Zeroing in on unbreakable computer securityJuly 29, 2013: 2:45 PM ET
Tapping the strange science of quantum mechanics, physicists are creating new data security protocols that even the NSA can't crack.
By Clay Dillow
FORTUNE -- The news out of Moscow of late has been dominated by Edward Snowden, the American leaker of secret state documents who is currently seeking temporary asylum in Russia. Meanwhile, across town and to much less fanfare, Dr. Nicolas Gisin found himself explaining last week the solution to the very problems of data security and privacy intrusion Snowden brought to light in exposing the vast reach of the National Security Agency's data collection tools: data encryption that is unbreakable now and will remain unbreakable in the future.
Gisin is a Swiss quantum physicist and a pioneer in the exploration and manipulation of the very small -- that is, the various "quanta" of the micro world, things like individual atoms and photons. (Photons are the elementary particle of light.) In 2001, Gisin co-founded a company called ID Quantique with the aim of converting the strange phenomena found in the quantum world into commercial applications. At that time, the quantum world was still very much a theoretical place, one more suited for the laboratory than employed for practical application. But over the last decade quantum technologies have matured such that they can offer many practical benefits, including the kind of data encryption that ID Quantique now provides to various banks and governments -- data security that is virtually impossible to breach.
"It sounds like there's some quantum magic in this new technology, but of course it's not magic, it's just very modern science," Gisin says. But next to classical communication and encryption methods, it might as well be magic. Classical cryptography generally relies on algorithms to randomly generate encryption and decryption keys enabling the sender to essentially scramble a message and a receiver to unscramble it at the other end. If a third-party (known as an "adversary" in data security lingo) obtains a copy of the key, that person can make a copy of the transmission and decipher it, or -- with enough time and computing power -- use powerful algorithms to break the decryption key. (This is what the NSA and other agencies around the world are allegedly up to.) But Gisin's quantum magic taps some of the stranger known phenomena of the quantum world to transmit encryption keys that cannot be copied, stolen, or broken without rendering the key useless.
The primary quantum tool at work in ID Quantique's quantum communication scheme is known as "entanglement," a phenomena in which two particles -- in this case individual photons -- are placed in a correlated state. Under the rules of quantum mechanics, these two entangled photons are inextricably linked; a change to the state of one photon will affect the state of the other, regardless of whether they are right next to each other, in different rooms, or on opposite sides of the planet. One of these entangled photons is sent from sender to receiver, so each possesses a photon. These photons are not encoded with any useful information -- that information is encoded using normal classical encryption methods -- but with a decryption key created by a random number generator. (True random number generators represent another technology enabled by quantum physics -- more on that in a moment.)
Any adversary would have to place herself in between sender and receiver at just the right moment in order to intercept this key-encoded photon, but even that would not enable her to steal any useful information. Thanks to the laws of quantum mechanics, any tampering with the photon in transit would change the state of the entangled photon still in the sender's possession, raising a red flag. The sender could then simply discard the intercepted key and generate another.
The idea of quantum cryptography is not new, but its deployment in real-world, non-laboratory environments is something that is just now getting underway. ID Quantique's client roster includes several governments and financial institutions whose names it is not at liberty to disclose. It also has found a market among online gaming sites who rely on ID Quantique's quantum-based random number generators to ensure their platforms cannot be gamed by other computer programs. (Computer algorithm-based random number generators, though sophisticated, are not considered truly random in the way that a roulette wheel is considered truly random -- by their nature they will produce patterns that other computer programs can detect.) The company is among the first to move forward with the commercialization of next-generation quantum technologies derived from what physicists refer to generally as quantum physics' "second revolution." The first happened decades ago with the advent of lasers and the like, which deal with the manipulation of multiple quanta rather than individual quanta. But it certainly won't be the last.
At the second annual International Conference on Quantum Technologies hosted by the Russian Quantum Center last week in Moscow, academic researchers from around the globe presented lectures and papers on various quantum technologies that, though simply theoretical just a few years ago, are now moving rapidly toward being very well understood, shortening the road to practical application and commercialization.
Speaking to Fortune at the conference, Serguei Kouzmine, nuclear physicist and managing partner of physics- and materials science-centered venture capital fund QWave Capital, predicted that in the next three to five years the world will start to see specialized sensors and devices derived from advances in quantum physics that will vastly surpass the abilities of existing technologies. "Quantum physics today is already becoming an engineering problem," Kouzmine said, and that's a good thing. That means the fundamental scientific understanding and design is already there in many cases, freeing many quantum technologies to move on to the phase in which they are actually packaged and prepared for commercial applications in supercomputing, high-resolution sensing, medical diagnostics, and other high-tech fields.
In quantum communications and encryption, the engineering and production phases are already well under way -- though limitations and resistance from the existing data security establishment will make for a slow rollout of the technology. Most data security experts come from the world of mathematics and numbers, Gisin said, which often leaves them wary of a technology that is admittedly difficult for many people to grasp intuitively. And there are certainly limitations; currently the distance a single photon can be beamed through optical fibers without being lost is roughly 60 miles, placing a ceiling on just how far quantum encryption can be useful.
ID Quantique is working alongside American non-profit research and development outfit Battelle to develop so-called "quantum repeaters" that would basically act as relay for photon along the chain, but in the meantime it will continue to work with companies and governments who require ultra-secure exchange of information across relatively short distances with virtually zero chance of interception or theft. The company is currently in talks with several governments who are considering implementing its quantum encryption technology, Gisin says. Given the current headlines, that should surprise absolutely no one.
"Security experts didn't learn anything from this Snowden story, it was already obvious that it is so easy to monitor all the information passing through the Internet," Gisin says. "No security expert can pretend to be surprised by his revelation. And I'm not a national security expert, but I don't think the Americans are the only ones who are doing this -- the Russians are doing it, the Chinese are doing it, everybody is spying on the others and that's always been the case and it always will be. One way to be a step ahead of the others is to use quantum cryptography, because for sure the programs that the Americans and others are using will not be able to crack it."