PGP Corporation - Library

17 Apr, 2006

Three or four times per year, I read reports about a new "breakthrough" in cryptography. Typically, these announcements are made by small companies and include assertions that the new "secret algorithm" is far more secure, faster, cheaper (pick one) than everything that's preceded it. As any good cryptographer will tell you, any algorithm that needs to be kept secret probably isn't very good crypto - and even if it is, there's no way to prove it. (This is the primary reason why we've always published PGP source code.)

Recently, however, I ran across a story that looked like it had potential. A group of public and private-sector scientists announced a "breakthrough" in what's known as quantum cryptography. Quantum cryptography has actually been around for more than 20 years, with the initial published research dating to 1983. Historically, quantum cryptography has focused exclusively on the problem of key exchange. In layman's terms, what this means is that if you're going to use the same key to encrypt and decrypt a message, you need a way for the sender and recipient to exchange that key in a secure way.

Quantum cryptography aims to solve this problem by connecting sender and recipient via a fiber optic channel. The sender then starts sending single photons down this channel that are then "read" by the recipient. Using some physics that I'll never understand, the two communicators use the characteristics of these photons to agree on a key in such a way that only the two of them can reliably know what the key is. They use this key for a predetermined period of time and then throw it away and generate a new one.

Sound complex? It is, but it has one characteristic that has always appealed to cryptographers. Because these secret keys can be used once and thrown away, they replicate the "one-time cipher" approach that characterized encoded communications 50 years ago. Even if you intercept a message and its key and actually succeed in deciphering the message, that key is of no use in decoding the next message. The one-time cipher approach alleviates the need to manage private and public keys the way current commercial systems do, but it also creates other, more intractable problems.

There's no doubt that quantum cryptography is interesting physics, but it isn't (yet) interesting cryptography, in my view. Some of my friends that are cryptographers claim it isn't cryptography at all. Even current implementations of quantum cryptography focus solely on the key exchange problem and don't address any of the encryption/decryption or sign/verify challenges that are inherent in any cryptographic system.

Quantum cryptography also has one very hard problem to solve before anyone is going to even invest the time to resolve these other issues. Quantum cryptography assumes that a contiguous fiber channel connects sender and recipient. There are some new technologies under development that address this constraint, but so far, they've only expanded the reach of quantum cryptography key exchange to metropolitan-size areas. If you want to communicate securely with someone across the country, quantum cryptography is not a solution. Quantum cryptography also has yet to even begin to address issues such as sending an encrypted message to my BlackBerry device or sharing encrypted content over a WiFi network.

So, when I read that a group of scientists had developed a "breakthrough" in quantum cryptography I excitedly pulled up the story. Unfortunately, the announcement had to do only with the speed at which one can exchange keys over an existing fiber channel. All the other issues with quantum cryptography cited above still exist.

Lest you think I'm a complete skeptic about quantum cryptography, let me state for the record that I think there's some really interesting science here. I do, however, also believe that there is a lot more interesting science that needs to be done before this technology will be ready for commercial deployment. We'll continue to monitor developments in quantum cryptography at PGP Corporation. If at some point it becomes commercially viable, we'll determine if and where it might fit into the PGP encryption suite.

- Phil

Related Links
PGP Source Code Quantum Cryptography

		/ Home / Newsroom / CEO Blog / Quantum Cryptography Breakthrough?

Newsroom Media Releases In The News Awards & Reviews Events Article Reprints CEO Blog Current Archives CTO Corner Executive Briefs Government Regulations Webcasts Newsletter		Subscribe to CEO Blog via RSS. Quantum Cryptography Breakthrough? 17 Apr, 2006 Three or four times per year, I read reports about a new "breakthrough" in cryptography. Typically, these announcements are made by small companies and include assertions that the new "secret algorithm" is far more secure, faster, cheaper (pick one) than everything that's preceded it. As any good cryptographer will tell you, any algorithm that needs to be kept secret probably isn't very good crypto - and even if it is, there's no way to prove it. (This is the primary reason why we've always published PGP source code.) Recently, however, I ran across a story that looked like it had potential. A group of public and private-sector scientists announced a "breakthrough" in what's known as quantum cryptography. Quantum cryptography has actually been around for more than 20 years, with the initial published research dating to 1983. Historically, quantum cryptography has focused exclusively on the problem of key exchange. In layman's terms, what this means is that if you're going to use the same key to encrypt and decrypt a message, you need a way for the sender and recipient to exchange that key in a secure way. Quantum cryptography aims to solve this problem by connecting sender and recipient via a fiber optic channel. The sender then starts sending single photons down this channel that are then "read" by the recipient. Using some physics that I'll never understand, the two communicators use the characteristics of these photons to agree on a key in such a way that only the two of them can reliably know what the key is. They use this key for a predetermined period of time and then throw it away and generate a new one. Sound complex? It is, but it has one characteristic that has always appealed to cryptographers. Because these secret keys can be used once and thrown away, they replicate the "one-time cipher" approach that characterized encoded communications 50 years ago. Even if you intercept a message and its key and actually succeed in deciphering the message, that key is of no use in decoding the next message. The one-time cipher approach alleviates the need to manage private and public keys the way current commercial systems do, but it also creates other, more intractable problems. There's no doubt that quantum cryptography is interesting physics, but it isn't (yet) interesting cryptography, in my view. Some of my friends that are cryptographers claim it isn't cryptography at all. Even current implementations of quantum cryptography focus solely on the key exchange problem and don't address any of the encryption/decryption or sign/verify challenges that are inherent in any cryptographic system. Quantum cryptography also has one very hard problem to solve before anyone is going to even invest the time to resolve these other issues. Quantum cryptography assumes that a contiguous fiber channel connects sender and recipient. There are some new technologies under development that address this constraint, but so far, they've only expanded the reach of quantum cryptography key exchange to metropolitan-size areas. If you want to communicate securely with someone across the country, quantum cryptography is not a solution. Quantum cryptography also has yet to even begin to address issues such as sending an encrypted message to my BlackBerry device or sharing encrypted content over a WiFi network. So, when I read that a group of scientists had developed a "breakthrough" in quantum cryptography I excitedly pulled up the story. Unfortunately, the announcement had to do only with the speed at which one can exchange keys over an existing fiber channel. All the other issues with quantum cryptography cited above still exist. Lest you think I'm a complete skeptic about quantum cryptography, let me state for the record that I think there's some really interesting science here. I do, however, also believe that there is a lot more interesting science that needs to be done before this technology will be ready for commercial deployment. We'll continue to monitor developments in quantum cryptography at PGP Corporation. If at some point it becomes commercially viable, we'll determine if and where it might fit into the PGP encryption suite. - Phil Related Links PGP Source Code Quantum Cryptography