Quantum's Future

One-time keys may be just the ticket for encrypted, mass-market applications.

I had the opportunity to meet with the Hewlett-Packard Co. (NYSE: HPQ) Labs folks earlier this month to look at projects they had in the works using nano and quantum technology. I was anxious to see where Hewlett-Packard was with these over-the-horizon technologies and to get a better sense of the practical applications that were coming. While the nano work largely had to do with making circuits incredibly small, I was surprised to discover that much of the quantum work had shifted to security.

The reason behind this was that researchers had realized that, in theory at least, there is no existing encryption key that couldn't be quickly cracked with a quantum computer. That in turn undermines any data security technology, short of physically locking the stuff up.

If you want to scare a bunch of computer guys half to death, the concept of rendering all encryption obsolete will probably do it. You don't even want to think what this would do to government or military security personnel.

The solution that HP is talking about has to do with the use of a one-time key. One-time keys, particularly for short data streams, are virtually impossible to crack because there isn't enough data available to crack them. The problem with a one-time key is the key itself can be intercepted and that would compromise the data. Core to quantum physics is the concept of measurable observation. In other words, you can tell if the key has been observed by anyone else, and if that were the case, the system protecting the data would reject it.

Fortunately we all wouldn't have to learn quantum physics to use such a technology. Personally, much of it still sounds like something a science-fiction writer came up with after way too many shots of bad whiskey. When it becomes available, sometime around 2020, it will be implemented on whatever we are then using instead of a cell phone or a credit card.

Quantum crypto users will authenticate the system, and it would send them the one-time key. If the hardware reported that the key was received unobserved, it would then send the short encrypted data stream tied to that key. If the key were observed it would either send a new key or halt and report a potential security problem depending on the nature of the data and related risk.

Of course, the greatest benefit to this technology is that when your kids ask you what you are working on, instead of just saying IT security, you can say quantum security. That should be trendy well into the middle of the century.

— Rob Enderle is President and Founder of Enderle Group . Special to Dark Reading