What has Edward Snowden taught us about Quantum Cryptology?

In my best Sheldon Cooper voice this uses the Heisenberg Uncertainty Principle that, in layman's term, says you cannot observe something without changing that which you are observing. Note that 'very' isn't the same as '100 per cent' though, and regular readers of IT Pro will be well aware that we have gone to great pains to point out that there is no such thing as 100 per cent secure data. For good reason: there are always weak points that offer the potential for exploitation.

A quantum of practicality

Some five years ago the theory went practical as research scientists strung together a quantum cryptographically secure network across 200km of standard commercial fibre optic cabling, and in the process securely connected six locations around Vienna. Single photons (the basic unit of light with quantum properties as discovered by Einstein) fired a million times per second along the fibre optic cables between the network nodes, while light detectors at the nodes spotted these photons and determined a secret key from them in order to encode the data across that communications channel.

However, as has been noted by some researchers working in the quantum field, the lasers that fire out the single photons get it wrong and fire out multiple photons occasionally then snooping not noticed by entanglement can happen.

Getting around such problems with a device-independent protocol has proved harder than might have been thought. Not least that such protocols have to treat the quantum cryptography process as a one-off; whereas in the real world not even the NSA can afford to use the kit once and then replace it all every single time. Quantum computers and quantum cryptography development is expensive enough an area as it is without throwing the practical spanner of disposable quantum devices into the theoretical works.

Not all its cracked up to be

OK, so that's the explanation bit, but where does that leave the NSA today and the enterprise looking over its shoulder at the possibility of a super-decryptor computer snooping on all their data? I've had conversations with respected IT security researchers who pretty much rule serious quantum crypto, or quantum key distribution, out of the enterprise picture for the foreseeable future.

They say that the combination of distance limitations, hardware implementation costs and the small matter of it not being as secure as it promises to be will see to that. The truth is that real-world quantum computers show no convincing signs of making the jump from research lab to real world enterprise, despite some recent advances such as a team of Oxford and Simon Fraser University boffins managing to 'sustain a quantum state for 39 minutes'. This is a giant leap for the science, maintaining the superposition state of qubits at room temperature rather than -269C, but only a tiny inching towards anything actually practical.

The truth is, as evidenced by the science and the Snowden documents, that it seems very unlikely indeed that the NSA is no closer to building a working quantum computer with any practical implications on data privacy than anyone else.

Yes, such a working code-breaking quantum computer would open the doors to making existing encryption standards useless, those doors remain firmly closed for now and are likely to do so for quite some years to come. Given just how fragile quantum computing prototypes are, being hugely susceptible to environmental changes, the chances of building one with enough qubits (at least in the hundreds, and possibly thousands according to some) to perform the kind of encryption breaking calculations that some folk are worried about seem pretty low right now.

After all, if all it took was a few million pounds then why wouldn't the cash-rich giants of the technology business have beaten the secret squirrels to it already? What Edward Snowden has taught us about quantum cryptology, as with so many other things, is that just because the NSA wants something that doesn't mean it's going to get it all it's own way...

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.