Quantum Encryption: The Basics

Written by

Quantum encryption is the mathematics of cryptography leveraging the physics of quantum mechanics to make unpredictable crypto keys – that’s all it is.

There are two major methodologies of quantum encryption that achieve the same goal of making true random keys at the endpoints, eliminating the need to distribute them to senders and receivers. The first uses the quantum properties of light sent on a dedicated fiber-optic channel to establish key agreement between two communicating parties. The second uses the true uncertainty of quantum measurements to generate a large pool of cloud-accessible random numbers, which are uniquely combined in software at the endpoints to create keys. Both methods are dissociated from the data and software used for encryption, which is an inherent security enhancement over traditional techniques.

Unpredictable keys are the foundation of cybersecurity and must be generated from a truly random source. Without them, the security guarantees of any algorithm are reduced to exactly zero. If the keys can be guessed, then brute force techniques can quickly decrypt any message. The safety of all data encryption is perfectly, not approximately, correlated with the quality of available randomness. While there are mathematical techniques that can generate long sequences of pseudorandom numbers capable of passing statistical tests, they have no randomness at all. These may be improved by seeding with a truly random source, but this creates a chicken-and-egg problem.

Quantum mechanics is the only proven source of randomness known to science, and it is also where the precision of mathematics fails cryptography. The outcome of a quantum measurement is unknowable and thus the only perfect source of random numbers for encryption. In stark contrast to pseudorandom, a misleadingly suggestive term, in which knowledge of the seed will always lead to the predictable number sequences and keys. Modern artificial intelligence (AI) and machine learning are astonishingly good at analyzing data and recognizing patterns, which makes pseudorandom exploitable. Even if breaking the best algorithms through brute force is hopeless, deducing the keys is not.

"The outcome of a quantum measurement is unknowable and thus the only perfect source of random numbers for encryption"

Since most global hardware and software are based on only a handful of techniques, there is no mystery as to the technique employed. Making longer keys is a band-aid at best if the keys and underlying methodology are the same. Making the decryption process only slightly harder simply inconveniences attackers but does not stop them. As such, high-quality quantum random number generators are critically important to cybersecurity in the quantum age. They are based on the measurement of a carefully designed physical process to produce a single yes or no, zero or one, outcome. Stringing together many of these experiments will produce an arbitrarily long run of random numbers suitable for strong encryption.

While all quantum events are created equal, that doesn’t mean that each one is equally viable and useful for cryptography. Quantum effects are in everything but extremely challenging to observe and differentiate from predictable noise. The devil is in the detail, and the electronics used make all the difference. Some are harder than others to distinguish the quantum signal from the ever-present classical noise. Others produce outcomes too slowly, and many are far too costly to reproduce regularly. Only a few are in the 'Goldilocks zone,' balancing speed, cost and quantum randomness to make them ideal for modern information systems. For example, particle acceleration is an impractical solution, but the phase of a laser pulse from telecommunications devices makes an effective quantum random number generator (QRNG).

With QRNGs, the risk of cryptanalysis and brute force attacks against 'quantum-safe' encryption algorithms can be eradicated. One-time pad encryption is the well-documented and only proven method to be totally invulnerable to quantum computers. Still, with a catch – the “keys” must be as long as the data, which means they consume vast amounts of random numbers. This means no computer or maths developments can decrypt the data because it is indistinguishable from random numbers and perfectly secure. Today’s QRNGs are starting to reach speeds that can keep up and deliver on the full promise of all quantum encryption. We’re on the verge of a state of 'quantum security' for everyone.

What’s hot on Infosecurity Magazine?