‘The first thing you need to know about quantum cryptography is that it isn’t cryptography. At least, not the quantum part,’ writes Rob Slade, information security researcher, author and malware expert.

**Rob Slade modestly describes himself as a ‘malware researcher, educator, author and bombast’. His books include his ‘Guide to Computer Viruses’ and ‘Viruses Revealed’, the latter co-written with ESET’s David Harley.**

The first thing you need to know about quantum cryptography is that it isn’t cryptography. At least, not the quantum part.

(The second thing you need to know about quantum cryptography is that it has absolutely NOTHING to do with using quantum computers to break cryptography. That’s very important. But it probably needs another article/posting to explain it.)

For all the noise you hear about the NSA being able to read everybody’s email, cryptography, if you use it correctly, is very secure. Of course, you need to use long keys in order to make it secure, but, if you want to make it more secure, generally all you have to do is use longer keys.

That’s also where the problem comes in. Most of the encryption that people actually use is what is called symmetric encryption. The symmetric part means that both parties to the conversation have to use the same key. So you have to figure out how to communicate the key that you want to use. You can agree on a key beforehand, but that only works if a) you knew the person you wanted to talk to beforehand, and b) you haven’t suddenly realized that maybe the NSA is reading your email, and you suddenly want to use a stronger key. (After all, if you had some secure way to exchange keys with someone, you wouldn’t need encryption, now would you?)

(There is another type of cryptography, known as asymmetric. It uses a mix of keys: some public, some private. And when you send somebody a message, you might use a mix of your keys, their keys, and the public or private keys. It is complicated, needs a good deal of support, and is heavily involved in mathematics, so it’s rather slow to operate. So most people only use it for relatively short pieces of information. Like the keys you want to use for symmetric encryption. Again, explaining this probably needs another article. Or more.)

Now I started out by saying that quantum cryptography was not actually cryptography. So, how come they call it quantum cryptography? Well, it is a means of using quantum physics to exchange keys with someone; keys that you can then use for ordinary symmetric encryption.

Quantum objects, single photons, for example, can carry information. In fact, it turns out they can carry rather a lot of information if you look at them the right way, but for quantum cryptography purposes we only need to pick two different ways that can carry one bit of information per object. Lets call the ways to carry information weird and strange (since everything about quantum physics is pretty odd), and remember that bits of information are either one or zero.

So the person who starts the conversation (we usually call her Alice) randomly (maybe by flipping a coin) chooses to send a photon carrying a weird zero to the other person (whom we usually call Bob). Then she sends another photon, maybe with a strange one this time. Then she sends a weird one. And so on, and so forth. Depending on how long and strong she wants the key to be, she may send hundreds, or even thousands, of photons.

Bob, at the other end, doesn’t know which way of encoding the information Alice chose for each photon, so he has to randomly choose either a weird or a strange reader for each photon he gets. (You only get one chance to read each photon.) Then he writes down the one or zero he reads from each photon, and sends a message back to Alice saying, not the ones and zeros, but which reader he chose for each photon. Alice sends him back a message telling him which ones he got right. The ones and zeros from the photons he got wrong they both throw away.

They now have a string of ones and zeros they can agree to use as a key for symmetric encryption. (Generally speaking, Bob will chose right about half the time, so Alice will usually send a little more than twice as many photons as the key length she wants to use. A little more than half, just so they have a margin of error.)

The thing is, everyone can see them doing this. So an eavesdropper can read the photons, too. However, the eavesdropper (we have a name for her, too: Eve) also has to randomly choose a reader for each photon. Ultimately, Eve will only get about half of the key that she needs to spy on the real communications between Alice and Bob once they’ve agreed on the key.

There is another benefit here. Remember I said you could only read a photon once? If you read the photon with the wrong reader, due to the physics of it, half the time you will mess up that photon. Therefore, as Alice and Bob start setting up their communications, they will find that there are errors they didn’t expect. Eavesdropping is usually passive, so you don’t know anyone is doing it. With quantum cryptography, for the first time, you know!

That’s the theory. In practice?

Unfortunately, all of this is hugely costly. To send single photons for anything more than a very short distance, you need single mode fibre optic cable, the most expensive kind there is. And it needs to be dedicated: you can’t use it for anything else. There are ways of using cheaper cable by sending bunches of photons. But, once you do that, Eve gets a chance to “harvest” a subset of those photons, read them with both types of readers, and throw them away, so you know know that she’s there.

And anything that we do in the quantum world tends to have errors. Lots of errors. So, when you make a quantum cryptography device to sell commercially, you have to make sure that it will detect and correct the errors. And you want to do that in such a way that the people who buy your device aren’t bothered by the errors. Unfortunately, when you do that, you introduce a big error margin that the user doesn’t know about. It turns out this gives Eve lots of opportunities to mess with the system: enough so that she can figure out almost all of the keys that get chosen, or even force people to use a key that *she* chooses.

There are ways to address these problems. But they get complicated pretty quickly, and there are also ways to get around the fixes.

I love the ideas and concepts behind quantum cryptography. However, in then end it is just another form of key exchange, with a number of problems to be addressed. And a pretty complicated one at that.

*The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of WLS nor ESET.*

## Discussion