Securing the Net – Quantum Cryptography

Since the early 2000s, private industries, government and defence agencies alike have been hiding behind the steel wall of encryption offered by the Advanced Encryption Standard, otherwise known as AES, a specification for encryption so secure a brute force attack, even by China’s Tianhe-2, the world’s fastest supercomputer, would be unable to break the cipher of AES256 encryption before the universe is to reach its eventual heat death. However, now there’s a new technology that could turn everything we have come to know about encryption on its head, and that technology is quantum cryptography, but before we get into that, a little more about encryption.

Encryption and cryptography is the process of encoding a message so that information, even if it has been intercepted, cannot be read by unauthorised parties. But how do they work? A great explanation comes from the team at Numberphile who explain that the system is akin to the bank providing you with a lock to store your sensitive data, but both the box and the key is held by the bank alone, so if someone steals your box or tries to open the lock, they will have no key. Imagine you wanted to share secret information with your bank. The keys are made up of two numbers, the first is an RSA number. These numbers are area known as ‘semi-primes’, which are numbers with exactly two prime factors (i.e. are divisible by two prime numbers, no more, no less). These RSA numbers are publicly available and can be accessed by anyone, but the second number is held only by the second party, the bank in this example, and is created by multiplying together two huge prime numbers.

To decode this key, the only practical system is to know the two prime numbers used.  If you don’t have these prime numbers, you will need to factorise this number, and that can take a very long time. So long in fact, that even the most power supercomputers would be unable to break the current level of encryption used by banks before the death of our universe!

So what’s the risk?

There’s a paradigm shift in computing on the horizon. A type of computer which does not abide standard ‘bits’, the ‘0’s and ‘1’s that the computers of today are built upon. These computers introduce the possibility of ‘qubits’ which not only accept these ‘1’s and ‘0’s, but also any possible superposition of these states.  These are quantum computers.

Our present day encryption methods rely upon the belief that a computer will have to carry out huge numbers of processes sequentially.  Each process should take a certain length of time to complete, and the number of processes that it’ll need to complete will take so long that cracking the key in this way becomes effectively impossible.

Quantum computers however do not need to carry out these processes in sequence. Instead, when posed with such a question, they consider all the possible answers simultaneously to arrive at the right answer in what is in essence one process, meaning that it could crack any conventional form of encryption in moments rather than millions of years.

So what can we do?

Fortunately, that same technology which threatens to render our current encryption obsolete also offers us a solution. Quantum Encryption makes use of the strange properties of qubits to create the key which is used to access private information, and these keys can be designed in the same way as our encryption is today, to take thousands if not millions of years for a quantum computer to be able to break the code.

Furthermore, a system for sharing these keys, known as ‘Quantum Key Distribution’ is in development, allowing for the key to be shared between two parties without a third party being able to know anything else about the key, even if the message is intercepted, by encoding the key as quantum data.

Quantum computing looks set to change our cyber security landscape and, I for one am hoping that we get the encryption right before the hackers create any exploits.  I think this technology will revolutionise how we keep our information secure, avoid the recent high-profile attacks repeating themselves and improve national security.

What are your thoughts? Leave a reply below or contact me by email.