment in which the full transition is achieved, quantum technologies will become the disruptive driver of the above-mentioned civilizational transition.

In this context, and given the accelerating pace of innovation in quantum technologies, the issue of quantum cybersecurity becomes an urgent point, an area of scientific and technological research that may begin with military applications, but then will progressively become integrated with the Internet of Things (IoT), and the Artificial Intelligence of Things (AIoT).

By the time in which a full-blown QI is achieved, the cyber-physical-cognitive (CPC) revolution, that characterizes the Fourth Industrial Revolution, will be well underway, which means that an advanced QI will be integrated within a smart world wide web, where nanotechnology, biotechnology and quantum technologies will intermix and reinforce each other.

This future is exponentially near, we are already using nanotechnology and biotechnological hybridization to expand computing, companies and states are already in a race for the development of quantum technologies, a race where China has officially established landmarks in regards to quantum communications, but, at the black budget advanced research level, we cannot know how far ahead countries like the USA or Russia currently are, an arms race involves some secrecy, and there is a certain tradition to assure a strategic advantage first at a classified level before official disclosure.

Also, at the level of quantum biology, the occurrence of quantum dynamics in biological systems may offer a way for the development of new directions into quantum technologies and open quantum computation.

From a computer science standpoint, a reflection on cybersecurity within the context of quantum computation and communications is, thus, becoming urgent.

In previous articles for this blog, we addressed quantum hacking games, which may form the future of hacking in the context of a quantum technological infrastructure. In this article, we take this a step further, providing an example of a quantum malware attack that is intended to disrupt quantum dense coding, and we simulate the attack using IBM’s Quantum Computers.

The context of the current article's problem is set in a future scenario, characterized by a sufficiently advanced quantum technological setting, where a person’s interface with quantum technologies involves a standard high-level user interface, under which that person’s interaction and commands are automatically encoded into quantum “machine language”, which involves an automated translation of a person’s interaction patterns and intended actions into qubits and quantum circuits. In this scenario if a person’s systems have been hacked with installed quantum malware, this may lead to a corruption of the interaction with the quantum computational and communicational infrastructure, without that person realizing it.

From a hacker’s standpoint this is not about eavesdropping on a quantum communications channel, but rather about installing malware that can disrupt quantum communications. The malware, in this case, has a translation to quantum operations that are automatically performed without the user realizing it. Like a classical computer virus that can corrupt a system’s function, the quantum malware becomes the next frontier in hacking when faced with a quantum computational and communicational infrastructure.

In this blog post, we take a step further into our research and production of educational materials for this next frontier of cybersecurity and hacking and show an example of a quantum malware that attacks the quantum dense coding protocol.

The Jupyter notebook for the current article is available at our “Quantum Cybersecurity” research project Github page: https://github.com/cpgoncalves/Quantum-Cybersecurity under the Jupyter file named “DenseCodingHack”.

Quantum dense coding uses entanglement and quantum interference to allow Alice to communicate two classical bits to Bob, sending only one qubit. In this case, Alice and Bob begin by sharing a Bell pair:

Even though Alice and Bob may be physically separated, their qubits are entangled. We assume, in the representation above, that Alice’s qubit comes second and Bob’s qubit comes first.

Depending upon the message that Alice wants to send, a number of different local operations may be implemented on her end, there are four possible algorithms for Alice’s quantum automated communication system, after automatically applying these local operations, Alice’s terminal sends Alice's qubit to Bob whose, also automated, system will then apply a controlled NOT (CNOT) gate, conditioned on Alice’s qubit, followed by the Haddamard transform, applied to the qubit received from Alice’s system, then Bob’s terminal will measure both his qubit and Alice’s and read the result.

Now, as stated, we assume, for the sake of our quantum cybersecurity scenario, that Alice and Bob are in a future where quantum computation and quantum communications have become sufficiently developed so that there is an automation of the translation of high-level instructions to the (quantum) machine language, what we mean by this is that Alice just types in the message (one of four possible messages, in this case) that she wants to send Bob and this gets automatically translated into one of four bit strings {00,01,10,11} which is then transferred to one of four corresponding sequence of quantum operations that will lead to the desired result under the established quantum dense coding communication protocol.

Bob, on his end, will also have the process automated so that neither Alice nor Bob are looking at the actual contents of the quantum circuit. Furthermore, we assume that Bob is not actually looking at the message in bits, namely, the bit string activates some automated system on Bob’s end that will respond and interact with Bob in accordance with Alice’s message. We are not addressing the specific messages that Alice may be sending, to keep things general, thus, we just assume that Alice sends one of four messages, and that the system automatically differentiates between one of these four messages using the classical bit strings in the set {00,01,10,11}, the translation on Bob's end from these bit strings to actual high-level messages are not also being addressed here, we will however discuss the issue of the uncovering of the hack, if that hack occurs, further on.

Considering the standard quantum dense coding without the hack, in the general scenario under analysis, the adaptive quantum circuit composition is fully automated and is like a black box for both Alice and Bob, who are like standard users that know nothing about the actual workings of quantum computation nor do they care about it, all they know is how to interact with the high-level interface not looking "under the hood".

The above is a very important point, we are assuming an advanced stage of automation and integration of CPC-systems with quantum communications' infrastructures, in such a way that the people in the communication circuit are not quantum experts and the whole quantum infrastructure works in the background. This will be key to illustrate the dangers and effectiveness of quantum malware, since Alice and Bob may think that their automated systems are working and it may take a while for them to realize that something is wrong.

Let us, then, simulate the process for each pattern without the malware and with the malware, showing the equations and then the results from running the simulations on IBM’s quantum computers for a few examples.

If Alice types in on her terminal the message that is represented by a string 00, then, the automated quantum communications' system just sends Alice’s qubit to Bob, whose terminal automatically applies a CNOT gate, using Alice’s qubit as the control, and then performs a Haddamard transform on Alice’s qubit, assuming, in the formal Dirac bra-ket representation, that Bob’s qubit is the first and Alice is the second we get:

In the first step, under the CNOT gate, Bob’s qubit remains unchanged in the branch where Alice’s qubit is |0> and is flipped in the case where Alice’s qubit is |1>, thus, given the entanglement pattern, this leads Bob’s qubit to |0> in both branches and Alice’s qubit to the symmetric superposition |+>, now, by applying the Haddamard transform on Alice’s qubit, there is a wavelike destructive interference for the alternative where Alice’s qubit is |1> and a constructive interference for the alternative where Alice’s qubit is |0>, leading to the final configuration |00> which is measured at Bob’s end, producing the intended result.

The circuit, for the above communication dynamics, to be simulated on IBM’s quantum computers, has the following structure:

The section before the first barrier corresponds to the preparation stage of the entangled pair. The section between the first and second barrier corresponds to Bob’s automated operations.

In an 8192 runs’ simulation using the quantum device 'ibmq_london', we got the following result.

As expected, the string 00 is the dominant pattern with a relative frequency of 0.959. Deviations from this pattern result from noise. One possibility for dealing with this noise is, of course, redundancy, in that the communication circuit is run multiple times and then one uses a criterion such as taking, for instance, the solution that has more than 80% relative frequency, which in this case would be 00.

Now, let us assume that Eve has installed malware on Alice’s system, and that whenever the automated command is sent on Alice’s end to send the qubit to Bob’s system, a Z gate is automatically applied to Alice’s qubit, a transformation that is applied for all the cases of hacked dense coding (we will discuss this point further on), then, the entangled configuration, resulting from the quantum malware attack, is:

Now, when Alice’s automated system sends the qubit and Bob’s system applies the usual protocol we get:

The consequence of Eve’s malware was to change the pattern of wave-like interference on Alice’s qubit, now the destructive interference happens for the alternative |0> and the constructive interference happens for the alternative |1>, which leads to the final configuration |01> to be measured, instead of the correct configuration |00>.

The corresponding circuit that simulates this dynamics on IBM’s quantum computers is:

Again, before the first barrier we have the preparation of the Bell pair, then is Eve’s hack, followed by Bob’s automated transformations.

If we run this circuit on the actual quantum device 'ibmq_london', with 8192 runs, we get the following results.

The results show the consequence of the quantum malware, now the dominant frequency is 01 and not 00.

Now, for the case with no malware and in which Alice’s alternative message corresponds to the bit string alternative 10 instead of 00, then, Alice and Bob’s automated protocol to be simulated in IBM’s quantum computers is given by:

In this case, considering the process from the Bell pair forward (that is after the entangled pair preparation stage), the protocol is such that Alice’s automated process first applies the X gate, which transforms the Bell pair into the following configuration:

Then Alice’s automated process sends her qubit to Bob’s system, which applies the same operations as before, leading to the sequence:

Simulating on IBM’s 'ibmq_london', with 8192 runs, we get the following results.

Which shows that the dominant result with 0.882 relative frequency is 10, the correct result.

Now, again, if the quantum malware is activated, Eve’s scheme is such that whatever the bit string that is to be obtained at the end of the quantum dense coding protocol, the malware always performs a Z gate transformation on Alice’s qubit before it is sent to Bob, that is, at the end of Alice’s automated operations, this change in the circuit always happens without Alice and Bob knowing about it. In this case, when Alice wants to send the message encoded as 10, we get the hacked automated sequence at Alice’s endpoint:

Now, when, at Bob’s endpoint, the usual automated sequence of transformations is performed, but in this case we get:

That is, instead of 10 Bob’s system receives 11.

If we simulate the protocol with the malware in IBM’s quantum computers we get, as expected, the result 11 as the dominant one, as the following figure shows.

In the Jupyter notebook “DenseCodingHack”, available at the quantum cybersecurity project's homepage https://github.com/cpgoncalves/Quantum-Cybersecurity, the implementation of the Qiskit functions for running this hacking game are shown and implemented for each of the four strings {00,01,10,11}. In each case, Eve’s malware scheme is always the same, the malware always applies a Z gate at the end of Alice’s computation, which means that Eve does not need to measure Alice’s qubit to compromise the communication protocol, she just has to perform a basic unitary operation to compromise the protocol.

Considering the notebook, and the above argument, we get an insight into a major cybersecurity issue, as quantum communications become integrated into the Internet, as quantum computation becomes accessible through remote access and as increasing budget and research is poured into the development of a quantum computational and communicational infrastructure, combining QAI, automation and communication protocols, the interface with this quantum infrastructure will not be one in which a person directly programs the quantum circuits, rather, a high-level interaction will necessarily be put in place, making it accessible for any person to use standard applications, including communication solutions, without caring about the underlying quantum implementation.

The users of future quantum technologies will not be seeing the translation from their high-level interaction with devices to the quantum machine language, which implies an automation process that bridges the user interface to the adaptive quantum circuit design using, for instance, Python programming integrated with Qiskit, the above referred Jupyter notebook constitutes a good example of the first steps in this direction.

Hackers who are trained in quantum computation and communications may design malware that is targeted at the automated bridge between the user interface and adaptive quantum circuit design for running things on the quantum substrate, it is at this level that quantum malware enters into play, in the sense that a hacker may target the automated bridge and change the circuit design response with specific quantum gate sequences that may disrupt the results of quantum computations and communications, depending on the type of applications, the users may realize what has happened immediately or may take some time realizing it, which can have disruptive effects.

In this sense, when developing quantum algorithms, we need to be aware of the hacking possibility and search for ways to hack a quantum algorithm, also searching for ways to counter a quantum cyberattack.