The quantum cryptography arms race has begun

Quantum computing may be taking its time to arrive, but when it does, encryption won't be the same again

I've been fascinated by quantum computing and quantum cryptography for many years. Quantum computing promises to give us much faster computers, while quantum cryptography promises unbreakable crypto.

While the theory of quantum computing has been around since the early 1980s, creating widely usable quantum computers and systems has proven devilishly difficult. Scientists make incremental improvements every year and promise usable quantum systems in a decade's time. The barriers are both technical and market-driven.

[ Quantum cryptography is the last, best defense | Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Quantum obstacles
On the technical side, quantum computers are still fairly crude. No one has come remotely close to building a quantum computer that is as fast as a traditional, binary computer.

Quantum computers work using computation units known as quantum bits (qubits), which can represent a multitude of states, whereas traditional computers work on binary circuits, which only have two states (0 or 1). Very basic computers made up of only a few or handful of qubits have been demonstrated, although Google is working with D-Wave Systems to produce a quantum computer with 512 qubits.

Another problem is the cost. Anything with the name "quantum" attached has been traditionally very expensive to create and involves very large, specialized equipment. On top of this, most of the world doesn't seem to think it yet needs quantum computers. Crypto giant Bruce Schneier said as much (and more) in his infamous 2008 post on the topic. Bruce correctly stated that the weakest part of any existing crypto system is not the cryptography ciphers, but everything around it.

When quantum computing really gets going, it will probably create a security crater with existing traditional public key ciphers. You see, most of today's public key cryptography (Diffie-Hellman, RSA, ECC, and so on) protects users only because large prime numbers are very hard to factor (known as the discrete logarithm problem). Most quantum scientists believe that quantum computers will be able to quickly factor large prime numbers.

When this happens, every enciphered communication's pathway that depends on public key encryption for its protection will be broken. To be clear, quantum computers can best break public (asymmetric) ciphers that rely on the discrete logarithm problem. It can't as easily break traditional symmetric ciphers, such as AES. But asymmetric ciphers are most often used to pass around the (the supposedly secret) symmetric keys. By breaking the asymmetric cipher, the secret key becomes public.

When quantum computers finally break traditional asymmetric ciphers (assuming this hasn't been done already), one of the best protections will be quantum encryption. Other ciphers might be as resilient against quantum cipher hacking, but quantum's "fuzzy entanglement" property offers an awesome defense: If an unauthorized party observes the protected data while it's being transmitted, the photon pairs change in such a way as to make the protected message still unreadable, and the authorized parties will know that an unauthorized attempt was made.

If this sounds implausible, bone up on your quantum mechanics. It will blow your mind and hurt your head.

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)