Fear of the man in the middle? This company wants to sell a quantum key distribution

When reviewing the WireGuard VPN network last fall, one of the elements evoked was the support of WireGuard for an additional PSK optional security layer (pre-shared key). Like most modern encryption systems, WireGuard's basic encryption is asymmetric, which means you encrypt the data with one key and decrypt it with another. PSK keys, on the other hand, are symmetric cryptography – the key used to encrypt the data is also used to decrypt them.

The fundamental problem of symmetric cryptography is practical and not mathematical: how do you get the key of your interlocutor? If you want to use encryption, it's because you do not trust the support between you and your partner, so you can not use this support to share a key. The constant fear is that a MITM – Man In The Middle – can intercept the key, thus destroying your secret.

This trap is what makes asymmetric cryptography – the type used for everything from SSH keys to SSL / TLS for websites, is so appealing. With asymmetric cryptography, you send your public key to your communication partner in the clear. Your partner encodes a message with your public key, which you can then read with your private key because it has never been shared. You can do the same thing in the opposite direction to send data in the other direction: get the public key of your partner and use it to encrypt a message to send to him for it to be decrypted with his key private.

Thus, in the United States at least, companies are beginning to sprout in the hope of facilitating this type of cryptography to others.

The bogeyman of quantum computing

This basic concept – negotiating a connection and an ephemeral PSK using asymmetric cryptography – has served the world extremely well for two decades now. The world of technology would struggle to function without that, actually. Secure modern communication is possible only because we do not need to meet communication people to stealthily give up a PSK like a night thief. But there is an evil spectrum (no, not that Specter) looming on the horizon: quantum computers.

Like quantum physics, quantum computers are strange animals that few people really understand. Classical computers are themselves digital but operate according to essentially analog principles. If there is a sufficient amount of load on one side of a door, it is considered a load; if there is none, it is considered a zero. Presto, we have bits!

Quantum computers do not work at all with conventional bits, but store and process data as qubits. Instead of a relatively macro quality like "how many electrons are on the other side of this gate", a qubit is measured by means of the state of a single quantum particle. For example, a quantum computer can store qubits in the spin of individual electrons, coding a 0 as "spin down" and a 1 as a "spin up". Things get more bizarre from here: when a conventional bit can only store a single 0/1 value, a qubit can store a consistent overlay of values. This means that you can store two bits in a single qubit using superdense encoding, assuming you can use a pre-existing entangled state between Alice and Bob (the sender and receiver of your data qubit). It also means that you can not really know the value of your qubit without destroying it (so I hope you will have a pen and pencil on hand to write it when you read it).

Let's go back for a moment to the idea of ​​storing a "consistent overlay of values". Scientific American explained this quite easily a few years ago and Ars has been exploring this idea since 2008. Do not forget Schrödinger's cat, the poor beast trapped in a box without vent holes, neither alive nor dead until a macabre researcher opened his box to find out. ? This turns out to be a fair enough representation of a qubit. When you actually measure a qubit, you can only get a 0 or a 1: the cat is alive or dead. However, you can directly manipulate the survival probability of the cat. You can store a cat with a probability of survival of 75% in the box; when you open it, you always get that a 0 or a 1 (dead or alive cat). But the probability 0 or 1 is very real, and it is actually stored in this qubit. (Frankly, trying to make practical use of the probabilistic storage of information is beyond me, but it turns out that no one asked me to build a quantum computer.)

On a strictly practical level, quantum computers look a little like GPUs: they are not necessarily better in all respects than conventional general purpose processors, but they are incredibly better for some operations. In particular, quantum computers are really good and conventional computers are really bad at factoring very large integers. Most of the most widely used asymmetric encryption algorithms rely on this weakness of legacy computers to maintain asymmetric encryption. Once quantum computers reach about 1500 qubits, it becomes practical to use Shor's algorithm to attack modern RSA, Diffie-Hellman and elliptic curve designs directly and in real time. (This means Bitcoin's final fate, as well as current SSL / TLS schemas.) IBM was up-to-date a year ago with a 50-bit version of their Q Quantum computers, which will probably not happen tomorrow or the next day. … but it seems inevitable that he will happen.

Quantum computers are also better at tackling symmetric cryptography, but they are not enough. You can halve the time needed to attack a symmetric algorithm with the help of a quantum computer, but a bit of entropy is not a subject of writing. There are also asymmetric cryptographic algorithms that do not rely on the factoring of huge integers. From what we know today, they are not particularly vulnerable to quantum computing attacks. The end of mathematically derived crypto has not arrived yet … but it is certainly time to start thinking about new ways to achieve secrecy over long distances.