Quantum Computing Puts Encrypted Messages at Risk

Ian Hill Ian at Protonic.com
Thu Jul 11 14:50:30 EDT 2002


On Mon, Jul 08, 2002 at 04:20:37PM -0400, R. A. Hettinga wrote:
> Given that quantum computers will provide an enormous power boost,
> encryption experts believe that current standards for encryption,
> which are based on computational difficulty, will then fall.  In the
> world of quantum computing and encryption, the question of which will
> come first, quantum computing or quantum encryption, is very
> important.  
> In fact, it is vital.  
>
>  [...]

I don't know enough about quantum computation to comment on this first
section. There are numerous comments that seem wrong to my
understanding, but I shan't make a fuss.

>If quantum computing comes first, chaos will reign, since most of
>security systems installed by the world's vital institutions, including
>banking, commerce and government, have come to depend on current
>encryption methods -- which would instantly become archaic.  The boost
>in computing power offered by quantum computing would make many of the
>encryption security measures now in place obsolete.

Instant chaos? Hardly. The first people to have this technology will be
the NSA/GCHQ types, and university research people. Not Joe Cracker.
You have to ask yourself who you are most worried about - who you think
about when you encrpt your data. Most companies encrypt their data
against their competitors and perhaps crackers. 

> Quantum encryption to the rescue.
> 
> Most people assume that the technology -- perhaps due to its cryptic
> name -- is one of those odd, far-out sciences that theorists love to
> love but which will have no practical application in the foreseeable
> future.
> 
> Others are betting that quantum encryption will save the day for
> security applications.
>
> [snip]
> 
> Coming Soon
> 
> Hammond said that his company, scheduled for a public launch this
> September, will have a "commercially available solution" in 2003. The
> Somerville, Massachusetts-based company is developing a prototype
> quantum cryptographic device that can be used on telecom fiber and is
> immune to eavesdropping, or so the company claims.
> 
> The device is also "future-proof" because, according to MagiQ
> Technologies, it is invulnerable to advances in algorithms and
> computing technology.

Oh dear God. QKD systems are invulnerable to algorithmic and computation
advances because they are not algorithmic, or based on conventional
computation. QKD is the product of Physics. 

Mathematicians have always been under the dillusion that mathematical
proof is absolute. Physicists on the whole realise that their best
theory is their best theory - not absolute truth. No-one has even
proved, even to physics standard, that QKD systems are secure. It is
merely conjectured that we cannot intercept photons and accurately
detect their polarisation without altering the same. 

QKD is hailed as unbreakable encryption. Sure, it will be damn hard to
crack, but not-too-many years ago, the idea that we could factor
thousand bit numbers sounded insane. Quantum theory came about when
Planck and many many others challenged percieved wisdom. How can we be
so sure that one day someone won't figure out how we can defeat the
standard wisdom that says "photon polarisation cannot be detected" for
the purposes of breaking QKD?  

Now I'm neither a professional cryptographer or professional quantum
physicist, so any of the above could be incorrect. I'd love to be proven
wrong - I fancy the idea of unbreakable encrption as much as the next
man, but surely the way mankind has broken cipher after cipher, and
challenged theorum after theorum should have made people a little
dubious when the word "unbreakable" is bounded around. Besides, we all
know the devil is in the implementation. Even if QKD is unbreakable on
paper, an engineer is sure to break it ;-)

When I first read The Code Book (Simon Singh), I drooled endlessly at
the idea of Unbreakable Encryption, until I became a little more
cynical. I questioned Dr Singh on this when he came and gave a lecture
in Cheltenham UK recently, and his best answer was that QKD is so secure
because "its a different kind of system. Its not like conventional
encryption." [synopsis - not direct quotation]. I'm not thorougly
convinced.

Can anyone (politely) prove this mere outsider wrong?


-- 
Ian Hill
Ian at Protonic.com

Unprovided with original learning, unformed in the habits of thinking,
unskilled in the arts of composition, I resolved to write a book.
		-- Edward Gibbon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list