- The American Conservative - https://www.theamericanconservative.com -

Can Quantum Encryption Protect Your Data?

In our post-Snowden world, we can no longer deny what was always implicit in digital communication: someone, somewhere can find and read your data, if they are determined enough or have special government clearance. For Americans who value their privacy, fourth amendment rights, and believe it unnecessary for the government to have access to our every digital stroke, the question [1] they must ask is who can “you trust with sensitive data these days?”

Since 1976 [2], public key, or asymmetric-key, encryption has been the  default method of private and secure digital communication. Public key encryption works through employing two keys, a public key encryption key and a private decryption key employed by the two computers. This technology remains secure because it employs extremely large numeric combinations: for example, Lavabit, the secure email service run by Ladar Levison and used by Edward Snowden, used [3] “Elliptical Curve Cryptography (ECC) with 512 bits of security to encrypt messages. The private, or decryption, key is then encrypted with a user’s password using the Advanced Encryption Standard (AES) and 256 bits of security,” which is the level of security the NSA has approved for government work. Yet, as we have seen, even those most committed to protecting privacy (like Levison) can be thwarted by more conventional means. This [4] occurred [5] with [6] Lavabit [7] when the US government [8] demanded Lavabit give them the private SSL keys after being refused access to “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.” More problematic is that, if the September 5th [9] leak [10] from Edward Snowden is correct, “the HTTPS and SSL encryption used by most email and banking services offers little to no protection against NSA surveillance.”

A further potential threat to public key encryption, beyond compromised keys and eavesdroppers, is quantum computers. Quantum computers [11] rely on atomic properties that allow the machine to compute at speeds currently out of practical reach. This is not because quantum machines compute faster, but because they can take mathematical shortcuts rather than sequentially calculating each possibility as computers today do. At Computer World,  Michele Mosca [12], deputy director of the Institute for Quantum Computing at the University of Waterloo in Ontario, explains [13]:

Breaking a symmetric code…is a matter of searching all possible key combinations for the one that works. With a 128-bit key, there are 2128 possible combinations. But thanks to a quantum computer’s ability to probe large numbers, only the square root of the number of combinations needs to be examined — in this case, 264.

As [14] many [15] tech [16] journals [17] have highlighted lately, the very technology that now poses a threat to our security could also pose a solution. Quantum cryptology, a word that sounds more like something out of science fiction than a science journal, could be the next move for information privacy. Quantum Key Distribution (QKD) works very much like public key distribution, with added protection provided by particle physics. As David Holmes describes it [18]:

The first part is the same: Data is encrypted using an algorithm. But then the data itself is encoded on a light particle known as a photon. Because photons are smaller than atoms, they behave in some pretty crazy ways. For example, you can “entangle” two photons so their properties correlate with one another. A change to one photon (which can occur as easily as by someone observing it) will cause a change in the other photon, even if the two are a universe apart.

After entanglement occurs, the sender transmits the first photon through a fiber cable to the receiver. If anyone has measured or even observed the photon in transit, it will have altered one of the properties of photon no. 1, like its spin or its polarization. And as a result, entangled photon no. 2, with its correlated properties, would change as well, alerting the individuals that the message had been observed by a third party between point A and point B.

Quantum cryptography relies on the observable traits of quantum physics, the aspect that Einstein referred to as “spooky action at a distance [19]” to offer added protection: the knowledge of when data has been compromised by an attempted third-party observation.

change_me

The problem with this technology is its practical application. So far, the technology is still in its infancy, while physicists and tech experts try to solve problems such as distance [17], transmission [20], and integration with cloud based technologies [21]. But as Snowden and Glenn Greenwald [22] release more leaks, greater demand for digital security will pressure scientists to solve these problems. Quantum mechanics, with all its strange, fascinating, and downright unbelievable properties, could provide us with a myriad of innovative technological advancements. For those who only think about the effects of quantum physics when the Nobel prize in physics [23] is announced, hold on: the study of quantum physics is about to get a lot more practical.

Comments Disabled (Open | Close)

Comments Disabled To "Can Quantum Encryption Protect Your Data?"

#1 Comment By spite On October 16, 2013 @ 2:37 pm

Even existing encryption like PGP the leaks have shown the NSA cannot fully crack, the problem lies in protecting it at communication endpoints. Just like copyright protections will never fully protect people from copying, the data you want to hide has to unhidden for a humans to use it eventually. I may use uncrackable quantum encryption, but how will that protect me if the NSA can simply get access to the bank transaction databases or cloud storage directly ? Even simple point to point chatting is not safe as the leaks have shown that the NSA uses exploits to run listening software direct on the computer of the spied on party.

Technology will not solve this problem, because this is not a technology problem but a political one.

#2 Comment By Dale On October 16, 2013 @ 4:59 pm

There are a few things to note when dealing with encryption

1) Everything is breakable. The key difference is the amount of time it takes to do so.

For the most part, standard encryption techniques will be sufficient to stop the government reading your emails. This is because the government likely doesn’t care and because the time it takes the government to break your security will leave most of the information useless to them.

2) The weakest point in encryption is not the encryption, its the humans surrounding it. The vast vast majority of “hacking” that is done is not through breaking encryption but through breaking the person behind the password/encryption.

Sometimes this comes down to good password and security practices. For instance the recent case of The Silk Road where the operator was found because he left records in his own name and not because the government got around the TOR protocols.

Mainly though, with regards to the NSA, it comes down to the legal framework surrounding encryption and warrants.

If you live in the United States you are subject to federal warrant authority. That is, if a judge sees fit, at the request of a prosecutor, the federal (or state, or local) government can search whatever materials and effects they believe relevant to the crime. You cannot prevent or argue against this in any way and it has been this way since the creation of the Republic*

Specifically, on top of the common law warrant authority which the government holds there are laws which require companies to be able to decrypt data that they’re storing. This is analogous to saying that banks must have ways into the safety deposit boxes in their vault.

What this means is for Lavabit is that if they’re attempting to offer a service which cannot be subpoenaed by the federal government they’re doing it illegally. I.E. the long and short of the Lavabit story is that the federal government came with a warrant about Snowden and Lavabit attempted to deny the Constitutional power of the federal government to perform searches.

That is to say, unless you believe that the Federal Government should not have the power, on a duly sworn warrant to search your house and effects, then adding quantum encryption isn’t going to help you.

*You can argue against it when/if you’re brought up for charges(and so have the evidence thrown out), but warrant courts are not adversarial and many times secret and I am not talking about FISA here, i am talking regular run of the mill warrant proceedings. The reasons for this should be obvious