When quantum computing finally lands, all encryption will be open -- unless you're protected with quantum cryptography Quantum computing has long confused and challenged the best of us. You can read only so many technical details before your head explodes. Yet it’s likely that usable quantum cryptography will be a fact of life within the decade — and that has huge ramifications.Most of today’s popular cipher algorithms (especially public/private key exchanges) work because the math involved is very difficult for conventional (nonquantum) computers to solve. Take some really big prime numbers, add, subtract, multiply, and divide them a bit (like you do with the RSA algorithm), and you quickly get a mathematical problem that is very hard to solve even with hundreds of billions of guesses.[ Build and deploy an effective line of defense against corporate intruders with InfoWorld’s Encryption Deep Dive PDF expert guide. Download it today! | For a quick, smart take on the news you’ll be talking about, check out InfoWorld TechBrief — subscribe today. ]But conventional cryptography would be rendered useless if someone either came up with a very, very speedy computer or learned a method to do the math exponentially faster than the methods we have today for solving crypto problems. Quantum computers are that solution — or problem, depending on how you see it. Quantum is not proven science yet Quantum physics (or mechanics) is a nearly proven field of physics that explains many natural phenomena that cannot be explained by traditional physics, which is often controlled by gravity. In quantum physics, a very tiny particle can be in two places at once, be a wave and a particle at the same time, and be the backbone behind time travel, string theory, and other seemingly far-out notions.At the same time, only the existence of quantum mechanics can explain how transistors, MRIs, and electron microscopes work. If you look at the underside of a CD-ROM and see the rainbow columns emanating from it, only quantum physics can explain it. It even befuddled Albert Einstein. Even though quantum physics has not been 100 percent proven, every experiment ever created to support it has succeeded, and every experiment to disprove it has failed.Quantum cryptography, which is based on quantum mechanics, works (or will work) because of quantum-based computers, which rely on the quantum properties of superposition and entanglement. Superposition means that a single particle exists at the same time in all of its possible states. Entanglement is the idea that once two particles have interacted, later on, even when separated, whatever you do to one impacts the other. Quantum computers are comingWhile many people, including many crypto experts, consider practical quantum computing impossible, certain companies are developing light-based quantum computers already, and you can buy quantum-based products today. Right now, the quantum computers built and demonstrated are very rudimentary. But their creators have shown they can work — that they can act as transport mechanisms — and they’re getting better each year. Quantum computers are likely to be very, very fast. Give them an insanely difficult math problem, and they should be able to solve it instantaneously.Quantum computers, when fully realized, will be able to crack most of the encrypted secrets of our lifetime — except for secrets protected by quantum ciphers. We’d better start thinking about encryption that’s resistant to quantum computers sooner rather than later. To protect our future secrets, we need quantum (or postquantum) encryption routines. There is a possibility that the most advanced cryptographers — such as the NSA — are already using quantum encryption. But if they’ve reached that bar and used quantum encryption beyond a few simple demonstration tests, it isn’t publicly known yet. An iron-clad solution — in theoryQuantum encryption works because if anyone tries to intercept the encrypted secret, the mere act of viewing the secret will change the secret. Not only does the invader fail to obtain the secret, but authorized people will know that someone tried to tamper with their secret. In other words, quantum encryption sounds pretty great.Unfortunately, the quantum encryption done so far has been very limited. We’re essentially waiting for quantum computers to mature enough for the practical applications to catch up with the theory, which is par for the course in physics even outside of quantum mechanics. Many people are already demonstrating that they can “crack” quantum-encrypted secrets. But here’s my biggest beef about quantum crypto: Today’s encryption isn’t even close to being the weakest link. Today, nearly any good hacker can break directly into any computer. Forget trying to hack encryption; hack the endpoint. Take all the secrets. Forget quanta, forget subatomic particles, entanglements, and wave theory. None of that means anything unless we do a better job protecting endpoints.This story, “Quantum cryptography is the last, best defense,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe