Fear and Loathing in Quantum Crypto

It's not often that I get to be a physics geek in this job, but I was lucky enough to be able to attend a workshop on quantum cryptography and quantum computing set up by the BCS Security Forum. This has been a subject lurking in my peripheral vision for a long time, and I've always had this question lurking in my mind: "Is it me, or is this quantum stuff a load of tosh?".

The short answer is basically 'yes', but with a future option on 'no'. It all boils down to how frightened I can make you.

Anyone using conventional encryption is doomed...DOOMED I TELL YOU!. This is the story that cryptographers tell around the camp fire with the torch under their chin. The simple fact is this: Philosophically speaking, current techniques are not provably secure. If some bright spark comes along and points out how to easily break conventional encryption, then anything depending on it will collapse. That includes finance, commerce in general, and most of government. If you worry about meteorites wiping out humanity, or global killer viruses, then this is something to add to your fears.

Quantum Computing is a candidate to bring about such a cryptographic armageddon. A quantum computer is a device that uses quantum mechanical properties to process information; a 'qbit' being a physical element with such properties, e.g. a single atom. The short and simple version is that by connecting these together (and creating a quantum entanglement), you can build a system that effectively explores many different possibilities and pathways at the same time. There are ways of using these properties to, for example, find the factors of large numbers. Conventional computers find this extremely hard by comparison. That is important, as the security of most encryption relies on the fact that factoring large numbers is extremely hard to do.

Of course, if we knew with any certainty that quantum computers would do this we should be worrying. We don't; nobody knows what Quantum Computers will really do. The most recent research has built one that managed to factor the number 15 (3 and 5 apparently - who knew?) which is not really a threat to anything. We don't know how they will scale, we don't know how well they will work if they do. We don't even know if someone else knows and hasn't told anyone (DOOMED I TELL YOU!!).

So it would be nice to have some kind of backup plan really, and one possible candidate is Quantum Cryptography.

Quantum Cryptography usually describes what is more accurately referred to as Quantum Key Distribution (QKD). QKD enables you to exchange some random information with someone else, which you can then use as a key (like a password) to encrypt some further communication using more traditional methods. The nature of QKD means you cannot prevent someone from listening to your communication of the key, but the physical process means you can tell if a key is compromised; it gives you confidence that a key exchange that was successful was not monitored. It's also not so much a key exchange as a generation of the same random (and 'proper' random) output at either end of the connection. The key can then be used to run a more conventional encryption algorithm, or as a One Time Pad, which is - if used properly - a provably unbreakable way of passing information securely.

QKD used properly, combined with one-time-pad techniques (also used properly) will create a system that has some unique properties that are not susceptible to quantum computing attacks. In fact, because they rely on some physical processes and mathematically-provably-secure processes to ensure secrecy, they have a better garauntee of future-proof security than conventional methods. New physics or some kind of inconceivable fundamental changes to mathematics would be required to break this. To be fair, it's still early days, and I am not claiming to have plumbed the depths of this topic, but the word on the street is that there is a good basis for regarding QKD as 'secure'.

There are some 'minor' restrictions on the use of QKD. You can either use a single uninterrupted, unamplified dedicated 'dark' optical fibre up to around 100km long, or you can go slightly further in free space with line of sight. Experiments that took place from the Canary Islands to the Balearics have reached 144km. No doubt the most sophisticated, secure and expensive exchange along the lines of "How's the weather?", "Really great, thanks for asking" in all of history. Running a dedicated dark fibre any distance is rather expensive, as that same fibre could be used to send Terabytes per second of normal data flows. Line of sight laser communications are also not the most convenient thing in the world. Updating encryption keys for satellites is a potentially useful application, but not many people run their own satellite. 'Recharging' a store of shared key on your mobile phone wirelessly from an ATM is another interesting - if currently rather far fetched - potential app that could be useful in a global infrastructure based upon this technology.

So the summary for quantum computing and quantum cryptography is that we just don't know what they will mean in the long term. And that, for research scientists, is the good stuff. We absolutely should be looking at this, because we may find out all sorts of interesting things. We might also bring about the collapse of civilisation as we know it, but hey, at least we are unlikely to produce dragons.

So coming back to the real world for a moment, those who are responsible for the systems without which our civilisation will collapse should keep an eye on this and have a backup plan ready. For everyone else, which is most of us, the best thing we can do is forget about quantum and make sure we don't leave our laptop in the back of a cab.

Comments (5)

Leave Comment
  • 1
    JHD wrote on 16th Oct 2009

    Forgive my stupidity, but how do "experiments that took place from the Canary Islands to the Balearics [reach] 144km". My map shows it as distinctly further.

    Report Comment

  • 2
    Matthew Pemble wrote on 16th Oct 2009

    "That is important, as the security of most encryption relies on the fact that factoring large numbers is extremely hard to do."

    Not symmetric encryption, IIRC? Factorisation and other "trapdoor" problems are key to some, admittedly the most common, variants of asymmetric crypto.

    Which brings us back to one of the core fundamentals of encryption process design - key distribution. You don't need a one-time pad - in fact, you don't actually want one as you then need as much key material as you have data to transmit. Much more sensible to use a reliable algorithm and, if you are suitably paranoid, change your keys regularly.

    Report Comment

  • 3
    Pete wrote on 17th Oct 2009

    Encryption attempts to solve a problem that exists under traditional laws of physics. The problems that we are attempting to solve through encryption probably won't exist because we'll have much better ways of working.

    Report Comment

  • 4
    David Evans wrote on 19th Oct 2009

    The points I was making were more non-specific; conventional ciphers may or may not be susceptible to quantum computing, but unless a conventional technique is provably secure there is always uncertainty. Using a provably secure method - i.e. a OTP - and a physically secure key distribution - i.e. QKD - gives a new level of provability to the system. Whether that is useful really depends on the level of paranoia, or the risks associated with the information you wish to protect. However, the every day risks are clearly more to do with the mundane reasons why total systems are hard to secure rather than because of quantum...

    Report Comment

  • 5
    Passing Wind wrote on 23rd Oct 2009

    Semantic encryption is the solution. The cypher text makes complete sense as sent, and makes (different) sense when decrypted with any key. Only when the correct key is used does it makes the sense intended. An interceptor cannot know when or whether a trial key breaks the code.
    Many enterprises make a good living out of the market generated by encryption algorithms that can never work properly. Forgive the pseudonym, but they may have to kill me for telling you this.

    Report Comment

Post a comment

About the author

Thoughts on membership, the profession, and the occasional pseudo-random topic from the BCS Policy and Community Director.

See all posts by David Evans

Search this blog

October 2017