Two developments with the potential to affect current uses of cryptography have emerged from study of the quantum behaviour of materials in the past 30 years.
When technologists talk about how important quantum will be there is likely to be as many confused IT people as there will be security people, so it would be nice, for a change, for us all to be on the same page at the outset, understanding the concepts and the issues and working together to get the best out of the future.
Quantum cryptography, first developed in the early 1980s, has advanced to the point where there is at least one commercial product. The technique uses photons to send a message allowing the recipient to detect whether or not it has been read by a third party.
It does not prevent reading, merely ensures that interception can be detected. Potential uses include the distribution of encryption keys. Only unread keys would be used to protect messages that would themselves be encrypted using conventional mathematical algorithms.
The other development, quantum computing, is set to greatly accelerate some types of calculation, including those required to break traditional encryption algorithms.
This could result in dramatic speed improvements for particular types of calculation, including factorisation and discrete-logarithm problems current mathematical encryption algorithms rely on the difficulty of these problems. A quantum computer would effectively halve the symmetric key length, so that a 256-bit key would be only as secure as a 128-bit key today.
The short-range business concerns of these developments remain unclear at the moment, but experience has shown that the industry needs many years to replace legacy systems - you cannot easily change ATMs and mainframe applications.
Quantum cryptography may be perhaps five years ahead quantum computing may possibly be 15 years away. Progress in building quantum computers tends to develop in steps as researchers find new methods, so it is slow, but the theory is solid. We should be starting now to evaluate the impact.
Uses of quantum technology
In 2007, the Quantum Technologies Action Plan identified four key areas of application for quantum technology:
- Quantum secure communications - key distribution - using quantum technology
- Quantum clocks and timing
- Quantum enhanced measurements (accuracy)
- Quantum information processing - using quantum computing
The British Computing Society Security Forum Strategic Panel is intending to host an event on 11 May to bring the discussion into the open and provide a platform for various angles to be explored - including impact on business, and impact on society and the future.
There is a need to start by positioning some key terminology to ensure that all IT professionals and beyond are appropriately aware of the subject area so they can debate its wider implications, such as the commercial viability of quantum cryptography and the impact on system availability and society.
The future holds challenges in terms of our understanding in both technological and business terms. The power (and speed) of quantum computing may be so great that current encryption will not be sufficient. Could it be that quantum information processing is a world without encryption?
At minimum, we need to understand the power of the technology.
Andrea Simmons is a Consultant Forum Manager at the BCS Security Forum
This was first published in February 2009