The tension from this looming threat ratcheted up in January with leaks from Edward Snowden reportedly about a secret $80 million National Security Agency program called “Penetrating Hard Targets,” which is focused on building a quantum computer. Although the NSA doesn’t appear closer to having one than anyone else, the revelation fueled worries over the secret construction of quantum computers. The NSA efforts also suggest that other deep-pocketed governments might go quantum first.
Some scientists doubt that quantum computers powerful enough to threaten today’s systems will ever arise. It wouldn’t be for lack of trying, though, since the futuristic tech promises far more than mere code-busting.
Quantum gizmos would process information and solve problems in novel ways, advancing fields such as drug development and weather forecasting. “Governments are going to want to have quantum computers flourish in their country,” says Michele Mosca, a mathematician at the Institute for Quantum Computing at the University of Waterloo in Canada. “They’re not going to want to wait for another country to make an industry out of it.”
The promise of quantum code-cracking has sparked two trends in digital security. The first, quantum encryption, replaces today’s vulnerable codes with a system based on the kookiness of quantum mechanics. The second involves new encryption codes based on math problems that would stump even quantum computers.
Taking the Quantum Leap
Quantum encryption has made the jump from laboratory experiment to commercial reality. About a year ago, the nonprofit research and development firm Battelle partnered with Switzerland-based network encryption company ID Quantique to complete the first essentially unhackable commercial network in the United States. Connecting Battelle’s headquarters in Columbus, Ohio, to a satellite office in Dublin, Ohio, the network is secured by quantum key distribution (QKD).
A QKD system ensures that anyone trying to hack into a secure connection to discover the encrypting key irrevocably alters that key, alerting the system to a break-in. Here’s how the Battelle system works: Say Alice wants to send information to Bob. Alice’s computer uses a laser to fire single particles of light, called photons, through two filters into a regular fiber optic cable to begin a transmission. The photons possess one of four polarizations, representing bits: Half the polarizations represent 0, the other half 1. Bob’s computer measures the photons’ polarization when they pass through identical filters at his end of the fiber optic line. Each filter only allows half of the polarizations through.
By conversing “in the open” through a standard communication channel before establishing an encrypted line, Alice and Bob decide which filters they’re using. As a result, Bob’s computer will receive photons from Alice’s computer without openly announcing their exact polarization. Bob continues accepting Alice’s photons and the two parties home in on exactly which polarizations Alice sends and Bob receives. Ultimately, this exchange gives Alice and Bob a matching code of bits known only to them. That code can be used to create a standard, bit-based key for encrypting data sent between Alice and Bob, now or in the future.
Then if an eavesdropper — we’ll call her Eve — attempts to snatch some of the exchanged photons to learn the key, the laws of quantum mechanics would trip her up. Bizarrely, the polarizations of Alice’s photons are not determined until Bob measures them, only then assigning them a distinct value. If Eve measures the photons’ polarization while they’re en route, she introduces errors, altering the shared key. “The idea is to use this principle to detect an interception” and abort a data transfer, says Gregoire Ribordy, CEO of ID Quantique.
With enough quibits at its disposal, a quantum computer could slash through today's encryption within minutes or seconds.
These systems, however, are expensive: as much as 50 percent higher than standard encryption tech. Early adopters of QKD accordingly must be high-security, cash-loaded organizations like governments and banks. “But eventually, as this technique becomes cheaper — and it certainly will as the market gets larger and there is mass manufacturing — it could even roll out to the home,” says Toshiba’s Shields. In a Nature paper last year, Shields and colleagues demonstrated just such a cost-saving technique that could allow consumers to share a single, fancy QKD detector using simple equipment on their end.
Alongside retrofitting the Internet’s security backbone with QKD, deploying new encryption codes also could stump would-be hackers. Four contenders have emerged for replacing RSA and ECC, according to Jintai Ding, a mathematician at the University of Cincinnati. These “post-quantum” cryptographical approaches would take quantum computers just as much time to crunch as normal computers.
The first involves finding the nearest point to another given point in a lattice, or a set of points in a space, a surprisingly tricky computational task. The second uses theories on error-correction code to generate public key systems: A receiver would possess a code to correct purposefully introduced errors in data that make it unreadable in transit. The third is multivariate, which revolves around difficult-to-solve sets of algebraic equations. The fourth draws short, unique private and public keys out of long strings of bits. Again, our traditional computers are already capable of using such coding schemes, and they’re conveniently complicated enough that quantum computers won’t be better at cracking them.
Adopting any of these novel encryption standards will take time, Ding says, and people will debate which approach is the best. Plus, they’ll face the typical challenges of new technologies, reconfiguring new and existing devices to work with the new standards. Companies might balk at upgrading their hardware and software as long as quantum computers remain the stuff of fiction. Ding worries that reluctant CEOs will just kick the can down the road and let rivals splurge on quantum gear instead.
It’s this sort of procrastination that has security-minded folks nervous. “Planning and action need to start immediately to make our cryptography system robust against emerging quantum technology,” says Mosca, the University of Waterloo mathematician. “If we do so, we can essentially avoid catastrophe.”