Posts Tagged ‘encryption’

Quantum computing encryption is secure, fast, hack-proof so far, and getting big in China.

We’ve written here before about quantum computing, the latest leap in computer technology.  Those of us involved in the industry since the dawn of the PC can only marvel as the technology keeps marching forward, beyond even the tacit bounds of Moore’s Law, and into the realm of quantum physics.

That branch of physics, often typified by the Heisenberg Principle which states, in simple terms, that at the very sub-microscopic, atomic-small level of physics, one can know a particle’s position or direction of travel, but never both simultaneously.  In quantum computing terms, this means that, unlike a normal ‘binary’ computer transaction in which a switch is either ‘on’ or ‘off,’ that instead, a particle (or a bit) can be both on and off simultaneously.  That new realm of multi-state properties defies our logical, if somewhat limited, knowledge of the larger world, but it opens up a lot of new possibilities.  And quantum computing is already beyond the theoretical stage; it’s already operational.

A physics professor at the University of Geneva, Gregoire Ribordy, has developed something called quantum key distribution, using the unique properties of quantum computing technology to create a data encryption system so secure that he says it can’t even be deciphered by an advanced quantum computer (and as reported recently in a Focus/Security special section at Bloomberg BusinessWeek).

Ribordy, formerly a researcher at Nikon in Tokyo, believes “our challenge is to help governments be ready.”  His company ID Quantique SA is based in Switzerland, and recently signed a joint venture agreement with a Chinese company.  As a result, sales of his quantum key equipment – whose quantum servers sell for about $100,000 a pair – are said to have surged at Chinese banks, government agencies, and even the China Railway Corp.

Ribordy reports he’s sold fewer than 100 servers in the U.S., but predicts the growing interest in China will spur interest elsewhere, and notes, “If China’s doing it, maybe it’s a good idea to look at why.”  Recently the Chinese claim to have launched a quantum-enabled satellite to securely transmit data.  Ribordy’s Chinese partner has built the world’s first commercial network secured by Quantum technology between two major cities, according to Bloomberg.

Quantum key does have one drawback, it is reported, in that there is a limit to how far about the machines can be from one another.  According to BusinessWeek, “quantum computers communicate by firing photons over fiber-optic lines, which become unreliable at distances beyond a few hundred miles.”

Still, the transition is beginning, and the U.K.’s National Cyber Security Centre predicts the cost will drop rapidly which, along with the highly secure nature of quantum encryption is bound to increase its popularity everywhere.  Recently, China has begun to pull ahead of the U.S. in some key quantum areas according to industry insiders, while the level of investment there continues to grow.

And of course, just to square the circle in a world in which hackers are always looking to leapfrog the security teams, Richard Murray of Innovate U.K., a government agency that helps foster new technologies recently noted, “The reason there is a market for this now is to prepare for the threat of a quantum hack in the future.”

And the beat goes on.

Read Full Post »

backdoor keysAn article in January 11th’s Wall Street Journal by tech columnist Christopher Mims does a very good job of breaking down the arguments surrounding allowing secret government “backdoors” into encrypted messages that we post every day from our various devices.  He makes his point clear at the start of the article when he says “I’m going to say this as plainly as possible… If we compromise our computing devices in a misbegotten attempt to stem criminal behavior or terrorism – as some… have suggested – then we deserve what will follow.”

It’s tempting, he notes, to think that if only companies like Apple, Google (now Alphabet) and Microsoft would create backdoors to all our encrypted data, that only law enforcement or the government knows about, they could take action when needed.

It’s a complicated topic, and our space is too brief to give justice to Mims’ full screed, but he makes a strong case.  We already live in a world where our defenses are breached regularly he begins, noting how the Chinese government could probably compile a dossier on the web-browsing habits of every U.S. citizen.  “State actors are outgunning besieged corporate IT departments,” he notes, leading to hundreds of millions of dollars of damages annually.  Hence his comment from our title that no encryption is good enough.

As a result, many tech-providing companies today are using encryption even they cannot decrypt.  And the fact is, as Mims points out, you can’t ban math – which is to say, encryption is well understood by a lot of players these days.  The notion that the FBI won’t be able to foil a terrorist plot if a messaging app is encrypted is an arresting one, but it defies the larger logic.  Sophisticated attackers will always move to whatever channels are available to them, and there will always be channels available.

Former NSA Director Michael McConnell recently wrote: “If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.”

Basically, that amounts to what today is called “lawful hacking,” which says that there are “vulnerabilities in the system, and it is better to exploit those than to build in other weaknesses,” as outlined by a group of academics in a recent paper on cryptography and security.  It’s an acknowledgement that our PCs and phones are in fact inherently quite insecure.

It’s a debate that will likely rage on for a good long time among well-intentioned people.  And a byproduct of course of our advancing technologies, which sometimes, aren’t so advanced as we’d like to think.

Read Full Post »

A fascinating, if slightly abstruse, article by Lee Gomes appeared in the Digital Tools column in Forbes’ March 29 edition under the title “Computing’s Killer Problem.”  Its implications are fascinating, so I’ll try to synthesize here.  For the full article, go here.

Basically, Gomes posits the notion that much of what we do with computers, including basic Internet and transactional security, is based “not on anything we know for sure, but on essentially just a good guess.”  It starts with a fundamental computer science problem known as P=NP.  The question of course is whether P equals NP, but the explanation of each is a bit tricky, so hang in there.  And by the way, solve it, and you’re eligible for a $1 Million reward.  Here goes…

P stands for the collection of math problems a computer can solve in a reasonable amount of time.  But, being defined by Math Guys, it’s a bit more specific than that.  P stand for Polynomial.  A problem that gets just a little harder as the numbers get bigger is deemed solvable in polynomial time.  The opposite if Exponential, where the time to solve “quickly grows unreasonably large.”

NP stands for problems that can be verified in a reasonable length of time.  Thus, the equation asks if P and NP are the same.  Gomes gives the example of factoring.  It’s easy to verify that two numbers multiplied together produce a third; 10 x 20 = 200 for example.  This is true even for very large numbers – it’s easy.  But going the other way, as in starting with the end number and finding the factors that make it up, can take a large amount of time, especially if the number is large enough.  With a large enough number, it could take trillions of years, he notes.

I’ll spare some complexity that you can read in his article, but the bottom line is that most math researchers think that P and NP are not the same.  Why does this matter?  Because encryption routines, for example, “hang on the difficulty of factoring large numbers,” where no fundamental shortcut has ever been found (and math geeks have been looking for centuries).  Therefore, encryption routines can be presumed to be safe in terms of taking enormous time to solve.

But what if they’re wrong?  What if P=NP?  Then problems on the NP side (quick verification) are also on the P side (quick finding of a solution).  This would mean in theory that a quick factorization was possible after all – you’d just need to be clever enough to find it!  And that would put security and encryption on some very unsure footing, wouldn’t it?

Gomes claims no need for panic, since “most experts think P and NP aren’t the same.”  But no one knows for sure.  Certain people could lose sleep over this.

On the upside, researchers have also uncovered the fact that a large group of hard computer problems, despite external appearances, turn out to be essentially similar.  Examples include mapping the most efficient route for a travelling salesperson and a protein folding problem to predict the shape of a molecule.  A solution to one apparently would work for the other according to a Northwestern Univ. professor. 

But only if P=NP -– precisely what we don’t know.  Dare I say it?  Go figure.

Read Full Post »