Saturday, 20 June 2009

Quantum Secrets: A New Standard in Crytopgraphy?


Quantum cryptography has been a Holy Grail for security researchers since the idea was proposed, the promise of a new standard in absolutely unbreakable communications. But it's a new standard in the Microsoft sense: "Use our brilliant new system, because we're making sure the old one doesn't work anymore."

The most common security algorithm used online is RSA, an encryption system designed by MIT researchers Ron Rivest, Adi Shamir and Leonard Adlemen in 1977 (hence RSA, Rivest-Shamir-Adlemen). The idea is that any numerical code can be cracked, so rather than try to invent one that's unbreakable you settle for one that would take a really long time - everybody involved is dead because the sun has exploded five billion years later kind of long time. The system is scalable too - every time computers improve, you just make your RSA bit-string longer to exponentially increase the processing power needed to crack it before the user dies of old age.

That's where quantum computers come in. They operate using "qubits" which can be in every possible state at once - so an eight-qubit system could represent every possible 8 regular-bit piece of data. It still collapses into just one regular 8-bit state when you look at it, so the quantum nature of the data was just a mathematical oddity until MIT Professor Peter Shor came up with an algorithm that could access this "every possible state" property to crack the RSA problem. Since then the race to build a quantum computer has been running in earnest.

However, quantum mechanics also promises a replacement for the redundant RSA. Key codes can be transmitted in pairs of particles in such a way that they can't be copied, and these keys can then be used to make a truly uncrackable code. By uncopiable, we mean that the act of a spy even looking at the keycode will destroy it - and the receiver immediately knows to use a different one. This is known as Quantum Key Distribution (QKD), and an EU Initiative for "Secure Communication based on Quantum Cryptography" (SEQOQC) claims it will demonstrate a network-ready version of the technology this October in Vienna. You can be sure security experts worldwide will be paying close attention, as well as a couple of 00-agents and possibly Q.

But you have to be careful of the hype. While the theory of quantum communications promises absolute security, there's a lot of room between theory and actual practice for problems. Researchers at the University of Toronto have already demonstrated a successful spy-attack on a commercial QKD device, based on particular aspects of hardware not quite delivering the idealized situation. Because you'll always have people messing things up. Remember - you can use the very basic physics of the universe to transmit an absolutely secure code around the globe, but you can't stop the person at the other end writing it on a yellow sticky on the side of their monitor.

Posted by Luke McKinney.

No comments:

Post a Comment