How quantum technologies are making our everyday lives safer

Digital payment systems - from credit cards to contactless payment in the supermarket (via NFC) to online banking - have replaced or at least supplemented physical cash in many areas of our daily lives. Similar to banknotes and coins, digital payments should be unique, forgery-proof and untraceable. However, new security threats are emerging in digital payments - such as targeted attacks on accounts or problems with data protection. For example, there is a significant threat when customers interact with untrustworthy or even malicious merchants, or when hackers eavesdrop on data transmissions between customers, merchants and payment service providers.
To guarantee the security and validity of a financial transaction, data is secured by encryption, randomised tokens or a so-called "cryptogram" (see below). The security of current cryptographic procedures is based on computationally intensive mathematical problems (computational security). However, these codes could be cracked by very powerful computers or, in the future, by quantum computers. Attempts are therefore being made to replace classical cryptography with an absolutely forgery-proof procedure - and this is where modern quantum technologies come into play.

In recent years, pilot experiments have proven that certain quantum properties of light particles (photons) enable absolutely tap-proof communication (information-theoretic security). This is based in particular on the fact that quantum states cannot be copied (no-cloning) and that measurements change a quantum state.
These properties were also used in the work of the Austrian Nobel Prize winner in physics Anton Zeilinger, who had already shown 25 years ago that quantum physical properties of individual light particles can be used for the transmission of confidential messages.
The technology based on these quantum effects for generating and distributing highly secure keys for tap-proof communication is now called Quantum Key Distribution (QKD). This QKD technology uses photons (light particles) and is already being used today over hundreds of kilometres of fibre optic cables and even via satellites. Researchers at the AIT Austrian Institute of Technology have been involved in Zeilinger's experiments from the beginning, have developed the technical equipment for quantum cryptography as well as the necessary software, and are organising large research networks to establish European quantum communication - an important contribution to Europe's data sovereignty. Over the years, AIT has built an international reputation as a specialist in both terrestrial and satellite-based quantum cryptography and as a coordinator of major European projects, and has now established itself in the EU as an important industrialisation player for European high-tech industry. AIT is a leading stakeholder for the miniaturisation of quantum cryptography technology (QKD) to chip size and for the development of concrete IT applications.

To ensure that this modern encryption technology can also be used effectively in specific applications, such as in the financial sector to secure financial transactions, a Viennese consortium of researchers from the University of Vienna, the Christian Doppler Laboratory for Photonic Quantum Computing and the AIT as the European Centre of Excellence for Quantum Encryption has now developed and practically tested a special quantum encryption method for digital payments. They recently reported this in the renowned online journal "Nature Communications" (2023, 14: 3849; online 29.6.2023).
"Quantum technology has the potential to protect even against infinite computing power and attacks by future quantum computers", the authors of the paper, among them the two AIT researchers Marie-Christine Slater (Röhsner) and Alessandro Trenti, explain. They used results from European research programmes, including the Horizon Europe project QSNP (Quantum Secure Networks Partnership) and the UNIQORN project (Affordable Quantum Communication for Everyone: Revolutionizing the Quantum Ecosystem from Fabrication to Application), which was led by the AIT as part of the EU Quantum Flagship Programme.
"In the framework of the UNIQORN project, we were able to demonstrate in a real-world environment a novel system for quantum secured digital payments, This result clearly shows how such a use case relevant to society can benefit from the use of quantum technology," says Alessandro Trenti.

To make absolutely secure digital payments possible, classical cryptographic techniques have been replaced by a quantum protocol that uses single photons. In a classic digital payment transaction, customers provide the payment service provider with a classic code - the so-called "cryptogram". This is then passed on between customers, merchants and payment service providers. In the new quantum protocol, however, this cryptogram is generated with quantum technology by the payment service provider sending specially prepared single photons to the customer. These photons are measured for the payment process - this requires a single-photon detector on the customer's side. Since quantum states of light cannot be copied, the transaction can only be carried out once. This, and the fact that any deviation from the intended payment changes the measurement results checked by the payment service provider, makes this digital payment highly secure, even against attacks by (future) quantum computers.

In detail, it works like this (see also fig. 1):

Traditional digital payment transactions involve several steps:

• Customers set up an account with a bank or a credit card company (Trusted Token Provider / TTP).
• The customers authenticate themselves with the bank and request a cardholder token C, which the bank sends via a secure channel.
• The bank randomly generates a unique token P and sends it to the customers via a secure channel.
• The customer's device uses the stored secret token C, the public merchant ID and the payment token P to calculate a cryptogram using cryptographic methods - this is "computationally secure".
• The customers spend the cryptogram with the selected merchants. The merchants verify the cryptogram with the bank and accept or reject the transaction.

Highly secure digital payments based on quantum encryption and using QKD technology follow a slightly different principle (see Fig. 2) - taking into account that no communication channel is absolutely trustworthy and all parties involved, with the exception of the bank, could also act maliciously.

• Setting up an account with a bank must - as before - be done via an absolutely secure channel (e.g. in person).
• When a payment is made, the bank sends a series of quantum states to the customer's device (smartphone, computer, etc.).
• This measures the signal and converts it into a quantum-secure payment token (cryptogram) - this is "information-theoretically secure".
• The customer uses this token to pay the merchant, who then contacts the bank to verify the payment.
• If the payment is accepted, the bank transfers the money from the customer's account to the merchant's account.

The researchers have successfully implemented quantum-secured digital payments via an urban fibre-optic connection between two university buildings in Vienna's city centre. They were able to show that no transaction can be duplicated or diverted by malicious third parties and that the users' sensitive data remains private.
"For me, this project is a good example that quantum physics not only allows applications in theory that are classically impossible, but that these new technologies can also be implemented experimentally," says AIT researcher Marie-Christine Slater (Röhsner).

The new procedure for the secure processing of digital payments is the next example of how quantum technologies will find their way into more and more areas of daily life. This spring, a live demonstration involving AIT, the Ministry of Climate Protection (BMK) as an early adopter, and consortium partner X-Net Services GmbH showed concrete application scenarios for the protection of data communication: chat messages were encrypted using quantum technologies (QKD) in order to transmit this data in a tap-proof manner. Specifically, Désirée Ehlers (expert for key technologies at the BMK) transmitted her poem "D.E. TO P.S. (Désirée Ehlers to Peter Shor) in the form of a quantum-encrypted chat text, and Helmut Leopold (Head of the AIT Center for Digital Safety & Security) transmitted quantum-encrypted images that showed a comparison of the AIT's rapid development progress in quantum encryption technologies from 2017 to today.
This demonstration took place within the framework of the QCI-CAT project coordinated by AIT and funded by the EU and the national "Fonds Zukunft Österreich". The development activities around this communication infrastructure set up for test purposes as well as the technology evaluation of quantum encryption in interaction with commercial systems took place in the project "QKD4GOV - Securing Government Data Using Quantum-Secure Cryptography", which is funded by the Ministry of Finance and the FFG in the Austrian Security Research Programme KIRAS. The aim of the KIRAS project was to develop an encryption technology based on QKD for highly secure communication between authorities in the future and to set up a corresponding communication network between the Federal Chancellery (BKA) and several federal ministries.