In previous posts I discussed what a quantum computer is and what it can be used for. In this post, I will discuss a term called “Quantum Cryptograph”. Quantum Cryptography is very much a misnomer, what the term “Quantum Cryptography” describes is more accurately called “Quantum Key Distribution” or QKD for short. In a follow up post I will discuss the related topics Post-Quantum Cryptography; which are is a very different beast entirely.
QKD is a technique for two parties who are connected by a dedicated line (usually a fiber optic cable), down which photons can be sent, to agree on a secret key. The secret key is then used to secure some further communication using either classical cryptography or a one-time pad. The method of generating the secret key uses the properties of quantum mechanics in such a way that the key is information theoretically secure (no computer no matter how large can break the key), and any interception of the communication is detected by the legitimate parties and results in no loss of secure key material. The physics and engineering behind QKD are truly amazing, and the resulting spin-off technologies could find application in all sorts of applications involving communications via fiber optics. However, from the point of view of general cryptography the application space is severely limited and the supposed benefits are not that great over traditional cryptographic techniques.
Firstly, the main problem which a key agreement protocol should address is one of authenticity of the communicating parties; for example I do not really care that my credit card details on the web are encrypted, what I care about is that they are encrypted to Amazon (say), and not the Mafia. To add authentication into QKD you need to use traditional cryptographic techniques (MACs or digital signatures), each of which removes the claim of information theoretic security. There is a technique of using information theoretic MACs, but the resulting system is not as efficient or scalable.
Secondly, I usually end up using any agreed key in another protocol to securely transmit large amounts of data. Such bulk communication is highly likely to be made via traditional cryptographic techniques, for example using AES in GCM mode. Thus again the system as a whole does not have information theoretic security, as security is only as strong as the AES cipher.
Thirdly, all known QKD systems rely on dedicated connections between the communicating parties, and so do not scale to the ad-hoc networks like the internet. Some authors have proposed using quantum repeaters, but due to the no-cloning theorem for quantum states (see our earlier post introducing Quantum) this can only be done at the expense of removing end-to-end security.
In today’s world end-to-end security is increasingly becoming a must have, and hence repeaters which break end-to-end security is not commercially, or socially, viable.