What has Edward Snowden taught us about Quantum Cryptology?
The NSA may want quantum computing, but is it any nearer to cracking the problem or cryptology?
In my best Sheldon Cooper voice this uses the Heisenberg Uncertainty Principle that, in layman's term, says you cannot observe something without changing that which you are observing. Note that 'very' isn't the same as '100 per cent' though, and regular readers of IT Pro will be well aware that we have gone to great pains to point out that there is no such thing as 100 per cent secure data. For good reason: there are always weak points that offer the potential for exploitation.
A quantum of practicality
Some five years ago the theory went practical as research scientists strung together a quantum cryptographically secure network across 200km of standard commercial fibre optic cabling, and in the process securely connected six locations around Vienna. Single photons (the basic unit of light with quantum properties as discovered by Einstein) fired a million times per second along the fibre optic cables between the network nodes, while light detectors at the nodes spotted these photons and determined a secret key from them in order to encode the data across that communications channel.
However, as has been noted by some researchers working in the quantum field, the lasers that fire out the single photons get it wrong and fire out multiple photons occasionally then snooping not noticed by entanglement can happen.
Getting around such problems with a device-independent protocol has proved harder than might have been thought. Not least that such protocols have to treat the quantum cryptography process as a one-off; whereas in the real world not even the NSA can afford to use the kit once and then replace it all every single time. Quantum computers and quantum cryptography development is expensive enough an area as it is without throwing the practical spanner of disposable quantum devices into the theoretical works.
Not all its cracked up to be
OK, so that's the explanation bit, but where does that leave the NSA today and the enterprise looking over its shoulder at the possibility of a super-decryptor computer snooping on all their data? I've had conversations with respected IT security researchers who pretty much rule serious quantum crypto, or quantum key distribution, out of the enterprise picture for the foreseeable future.
They say that the combination of distance limitations, hardware implementation costs and the small matter of it not being as secure as it promises to be will see to that. The truth is that real-world quantum computers show no convincing signs of making the jump from research lab to real world enterprise, despite some recent advances such as a team of Oxford and Simon Fraser University boffins managing to 'sustain a quantum state for 39 minutes'. This is a giant leap for the science, maintaining the superposition state of qubits at room temperature rather than -269C, but only a tiny inching towards anything actually practical.
The truth is, as evidenced by the science and the Snowden documents, that it seems very unlikely indeed that the NSA is no closer to building a working quantum computer with any practical implications on data privacy than anyone else.
Yes, such a working code-breaking quantum computer would open the doors to making existing encryption standards useless, those doors remain firmly closed for now and are likely to do so for quite some years to come. Given just how fragile quantum computing prototypes are, being hugely susceptible to environmental changes, the chances of building one with enough qubits (at least in the hundreds, and possibly thousands according to some) to perform the kind of encryption breaking calculations that some folk are worried about seem pretty low right now.
After all, if all it took was a few million pounds then why wouldn't the cash-rich giants of the technology business have beaten the secret squirrels to it already? What Edward Snowden has taught us about quantum cryptology, as with so many other things, is that just because the NSA wants something that doesn't mean it's going to get it all it's own way...
In This Article
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now