Quantum leap: Untangling Toshiba's 'unbreakable' encryption
Claims Toshiba is developing secure quantum cryptography should be taken with a quantum of salt say several cyber-security experts.
According to the Japan Real Time blog, Toshiba is working on a ‘foolproof' quantum-cryptography system that industry analysts claim cannot be breached.
Immediately this raises a number of red flags, not least the use of words such as unbreakable in relation to any encryption system, next-generation or not, and the fact that the analysts who are apparently claiming this remain unnamed in the report. SCMagazineUK.com decided to take a closer look.
First things first, let's start with quantum cryptography itself. Our explanation will be necessarily simplistic as we are not physicists, so please excuse us the dumbing down of the description which will not go into detail about quantum computing per se.
However, quantum cryptography relies heavily upon the condition of entanglement whereby when any particle is affected by an external measurement, the state of the entangled particles that are connected to it are also affected, no matter how far removed from the original particle they may be. What this means is that any attempt to measure the flow of quantum data also disturbs it, and the entanglement condition is so delicate that just looking at it (so any attempt at monitoring or snooping of quantum encrypted traffic) would immediately disturb it and be visible, breaking the flow and requiring another packet to be sent until an ‘undisturbed' one gets through.
The Toshiba system, which starts a two-year long third-party data testing phase in August, uses photons delivered via custom fibre optic cables which are not connected to the internet. According to the unnamed analysts in the report, the one-time key is the same size as the encrypted data, so decoding without the correct key would be impossible as there will be no repeated use of the pattern.
If this proves successful, then Toshiba predicts commercial use may be possible within a decade or two.
It may sound fantastical, but quantum cryptography really isn't anything new, nor has it proven to be as unbreakable as the boffins would have us believe.
Back in 2010, that's no typo either, the MIT Technology Review reported how a group of physicists successfully attacked a commercial quantum cryptography system. The work of that team showed how the earliest efforts to commercialise quantum key distribution (QKD) solutions could be broken by exploiting practical weaknesses in hardware such as how configuration errors can cause unwanted internal reflections in the gear that generates the quantum bits for example, or efficiency mismatches between photo detectors and lasers that create extra photons.
Scientists will have worked hard to patch these known vulnerabilities, but that doesn't mean there are not unknown ones that still remain. Indeed, the likelihood is that there are, and that is why it is somewhat foolish to apply terms such as ‘foolproof' and ‘unbreakable' to the technology.
Those unnamed analysts would, perhaps, have been better advised to talk in terms of unviable instead. We used to say that, other than in the lab, other than security researchers, nobody was really attacking cryptography in any serious manner with any meaningful intent.
Then along came Snowden and our knowledge changed. We now know that The Man has quite clearly been doing just that. However, as Adrian Sanabria, a senior security analyst at 451 Research told SC, what we also know is that “the NSA and GCHQ didn't succeed in breaking non-flawed, standard crypto, which is why they were instead trying to get us to use weaker algorithms – so the bottom line is that quantum crypto is solving a non-issue”.