Does quantum mechanics offer the best way to protect our most valuable data?

By Christopher White

Thursday, 31 March 2011

Heist work: Even John Dillinger couldn't steal from a quantum-encrypted bank

REX FEATURES

Heist work: Even John Dillinger couldn't steal from a quantum-encrypted bank

Criminals no longer need to swagger into banks like John Dillinger with their faces masked. Modern-day robbers are more likely to be armed with a degree in computer science than a tommy gun.

Last month, the consultancy Detica estimated the cost of cyber crime at £27bn – although that figure has been disputed by pressure group Straight Statistics – and the Government's new defence strategy explicitly mentions electronic attacks. Your money or your life could still be at risk using even the smartest of encryption technologies.

Conventional encryption, such as what might be used protecting your online-banking transactions or the country's national-security secrets, uses pure maths. A message containing secure government data or your bank details is transformed into "ciphertext", the encoded, garbled, version of the message, for transmission, and then converted back upon receipt. Interception will produce only gibberish – unless it's deciphered.

The only way to decipher the message is by using a "key" – another random string of letters or numbers. Like cracking the world's most complicated safe in a heist movie, to uncrack the code you'd have to try every variation of the 128 letters and numbers – which would take a while.

Those 128 bit–long keys are usually considered secure even against attacks that can check all the possible keys.

But last year, an encryption used by some 3G networks was cracked by Israeli researchers within hours, allowing them to listen to your phone calls, in theory. Orr Dunkelman, one of the researchers from the Weizmann Institute of Science, says the networks are still considered safe because their technique "assumes that the adversary can obtain a lot of data, and that he can control the encryption keys to some extent". So our private conversations are safe for now.

But it has encouraged businesses and governments to look for an alternative. Since an encrypted message has to be intercepted before it can be decoded, there is a solution found by abandoning maths for physics – specifically, for quantum mechanics and the world of the very, very small. At the smallest scales, strange things happen. Waves behave like particles, and vice–versa. One consequence of this is Heisenberg's uncertainty principle and the notion that it is impossible to measure a system without disturbing it. With communications that take full advantage of this, any disturbance created by cyber-criminals' eavesdropping is detectable and transmission can be cut off.

"Security comes from knowing you have been compromised, rather than the absolute integrity of the 'safe'," says Norman Apsley, vice–president for business and innovation at the Institute of Physics. "Quantum cryptography has been a goal for some time, but many were sceptical that it would ever become a reality." A forthcoming report by the institute will show how far the science has come.

Andrew Shields, of Toshiba Research Europe, says: "The technique is based on sending secret digital keys across optical fibres using encoded single photons – particles of light – and so is technically very challenging."

Toshiba and the National Physical Laboratory are working towards commercialisation, with products expected to fetch tens of thousands of pounds – the cost of a high-end firewall. "Ultimately, quantum cryptography could find widespread use in telecom networks," Shields says. "In the near-term, it is most likely to find application in settings where information security is a high priority." Settings such as security and defence.

This is good news for us, and bad news for Dillingers old and new. The laws of the universe and a little human ingenuity can foil the hardest and smartest of criminals.

  • FirstAdvisor
    People used to build castles to feel secure at enormous expense, when all it took to get through the walls was one guy to open the side door.
  • Ivanmy
    Anyone who thinks any transfer or encryption method is secure is fooling themselves.... the writer included. (He didn't do much research... he can't even spell encryption) "Andrew Shields, of Toshiba Research Europe, says: "The technique is based on sending secret digital keys across optical fibres using encoded single photons ? particles of light ? and so is technically very challenging."" Which basically means game on. So here is a thought.. to decrypt quantum encryption messages - security through lots of obscurity with bigger, more complicated, but just more keys (keys are great because they are predictable... so much for unpredictability. Then of course there is the big (very big) input-output hole.... what goes in goes in somewhere... and comes out somewhere using human agency. Hmmmm... not so tiny tiny world of physics any more. Then there is all the hype about particles of light... give me a break. This is physics... not magic. End of the day it is all energy... no matter what speed.
  • 1Pat
    Science objective and impartial unlike the Independent. ?12 killed in protest at UN office? The Independent, please don?t comment on this story outside our remit or we close the comment section. NS
  • Of course, quantum cryptography is as a result of and reaction to a successful hack/code crack. It is naive to imagine that successful hackers/code crackers have not moved on, and deeper into more lucrative and engaging Command and Control Fields, with everyone completely unaware of that is which is being done. However, that is exactly as they would like it, and have intelligently designed it, methinks.
  • Interesting article: What you may see is that in www.opolis.eu all these mathematical procedures are already integrated in one single service, offering - for free - a secure, encrypted mail and messaging service.
  • leolonghop
    Completely agree. However it think its more real than likely, look at the Irish banking situation. Robbing/ thieving/financial recklessness all the same when your dealing with other peoples money.
  • Simon_99
    And sometimes when you look into your account there will be no money there because it will have tunnelled through into someone else's.
  • Simon_99
    The technology will surely remain classified for a long time, so don't expect to see it implemented in a commercial setting any time within the next 50 years.
  • Simon_99
    The biggest weakness with modern 256 bit ciphers is generally a weak password; if you use a password such as "12345678" or some combination of your mother's name and child's date of birth or even a word that is found in a dictionary then your encrypted data can be broken into extremely quickly. You only get the full benefit of 256 bit security if your password is essentially random, however such security must surely be truly unbreakable through brute force attack using a non-quantum computer. There is a minimum energy requirement set by thermodynamics required to simply flip a bit within a computer, and to even work through all the possible keys of a 256 bit cipher would require consuming the total energy output of 1 billion suns for 273 billion years, assuming your code-breaking system was cooled down to 3 Kelvin (higher temperatures require more energy). So probably not going to happen.
  • Inconsistent_Verbiage
    The reporter does not even seem to have spent even a couple of minutes trawling with Google and Wikipedia. Firstly, there are already at least four companies (eg. id Quantique) offering commercial quantum cryptography products and it has been used for example in the Geneva canton 2007 election. Secondly, quantum cryptography still requires the participants to authenicate themselves to each in a non-quantum manner. Thirdly, quantum cryptography is typically used as pre-cursor (key establishment) before "standard" non-quantum cryptography is used to transmit data.
  • Jon
    Modern-day robbers are more likely to be armed with an FSA qualification, and work for one of the major 'investment' or 'central' banks.
  • king_of_central_europe
    I had the impression ... that it were german hackers who broke the code of some telephone-networks ... and presented the results on a conference of the chaos-computer-club ... ; so: ==> Did the mentioned israelians do the same thing or something different ? If the same: Who was first ? Meanwhile the quantum-cryptography builds on knowledge that hasn't been too long around, just since the mid-1990s ... ; as long as there comes no new Heisenberg ... it's guaranteed that no one understands the matter deeply enough ... and people will surely be too stupid to intercept the transmission ... ; but that might change.
  • myboy3112
    this reporter knows what he is talking about. great article
  • wikiplugz
    So when money that is deducted from my account now, instead of being shot across at the speed of light, it will still take 2 to 3 days to appear in the recipients account. Now the excuse will be because it is trapped in an infinity loop in the alternate space time continuum... Gosh, isn't science wonderful? Another excuse for micro interest profits..
  • The figures for how long it takes are only valid if you do not have access to some data that is in both the plain text and the encrypted version. If you do then the times decline astronomically. The enigma codes were often broken because the messages had to access known locations at times. If it can be encrypted than the lead only goes to the coder for a time. This system will be broken just as any other one will be. Security comes from making life hard enough that ony a small number can break the security system regardless of type and you can both keep track of them and when you do catch one making the punishment out of all proportion to the crime. As long as the punishment only fits the crime then on average crime pays so crime will thrive.
  • ejderha
    While it is true that all codes can be broken, one of the important differences in QE is that interception itself is monitored by the content of the message being disturbed. So the sender/recipient can be aware of the interception and adapt accordingly by perhaps changing routes or indeed even codes in mid-conversation. It is not a trivial technology to create but it is inherently much more secure than reliance upon large prime numbers.
  • neils_smith
    At the moment. It's a fledgling industry, that's the point, it'll be a driver in places like defense which will then drive down the costs until used more widely.
  • FirstAdvisor
    The article baffled me. The experience seemed as if the writer was typing the words for each sentence, without being aware of what he was writing. The report clearly states that quantum protection is hugely too expensive for use in something trivial like security on a bank or finance firm. National security and defense, that's what quantum systems are for. I can't guess the exact ratios, but quantum protection on a bank would likely cost more than the total value of all the accounts in the bank. Quantum security has nothing to do with common thieves. The technique is strickly a defense against cyber espionage targetting the networks of national governments. They're the only groups who could possibly afford it.

Sponsored Links