Client: Wired

Topic: Quantum Cryptography

Content Types: Article, White Paper

CLIENT NEEDS: Wired needed research and publication of an article on an emerging technology and someone who could distill a complicated topic–cryptography–to a lay consumer readership.

DELIVERED: After research and interviews with industry experts, produced a compelling, digestible article on quantum cryptography–the text of which can be read below.

Privacy by Law

Secure crypto has always been dogged by crackers wielding ever-increasing amounts of computing power. But no amount of chip power can circumvent the laws of physics—and that’s the keystone of quantum cryptography.

These days, to communicate or hold information in secret, you must rely on systems based on entirely private crypto keys, or systems that rely on a combination of public and private keys and some very difficult mathematical problems. Both do the trick in their own ways—based on principles of controlled knowledge and tough math.

It’s an entirely different matter, however, to say that the security of your data could be acutely guaranteed by a simple law of nature—that is, quantum mechanics. Yet it is true. Known as quantum cryptography, this emergent crypto method surpasses all previous systems and has now become as real as the foundations of physics.

To date, there have been two paradigms of cryptography. The first, private key, has been around for centuries, and to this day is used in communication between the President of the United States and roving nuclear submarines that troll the depths of the world’s oceans. Making use of private key crypto, however, requires both the sender and receiver to know one secret key that is used to encrypt and decrypt information. Private key cryptography alone becomes impractical in an environment such as the Internet – where parties unknown to each other wish to send and receive secure information.

Enter the second paradigm of cryptography. Called public-key cryptography because the cryptographic key is split into two parts—a publicly available key for encryption and a privately held key for decryption—it was, in 1976, perhaps the greatest revolution to date in the ancient field. Public key cryptography, because of its public component, bases its security on the difficulty that current computers have factoring the massive numbers of the ‘key material.’

While public key crypto is extremely safe today, it can only guess at the improvements in computing power and crypto attack algorithms of tomorrow, which means that the system’s real security can only be roughly estimated.

Now consider quantum cryptography. Some of its basic precepts were discovered in the early 1970s alongside the emergence of public key crypto, but its value wasn’t widely perceived until a decade later when two researchers—Charles Bennett at IBM, and Gilles Brassard at the University of Montreal—published a series of papers on its feasibility and performed the first demonstrative prototype in 1989.

It works like this: Two users of quantum crypto each generate clandestine strings of random numbers. The first user sends a sequence of single photons—pulses of light—that represent each bit of the numerical string to the second user’s receiver. The receiver then pulls out the bit values that match between the two strings. These shared values form the basis for their secret keys.

Where quantum cryptography differs is in its reliance on the inviolability of the laws of quantum mechanics. It’s this force which prevents the tapping of transmissions because of the indivisibility of the photons exchanged—they are not duplicable. The photons can go either to the receiver or to the eavesdropper, but not both. Heisenberg’s uncertainty principle mandates that, if a transmission were listened in on, the subterfuge would disturb the communications system and produce an irreversible change in the system’s quantum states—signaling an alarm to the original communicators, who would simply end their exchange and start over again with new keys.

Among centers creating practical prototypes for quantum cryptography are British Telecom, the University of Geneva, Johns Hopkins University, and Los Alamos National Laboratories. Scientists at Los Alamos, British Telecom, and the University of Geneva have demonstrated systems over dedicated fiber optic cable, while those at Johns Hopkins and Los Alamos have shown that it is possible over satellite transmissions.

But quantum crypto is a decidedly high-maintenance engagement. Regular copper wires (which carry signals in electrons, not photons) don’t have the capabilities to make use of the technology. Paul Townsend, head researcher for British Telecom’s quantum crypto project, said it was important for them to demonstrate a practical system that utilizes existing high-speed optical links. “Fiber is an expensive commodity,” said Townsend. “So we wanted to show that you could provide secure quantum key distribution as an add-on to an existing high-bandwidth optical communication link.”

Townsend’s group experimented with adding a separate quantum communication channel to one carrying optical communications. Said Townsend of the parallel lines: “In real applications, keys distributed over the quantum channel could be used to encrypt the information carried by the conventional high-bandwidth data channel.”

But with high-speed telecommunications infrastructure still just a dream in the US and most everywhere else in the world, so remains quantum cryptography. Regardless, Richard Hughes, a physicist at Los Alamos projects: “Optical fiber quantum cryptography could be commercialized in the near future. It is only a question of someone showing the interest.”

Hughes adds that “free-space quantum cryptography,” which may someday be used over geodesic satellite links, “is probably still a couple of years away from being commercially viable.” Still, Townsend concurs that there is nothing now that prevents limited distance quantum crypto systems from reaching the market. “If a customer came forward with a requirement for quantum cryptography, then I believe practical systems could be built within a few years.”

Of course, demand remains the big ‘if’ right now. With effective public key systems proliferating rapidly, the need for an endlessly secure quantum system would have to intensify before industry begins throwing money at it. Ironically, many say it could be another subset of quantum mechanics—quantum computing—that could permanently dethrone existing crypto and enshrine quantum crypto in its place.

While the practical advent of quantum computers is still several years off—and some say may never be fully realized—it represents an important theoretical leap in computing power. To put these computers’ immense power in perspective, it took eight months in 1994 for 1,000 computers to factor a 129-digit number, where with a single 100-MHz quantum computer, the task could have been completed in a few seconds.

If the promise of this form of quantum information technology should eventually pay off, as Townsend says plainly, “Public key systems would become insecure, leaving us with only quantum cryptography to keep our secrets.” Not only that, but anything previously encrypted with public-key crypto would become immediately, retroactively insecure.

But for now, Townsend admits that public-key cryptography is—and still will be—king for a while, because it “can be used on existing electronic networks and systems without the requirement for a fiber infrastructure.” Hugo Zbinden, a quantum crypto researcher at the University of Geneva agrees. “Until computer power and algorithms get better most users won’t need quantum cryptography,” says Zbinden.

Zbinden, whose group is working on a project funded by Swiss Telecom, and has recently been consulting on a project begun by France Telecom, says of commercial interest: “At the moment they are investing only a little. But certainly they don’t want to miss the train. If quantum cryptography will bring money one day, they want to be ready.”

The high sensitivity requirements of quantum crypto on overall telecommunications networks will need to be addressed if the system is ever to be earmarked for more than specific, short distance business and military applications, and find its way into the home. Townsend points to the many blocking points (e.g. switches and repeaters) in large national- or international-scale fiber networks as an insurmountable problem for the sensitive work of quantum cryptography. These components would have to be adapted to quantum cryptography’s needs before the average Joe could be a user. And there are also things public key technology can do, like digital signatures, that quantum crypto cannot.

But if researchers and investors keep their eye on the prize, we could in the not-too-distant future find ourselves with the ultimate security tool – one that’s literally guaranteed by a certifiable law of nature, not just hedging its bet on tough math and slow computers.

Then again, there’s always the possibility that, as one of quantum crypto’s original theorists, Gilles Brassard, said, “Maybe quantum physics is wrong.”