Computers, Privacy & the Constitution

Quantum Cryptography and the False Promise of an Unhackable Future

-- AlexanderHoffman - 21 Mar 2017


Snowden has sparked a new era in which the privacy, or lack thereof, of digital communication has become a topic of interest to many people worldwide. This interest has led to the rise of popular privacy-focused software such as Signal. However, recently, many everyday people, government workers, and those in the news media have been searching for a slam-dunk solution.

Some reputable news outlets have focused on the promise quantum cryptography as this privacy solution. Incredible claims such as “With the advent of quantum cryptography, data will be forever immune from hackers” have been made in widely circulating periodicals.(1) Such claims are nonsense. Although quantum encryption may better protect encryption keys in the future, privacy will remain only as secure as the human beings running the systems.

How quantum cryptography works

It is appropriate, perhaps necessary, to understand how quantum computing works in order to understand its future implications for cryptography. The development of quantum computing is, unsurprisingly, attributable to the development of the theory of quantum mechanics. This field of physics, usually associated with Albert Einstein, is a generally accepted theory that predicts the behavior of nature at very small scales (e.g. atomic and subatomic). The theory predicts, rather counterintuitively for those new to the field, that a particle’s position is never definite until actually measured.

This physical observation, and those ancillary to it, is the underpinning of how quantum cryptography actually works. In practice, first, the key by which to unlock a message is encrypted into a chain of photons (subatomic particles) necessarily governed by the rules of quantum mechanics. This photon key is then passed from one party to another with no definite position until reaching the other side. Per the rules of quantum mechanics, if a third party attempts to intercept (i.e. observe) the photon en route to its destination, the photon will be irreversibly altered, destroying the efficacy of the key.

The limitations of quantum cryptography

The limitations of quantum cryptography come in two flavors: one is technological, the other is human. With respect to technology, perhaps the biggest unsolved challenge is the fact that, while traveling over vast distances of fiber cable, photons begin to lose their original quantum states. At this point, scientists estimate that the photon should not travel more than 200km in order to ensure reliability. To solve this problem, repeaters could be used, however, this requires decryption and re-encryption, creating a target point for hackers. More fundamentally, no quantum project has been developed that is reliable enough, and sufficiently cost-effective, to be the basis of a profitable venture. However, even assuming all technology issues are solved, and commercial (or public) prospects brighten, this does not change the fact that the weakest point of any security system remains: human beings.

No matter how effective quantum cryptography is at protecting a digital message traveling between two people, the fact remains that people reside on the other end of the communication. Do you keep your computer password on your computer monitor? If so, quantum cryptography will not help you. Have you ever been phished, or successfully click-baited? Quantum cryptography will not help you. Moreover, as any intelligence officer (or organized crime member) knows, human beings almost universally have pressure points: if you squeeze that pressure point hard enough, quantum cryptography will not protect you. In short, the potential for hacking remains no matter how effective quantum encryption.


Moving forward under the assumption, then, that quantum cryptography will not actually be the meaningful boon for privacy that some are predicting, then what is all of the hype about? My hypothesis boils down to one thing: money. If the technological hurdles of quantum are overcome, which they may very well be, ownership of the controlling intellectual property will likely be a windfall for companies that control key patents irrespective of whether or not the technology makes communication more secure in any meaningful way. So long as quantum becomes “best practice” within the cybersecurity field, the profits will come in. And it seems that companies and scientists are catching on: according to The Economist, 750 quantum cryptography patents were filed in China, the U.S., Japan, and Britain in 2015.(2) Many more were filed in the fields of quantum computing and quantum sensors.

In sum, quantum cryptography is not about an unhackable future, it’s about a more profitable one.

The conclusions are almost surely correct. A simpler route to the explanation would be to point out that in the 20th century one-time pads produced the same degree of perfectly-secure encryption, at a fraction of the cost and technical difficulty, and with simpler, if still daunting, problems of scale. But perfect security of transmission does not mean perfect security of information, for all the reasons you give, which can also be expressed more succinctly by use of traditional-technology examples from the history of espionage. Paying or otherwise suborning the people who collect the garbage almost always works.

It might also have been a good idea to explain why quantum computing has potentially much more disruptive effects on the decryption side. You could as easily have written a couple of lucid paragraphs on what happens if quantum computing changes the theoretical limits on solving "np-complete" problems like factoring large numbers. (You could also visit briefly the very elegant if not-so-simple proof that all np-complete problems are the same.) What happens if public-key encryption fails because a few players possessing 30-qubit quantum boxes can do factoring in polynomial time is a very much more worrisome story than anything that can be made out of hyping quantum encryption.


1 : E.g. “Quantum Cryptography: A Boon for Security”;”, March 21, 2017 (10:00 PM).

2 :


Webs Webs

r2 - 16 Nov 2017 - 00:39:28 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM