To boldly go where no hacker can follow

3D starships Alan Woodward, chief technology officer, Charteris, examines the relatively new phenomenon of quantum cryptography, an ultra-powerful computer security methodology with parallels to Star Trek technology.

In Star Trek, photon torpedoes were the last resort when Captain Kirk and his crew were grappling with an enemy ship that had resisted even the Starship Enterprise's phasers.

Today, in the relentless and deadly battle against computer hackers, photon technology is being used to create a level of computer security that could finally lead to hackers giving up, and, perhaps, confining their activities to watching Star Trek reruns on UK Gold.

These exciting new developments are made possible by the German physicist Werner Heisenberg's famous Uncertainty Principle. This states that it's impossible to make a perfectly accurate simultaneous measurement of the position and velocity of an object, even in theory, because the very act of measurement will to some extent distort what you are measuring.

In nuclear physics and quantum mechanics, which both deal with sub-atomic particles, the Uncertainty Principle in hugely important as the uncertainties it implies are large in relation to the things being measured. But where large objects are concerned, the Uncertainty Principle isn't generally significant because the things that are being measured are too big for the uncertainties to matter.

For example, it's easy to measure the position and speed of a car because the uncertainties are so small in relation to the size of the car that they are negligible. (For those of us caught in police speed traps it is another fundamental principle of physics - the Doppler Effect - that allows our speed to be determined.)

But the days when Heisenberg's Uncertainty Principle had no useful applications in everyday life are coming to an end.

Today, at a time when information technology security is more vitally important than it's ever been, a new IT security technique is rising to prominence that could easily stack the odds fairly and squarely against the eavesdropper, and eventually make communications security breaches a thing of the past.

The name of the game is quantum cryptography, which uses quantum mechanics to make communications totally secure.

Typically, using this technique, communications information is encoded into individual photons of light that then become subject to the Uncertainty Principle. In effect, the messages are encoded into the photons of light by giving each photon a different polarisation, rather like passing it through a different pair of Polaroid sunglasses depending on the 'state' you want it to have.

There are many powerful encryption methods available nowadays to guard computer installations and the communications between them. Perhaps the best-known method is the Advanced Encryption Standard (AES) which is very strong and unlikely ever to be cracked. But as with all other forms of strong encryption, the AES relies on a 'key' being passed between sender and recipient.

The problem with passing a key is that, in practice, keys can be read or - which may have even worse consequences - changed illicitly. Just as even the highest-security strong-room needs a door, so that authorised people can get in and out, with the door then inevitably becoming the prime point of vulnerability, so keys are the main vulnerable point in 'strong' encryption techniques.

But this problem of the key being the point of vulnerability doesn't apply if the keys are sent from the provider of the encryption system to the authorised recipient using quantum cryptography.

Traditional cryptography relies on the computational complexity of certain mathematical techniques (such as extracting the factors of very large numbers) to restrict the likelihood of eavesdroppers learning the contents of encrypted messages.

Quantum cryptography, on the other hand, relies on the fact that any unauthorised attempt at all to read the key will be detectable because the mere act by a third party of observing the key (the photons) will, under the principles of Heisenberg's Uncertainty Principle, disturb it and make the disturbance detectable.

The technology is configured so that the receiving party will instantly see the disturbance and will consequently know it cannot rely upon that portion of the key because that portion is no longer secure. The recipient will then alert the sender to change the key.

In practice, this all happens automatically - indeed, the detection and key change process itself takes place at the speed of light. The key can be changed practically instantaneously, meaning that the eavesdropper’s possession of it is pointless.

For the authorised participants in the message exchange, a combination of quantum and classical techniques is used to produce a key that can be proven to be secure. Because the message has been sent using quantum cryptography, the participants can be totally confident that the hidden key cannot have been read by any other than the intended participants. 

So what does this all mean? It means that quantum cryptography represents a massive advance in terms of security compared to conventional encryption techniques. Indeed, the advance is so massive that the day may come, and sooner rather than later, when not to use quantum cryptography for sending encryption keys may be unthinkable.

Why, as Heisenberg's Uncertainty Principle and his related quantum theory are not new, has quantum cryptography only now become viable?

The answer is that now, for the first time, we have the ability to measure the state of individual photons using equipment that will fit into a normal office rather than requiring the facilities of a large nuclear physics laboratory.

At present, the enormous benefits of quantum cryptography are still only available across fibre optic cables no longer than approximately 100 kilometres.

Quantum cryptography is consequently already available (say) for use across London and across other big cities. But its inter-city and international applications are still limited by the 100km rule. There is, however, every indication that this technological barrier will be overcome soon.

Now, with the technology at the point where it might soon achieve breakout into the mass market, you might want to consider exploring the potential of quantum cryptography for your own communications.

As Mr Spock might have said, not doing so would be illogical. Quantum cryptography really is the future of secure communications.

June 2007