Quantum cryptography is the last, best defense

Quantum computing has long confused and challenged the best of us. You can read only so many technical details before your head explodes. Yet it’s likely that usable quantum cryptography will be a fact of life within the decade — and that has huge ramifications.

Most of today’s popular cipher algorithms (especially public/private key exchanges) work because the math involved is very difficult for conventional (nonquantum) computers to solve. Take some really big prime numbers, add, subtract, multiply, and divide them a bit (like you do with the RSA algorithm), and you quickly get a mathematical problem that is very hard to solve even with hundreds of billions of guesses.

[ Build and deploy an effective line of defense against corporate intruders with InfoWorld’s Encryption Deep Dive PDF expert guide. Download it today! | For a quick, smart take on the news you’ll be talking about, check out InfoWorld TechBrief — subscribe today. ]

But conventional cryptography would be rendered useless if someone either came up with a very, very speedy computer or learned a method to do the math exponentially faster than the methods we have today for solving crypto problems.

Quantum computers are that solution — or problem, depending on how you see it.

Quantum is not proven science yet

Quantum physics (or mechanics) is a nearly proven field of physics that explains many natural phenomena that cannot be explained by traditional physics, which is often controlled by gravity. In quantum physics, a very tiny particle can be in two places at once, be a wave and a particle at the same time, and be the backbone behind time travel, string theory, and other seemingly far-out notions.

At the same time, only the existence of quantum mechanics can explain how transistors, MRIs, and electron microscopes work. If you look at the underside of a CD-ROM and see the rainbow columns emanating from it, only quantum physics can explain it. It even befuddled Albert Einstein. Even though quantum physics has not been 100 percent proven, every experiment ever created to support it has succeeded, and every experiment to disprove it has failed.

Quantum cryptography, which is based on quantum mechanics, works (or will work) because of quantum-based computers, which rely on the quantum properties of superposition and entanglement. Superposition means that a single particle exists at the same time in all of its possible states. Entanglement is the idea that once two particles have interacted, later on, even when separated, whatever you do to one impacts the other.

Quantum computers are coming

While many people, including many crypto experts, consider practical quantum computing impossible, certain companies are developing light-based quantum computers already, and you can buy quantum-based products today. Right now, the quantum computers built and demonstrated are very rudimentary. But their creators have shown they can work — that they can act as transport mechanisms — and they’re getting better each year. Quantum computers are likely to be very, very fast. Give them an insanely difficult math problem, and they should be able to solve it instantaneously.

Quantum computers, when fully realized, will be able to crack most of the encrypted secrets of our lifetime — except for secrets protected by quantum ciphers. We’d better start thinking about encryption that’s resistant to quantum computers sooner rather than later.

To protect our future secrets, we need quantum (or postquantum) encryption routines. There is a possibility that the most advanced cryptographers — such as the NSA — are already using quantum encryption. But if they’ve reached that bar and used quantum encryption beyond a few simple demonstration tests, it isn’t publicly known yet.

An iron-clad solution — in theory

Quantum encryption works because if anyone tries to intercept the encrypted secret, the mere act of viewing the secret will change the secret. Not only does the invader fail to obtain the secret, but authorized people will know that someone tried to tamper with their secret. In other words, quantum encryption sounds pretty great.

Unfortunately, the quantum encryption done so far has been very limited. We’re essentially waiting for quantum computers to mature enough for the practical applications to catch up with the theory, which is par for the course in physics even outside of quantum mechanics. Many people are already demonstrating that they can “crack” quantum-encrypted secrets.

But here’s my biggest beef about quantum crypto: Today’s encryption isn’t even close to being the weakest link. Today, nearly any good hacker can break directly into any computer. Forget trying to hack encryption; hack the endpoint. Take all the secrets. Forget quanta, forget subatomic particles, entanglements, and wave theory. None of that means anything unless we do a better job protecting endpoints.

This story, “Quantum cryptography is the last, best defense,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.