Encryption 101: The next encryption revolution

Jack Hammond | 16th Aug 2016

Regardless of what you make of the ethics of the Snowden revelations from 2013, the one thing that can be said confidently is that they started a global discussion about the safety and security of our data – from the largest of companies down to us, the individual users.

While this could very well be considered a revolution in the perception of data security, this blog is more concerned with the resulting technical revolutions that are now so tantalisingly close. In particular, we will focus on one realm that a great deal of people are saying will herald a new era of data security: the quantum realm.

A brief introduction to the absurd

What is the quantum realm?

Well, to put it as simply as possible, it is a hugely chaotic and yet fascinating area of science. It is the impossibly small part of reality where something can exist in any number of possible states until it is observed, after which it will ‘lock’ itself in a single state.

There is, of course, the well-known example of this of Schrodinger’s cat. You also have the wonderfully named Heisenberg Uncertainty Principal, which states we cannot know both the position and momentum of a particle with absolute certainty (ergo, if we were to know absolutely a particle’s momentum, we would consequently know nothing about its position).

That’s all well and good you may be saying, but how does this help protect my data?

Well, the most popular application of all this wonderfully weird science is in Quantum Key Distribution (QKD). In fact, some QKD systems are already being evaluated by some companies and governments today.

Quantum Key what?

When you are browsing the internet – let’s say you’re doing some online banking – your security is essentially derived from mathematics. Be it AES, RSA, ECC or anything else, a key (or keys) are agreed between your browser and the bank server, and these keys are then used to ensure that malicious parties can’t intercept your data and leave you without a penny to your name. The problem is, a malicious party could intercept this key negotiation and through that gain unrestricted access to your communications – and you’d be none the wiser.

One of the big draws towards QKD is that it allows both parties to know if there is an eavesdropper between them and if so, the key can be considered compromised and a new one generated. It’s based on the idea that the simple act of observing this key exchange would cause very noticeable changes in the data that is received and this can then be used to discern the presence of the third party. Eventually, you’d have a key that was only known by your browser and the remote server, and your communications would once again be secure and you can go about your banking feeling safe and secure. Right?

QKD – not really a silver bullet

Unfortunately, this is not the case. While immensely cool and a very worthwhile improvement on the initial establishment of a secure connection, QKD is by no means a perfect way to protect data, as all we are doing at present is protecting the actual key. The encryption of the data will still, for now at least, be done by something like AES, RSA or ECC, with the keys that were exchanged using QKD. What with the slow but constant development in quantum computers threatening a greatly improved capability to brute force their way through our current encryption algorithms, the raw data itself might one day be broken into.

It is also important to note that there may be other weak links in a system that implements QKD that could lead to the key being leaked or discovered, and that QKD itself is continually being studied and may yet hide a few skeletons in its closet.

Quantum Encryption?

So if QKD might not be fool-proof and our current algorithms are at risk of eventually being cracked, then surely the perceived super powers of the quantum realm can provide an enhancement to our actual encryption algorithms?

Yes, in theory. Work is ongoing in the area of quantumly safe cryptography – that is, cryptography that proves hard for quantum computers to crack. However, so far, no huge breakthroughs have been made.

So that’s it, we’re all doomed?

I can see why some people might be reading this and developed a sense of melancholy, but it’s not all bad.

Currently, we have good research to say that our current symmetric algorithms are pretty resistant to both quantum and traditional attack methods, so we won’t suddenly have to rush to the bank and withdraw all our savings for fear of them being stolen. Likewise, even as quantum computers continue to advance, so too does our knowledge of how to protect against the computational power this next generation of super computers will bring.

Disclaimer

While I hope this has provided a very small glimpse into a wildly fascinating and continually evolving area of both computer and data security and science, please keep in mind that quantum science is a vastly complicated and intricate topic, and a lot of the descriptions I have given here have been generalised to try to prevent too much complexity seeping into the content of this blog. So please forgive me if you are well versed in this field and my over-simplification of this wonderful area of science has caused you some discomfort!