For years, quantum physics, and its computational component quantum computing, were the stuff scientists’ dreams were made of. Quantum mechanics, the study of all the spooky indefinite properties of subatomic particles, is more than theoretical of course; Scientists can observe and measure these properties. But the real-world applications for this research wasn’t always obvious. While quantum mechanics has revolutionized the field of computational chemistry, the commercial promise of, say, super-fast quantum computers has yet to be realized and may not be for decades.
But one field where quantum technology has not only led to scientific breakthroughs but also commercial possibilities is encryption.
Last October, Switzerland’s ID Quantique raised $ 5.6 million to build America’s first-ever commercial quantum encryption network. Using a method called “Quantum Key Distribution” (QKD), the company provides highly-secure encryption between servers belonging to the Columbus-based R&D firm Battelle. This is precisely the type of encryption that could have prevented the NSA from breaking into communication links between servers belonging to Yahoo and Google. (That revelation prompted one Google engineer to say “Fuck these guys,” these guys being the NSA).
Then just last week, a team of researchers published findings demonstrating secure and “oblivious” quantum-encrypted person-to-person communication. What do they mean by “oblivious”? They mean this method allows the credentials of two people to be verified without either of them knowing the precise information being transmitted. Scientists think this has huge potential for mobile payments where instead of using an ATM or point-of-sale keypad, users could input the PIN into their phone. At that point, the PIN would be encrypted using quantum principles and sent to the bank for verification so that nobody, not even the NSA which can apparently make encryption meaningless, can see it.
So what makes quantum encryption so much more secure than traditional symmetric or public key encryption?
Here’s how I explained it last October:
Traditionally, secure data is encrypted and decrypted using numerical keys generated by an algorithm. This is a big oversimplification but essentially, you have to know the keys to unlock the data. But with enough computing power, a third party could potentially figure out those values. We’re talking massive, expensive, time-consuming computer power, but still. It’s hard to crack, but not impossible.
But QKD is something entirely different, taking things a step beyond traditional mathematics. The first part is the same: Data is encrypted using an algorithm. But then the data itself is encoded on a light particle known as a photon. Because photons are smaller than atoms, they behave in some pretty crazy ways. For example, you can “entangle” two photons so their properties correlate with one another. A change to one photon (which can occur as easily as by someone observing it) will cause a change in the other photon, even if the two are a universe apart.
After entanglement occurs, the sender transmits the first photon through a fiber cable to the receiver. If anyone has measured or even observed the photon in transit, it will have altered one of the properties of photon no. 1, like its spin or its polarization. And as a result, entangled photon no. 2, with its correlated properties, would change as well, alerting the individuals that the message had been observed by a third party between point A and point B.
This obviously makes no sense. Einstein called it “spooky action at a distance.” Richard Feynman said, “If you think you understand quantum theory, you don’t understand quantum theory.”
And yet. These are the observable traits of quantum physics. (For more, check out our interactive explainer on quantum computing)
In other words, if a hacker (or the NSA) even tries to peek at this data, both parties will be alerted.
Michele Mosca, co-founder and deputy director of the Institute for Quantum Computing at the University of Waterloo, understands the need for what he calls “quantum-safe” encryption. We know the NSA is working on quantum computing which, theoretically, could crack any existing form of traditional encryption. And while quantum encryption appears to be ahead of quantum computing technology for the time being, Mosca tells me that cryptographers should still view quantum computing as a threat:
The field has achieved many important milestones over the past 20 years, and I see increasing momentum. From the perspective of a cryptographer, we need to view quantum computation as a medium-term threat. In order to be cyber-safe, the next generation of cryptographic tools needs to be quantum-safe, and thus we need to aggressively plan the transition to quantum-proofing our cryptographic infrastructure. This transition may take longer than the time it will take to build a large-scale quantum computer, so there is no time to waste.
The US government has not always been kind to those working at the cutting edge of encryption. In 1991, it launched a criminal investigation into Phil Zimmerman, the creator of the Pretty Good Privacy (PGP) encryption software. The investigation, which sought to determine if Zimmerman had violated the Arms Export Control Act, lasted three years and was eventually dropped with no charges filed. And then there was the NSA’s secret campaign to install back-doors in commercial encryption software.
For Mosca’s part, he’s not worried about the government interfering with quantum encryption research. ”I think our governments realize that strong cryptographic primitives are a critical part of having robust information and communication systems, and thus are central to our security and our economic prosperity. Export control and lawful access are related but separate issues,” he says. In other words, go forth and make super-strong encryption, but don’t share it with other countries or anyone else the NSA doesn’t want to have it.
Not all big tech firms take encryption as seriously as others. Twitter, for example, has all but given up on encrypting direct messages. But while that’s bad news for users of these platforms, it’s an opportunity for newcomers and competitors to address the growing awareness surrounding strong encryption. And quantum technology will likely play a role in the evolution of cryptography.