(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.
Recent breakthroughs have changed the question of quantum computing’s arrival from one of “if” to “when.” They’ll be able to accomplish certain task at a pace hundred or thousands of times better than classical computers which, in turn, will let us pursue solutions to questions that can’t be solved with modern methods.
Modern encryption is one of those questions. Currently protected by prime numbers that classical computers can’t possibly solve before the heat death of the universe, encryption could be busted wide open by the power of quantum.
Luckily, it’s a double-edged sword. Quantum physics can also be used to make encryption better, protecting data against both current and future threats. To find out how it works, and whether it’s practical today, we spoke with John Prisco, CEO and President of Quantum Xchange, the first fiber quantum network available in the United States.
Digital Trends: What makes quantum computers good at cracking conventional encryption?
John Prisco, President and CEO of Quantum Xchange: Because the quantum computer is not using bits that are either one or zero. In fact, they’re using photons that can be simultaneously ones and zeros. It’s just a massively parallel processing capability that a primary computer that we use today can’t do, because bits can only exist in either a one or zero state.
“The real goal is a quantum prime computer. And that’s one in which you could crack the key in 10 seconds.”
So, you know you always hear the comment about, “How fast the computer could read all the books and the stuff in the Library of Congress.” Well, that’s talked about in terms of reading each book serially. The way a quantum computer would read the books in the Library of Congress, would be to read all of them simultaneously.
With the latest RSA 2048 cypher, using conventional computers, it would take a billion billion years to brute force break that key. A quantum computer could do it in about 10 seconds.
When do you think quantum computers will become sophisticated enough to be a real threat to encryption?
There’s a concept called quantum supremacy. That’s not very interesting, even though it sounds like it is. It means when a quantum computer is more powerful than any conventional electronic computer. Google thought that they would have a quantum supremacy computer by the end of last year.
They say they are now going to have a quantum supremacy computer by the end of this year. So, when I talk about cracking RSA 2048 taking a billion billion years, a quantum supremacy computer might shorten that to 900 million billion years. That’s not such a great advance.
The real goal is a quantum prime computer. And that’s one in which you could crack the key in 10 seconds. In terms of that, it’s considered to be about a 5 to 10-year event.
But I’m always quick to say that it’s almost irrelevant how long it’s going to take to get there. Nefarious actors are harvesting data all the time, and they’ll always do it, because it’s too easy to do. They’ll harvest data from the Office of Personnel Management the government, or the F-35 plans from Lockheed Martin. And they’ll sit on it until they have a quantum computer that can break the key and open the data.
” … You now have assurance that no one can unlock your data and read your data file.”
Let’s say you’re a Swiss bank, and you have a lot of customers who’d rather keep their identity private. So, you would really want to encrypt using quantum keys today, and not expose yourself to having their data harvested, and worry that somebody is going to have a quantum computer that can break it.
Quantum Xchange is built around the use of quantum keys. Can you explain how they work and that makes them harder to crack?
A quantum key is different than an RSA key in that it’s composed of photons. When you transmit the key from point A to Point B, the key goes along, and each photon we send along can be encoded with a one or zero.
If somebody tried to eavesdrop on that key, it turns out because of the Heisenberg Uncertainty Principle, that if anybody tries to eavesdrop on an optical particle like a proton, the quantum state changes and therefore the key no longer represents the key that will unlock the data.
Because you’re relying on a law of physics, which is as immutable as gravity, you now have assurance that no one can unlock your data and read your data file. The key can’t survive anybody touching it.
Your ‘trusted node’ system claims to solve range issues with quantum keys. Why is there a range issue, and how’ve you solved it?
One of the shortcomings of the quantum key distribution is that the best you can do is about 100 kilometers transmitting the key. That’s probably what has delayed the introduction of Quantum Key Distribution in the United States.
“For someone to break a quantum key, it requires extraordinary circumstances.”
What we’ve done is we’ve worked with Battelle Memorial Laboratories, and we’ve come up with a way to extend the distance a quantum key can travel. It can travel now an unlimited distance.
We’ve come up with a way to encode a quantum key within another quantum cage, and that allows us to keep transmitting multiple hundred kilometers at a time, and it doesn’t violate the uncertainty principle.
Being able to get past this limitation has been critical to make this viable. It’s a big breakthrough, and it’s an enabler for this technology.
I noticed Quantum Xchange claims that it’s pioneering “unbreakable encryption.” How literally should we take that? Is this truly unbreakable, now and in the future?
When you make a bold claim like that you always have people that are going to challenge you, and cryptographers as a class of engineer, or scientist, are very good at challenging that comment.
“This isn’t technology that has sprung up overnight. It’s been running in Geneva for ten years … “
However, it does turn out that because we’re relying on a law of physics, that it is probably unbreakable. Now, is there a non-zero probability that somebody could break it? Yes. But we think it’s extremely unlikely. Literally, for someone to break a quantum key, it requires extraordinary circumstances.
Let’s say I send out a million photons, and you end up accepting 100,000 of them as being totally untampered. If you were a nefarious actor trying to intercept my quantum key, you’d have to guess correctly 900,000 times whether the photon was a one or zero.
Now mathematically, that’s doable. But in my world, and in the practical world, that’s impossible.
Is Quantum Xchange’s solution focused on deterring the threat of quantum computers only, or is it something that can be used for many scenarios?
The generic use case is to safeguard any critical information. It’s being used today in Geneva, by their government management of the elections, to transmit polling data using quantum key protection. It’s absolutely geared towards preventing hackers from stealing data. If quantum computers are the offense, quantum encryption is the defense.
This isn’t technology that has sprung up overnight. It’s been running in Geneva for ten years, it’s been running in Battelle’s labs for five years. We’re deploying it now in New York. This is equipment that works today, and it’s viable today.