What is quantum cryptography? It’s no silver bullet, but could improve security

In the arms race between white and black hats, the infosec industry looks to quantum cryptography and quantum key distribution (QKD). That may be just part of the answer, however.

Quantum cryptography definition

Quantum cryptography, also called quantum encryption, applies principles of quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. It takes advantage of quantum’s multiple states, coupled with its "no change theory," which means it cannot be unknowingly interrupted. 

Performing these tasks requires a quantum computer, which have the immense computing power to encrypt and decrypt data. A quantum computer could quickly crack current public-key cryptography.

Why quantum cryptography is important

Companies and governments around the world are in a quantum arms race, the race to build the first usable quantum computer. The technology promises to make some kinds of computing problems much, much easier to solve than with today’s classical computers.

One of those problems is breaking certain types of encryption, particularly the methods used in today’s public key infrastructure (PKI), which underlies practically all of today’s online communications. “I’m certainly scared of what can be the result of quantum computing,” says Michael Morris, CEO at Topcoder, a global network of 1.4 million developers. Topcoder is part of Wipro, a global consulting organization. It’s also working on finding solutions to quantum computing programming challenges.

“Instead of solving one problem at a time, with quantum computing we can solve thousands of problems at the same processing speed, with the same processing power,” Morris says. “Things that would take hundreds of days today could take just hours on a quantum computer.”

The commercial quantum computers available today are still far from being able to do that. “The theories have advanced farther than the hardware,” says William Hurley, IEEE senior member, founder and CEO of Austin-based quantum computing company Strangeworks. “However, we shouldn’t wait for the hardware to motivate the switch to post-quantum cryptography.”

Who knows what kind of technology isn’t available on the public market, or is operated in secret by foreign governments? “My fear is that we won’t know that the quantum computer capable of doing this even exists until it’s done,” says Topcoder’s Morris. “My fear is that it happens before we know it’s there.”

Asymmetric versus symmetric encryption

Here’s how encryption works on “traditional” computers: Binary digits (0s and 1s) are systematically sent from one place to another and then deciphered with a symmetric (private) or asymmetric (public) key. Symmetric key ciphers like Advanced Encryption Standard (AES) use the same key for encrypting a message or file, while asymmetric ciphers like RSA use two linked keys — private and public. The public key is shared, but the private key is kept secret to decrypt the information.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!