I recently discussed the NSA's project to develop a quantum computer in part for the purposes of cracking AES-encrypted data captured from internet backbones during the past 10 years and now stored in the enormous warehouses.
Yet, while true quantum computing probably is still years away, quantum key distribution systems already exist. And since these systems do not depend on the practical inability of a computer to factor very large numbers, and instead use the relationship of entangled particles to cipher the exchange of data, making quantum key distribution technology more widely available would be a crypto activist strategy that even a (still-hypothetical) quantum computer plausibly would be unable to defeat.
Entanglement
As I discussed, quantum computing fundamentally depends on the engineering feat of manipulating particles into the strange quantum state known as superposition. Quantum key distribution also uses superpositioned particles but also requires at least one pair of such particles that are entangled. With a pair of entangled particles, observing some aspect of state for one particle exactly predicts the state of the other particle. Prediction in this case equals instantaneous communication between particles.
Since this phenomenon violates the theory of special relativity, which states that particles cannot influence each other at any speed faster than light, Einstein famously derided the entanglement hypothesis, describing it as "spooky action at a distance". And yet 80 years of experimental physics has overwhelingly confirmed entanglement as a reproducible physical reality.
Quantum Key Distribution and the Flow of Money
Entangled particles secure qubit-based key exchange by relying on the fact that you can neither copy an unknown quantum state (the no-cloning theorem) nor measure all aspects of entangled particles without corrupting the quantum system--in effect, collapsing particles in superposition into particles with a non-random single set of values. As a result, parties using such a quantum system to secure their information exchange can detect the fact and extent of intrusion by a third party.
In 2004, a group of researchers based at Vienna University produced a set of entangled photons and used them as a key to cipher a transfer of funds from Bank Austria Creditanstalt:
At the transmitter station in the Bank Austria Creditanstalt branch office, a laser produces the two entangled photon pairs in a crystal. One of the two photons is sent via the glass fiber data channel to the City Hall, the other one remains at the bank. Both the receiver in the City Hall and the transmitter in the bank then measure the properties of their particles.
The measuring results are then converted into a string of 0s and 1s – the cryptographic key. The sequence of the numbers 0 and 1 is, due to the laws of quantum physics, completely random. Identical strings of random numbers, used as the key for encoding the information, are produced both in the bank and the City Hall. The information is encoded using the so-called “one time pad” procedures. Here, the key is as long as the message itself. The message is linked with the key bit by bit and then transferred via the glass fibre data channel.
Eavesdropping can be detected already during the production of the key – before the transfer of the encoded message has even started. Any intervention into the transfer of the photons changes the sequence of the number strings at the measuring stations. In case of eavesdropping, both partners receive an unequal sequence. By comparing part of the key, any eavesdropping effort can be discerned. Though the eavesdropper is able to prevent the transfer of the message, he is unable to gain any information contained in the message.
Encrypting Data, Breaking Codes
Innovations in encrypting and hacking into data tend to leap-frog each other in the history of cryptography. And because who controls each innovation impacts everyone who creates and exchanges data over publicly accessible channels, keeping up on the latest innovations becomes any individual's or organization's vested interest.
As with any kind of business and social interaction, establishing trust often comes down to reputation. And this is so much more the case when it comes to data security and choosing to purchase technology instead of creating it yourself. That a software company carefully adheres to the standard in implementing SNMPv3 for products that poll network devices becomes a good measure of their trustworthiness--especially when they already have a solid reputation in their market.