I recently read an article on cyberspying in The Week and it got me thinking again about the need for advancement in quantum information science. Back in November I wrote about legendary cyber security expert Bruce Schneier’s pronouncement about quantum cryptography. Schneier believes present security protocols such as RSA are secure enough to ward off any attack using existing technology. If that were true, why are such things not addressed in the article on cyberspying? At the close of the article, British computer scientist Ross Anderson is quoted as saying “It takes a professor of computer science to have the confidence to say that some things simply should never be put on a computer.” (In itself, this is an argument against the push toward cloud computing.)
In other words, while RSA may be nearly perfectly secure against attacks by classical computers (and assuming quantum computers are still a ways away), there are other factors that come into play when dealing with electronic security such as human nature, economics, etc. For instance, a few years ago (2007) there was a classic man-in-the-middle attack on a data stream containing credit card information for customers of a major supermarket chain here in New England. The data stream wasn’t encoded. When this was leaked a lot of people wondered why, in this day and age, it wouldn’t be. The answer is that, when transmitting huge chunks of data, it is often impractical to encode the whole thing since it tends to increase the size of the data chunk. Now, a quantum system won’t necessarily solve this particular problem, but it can help.
In terms of quantum cryptography, which is more accurately known as quantum key distribution (QKD), the quantum part is used to create the key that is used to encode the data. As such, this does not necessarily solve the problem, by itself, of reducing the excess data in order to make it more easily transmittable. In fact, technically, it is impossible to encode any more than one classical bit in a single qubit. However, if an entangled pair of qubits is shared by the sender and receiver, it is possible to actually increase the efficiency. This process is known as superdense coding. “Ah, but,” you say, “that requires a noiseless channel!” OK, so now you see the need for a greater understanding of fault-tolerance and error-correction. In other words, all the little sub-sub-fields of QIS are interrelated.
“Alright, alright,” you continue. “I get that all this QIS stuff goes together. But quantum computing is so far off that I can’t see investing heavily in it just yet.” Ah, but you have fallen into the trap of assuming that ‘quantum information’ is synonymous with ‘quantum computing.’ It isn’t. More appropriately one should think of the latter being somewhat like a branch of the former. While we may be decades (or maybe only years – who knows) away from a practical quantum computer, we already have usable commercial quantum crypographic devices. There is much more progress that needs to be made before this stuff can be used in day-to-day situations such as the supermarket fiasco, but enough technology and associated knowledge exists that a national initiative could make some major technological progress possible in the near future. In addition, quantum cryptography is perfectly suited to fiber optic communications, something that is increasingly overtaking traditional electronic techniques worldwide (specific capacities are proprietary, but as of 2002 there were supposedly 250,000 km of undersea fiber optic lines). It is also being tested in free-space transmissions (i.e. satellite uplinks, etc.).
So, in summary, while present encryption methods may be perfectly secure against classical attacks when used properly, they suffer from a number of implementation problems related to economics, existing technology, and plain old human nature. In other words, Bruce Schneier’s comment was a bit simplistic. Quantum processes overcome some of these problems and with a strong national investment in quantum information science such as that discussed at a recent meeting Virginia, we can achieve truly, reliably secure data transmission and storage while mitigating some of the problems associated with the usual classical methods.