Quantum cryptography, which is based on quantum mechanics, works (or will work) because of quantum-based computers, which rely on the quantum properties of superposition and entanglement. Superposition means that a single particle exists at the same time in all of its possible states. Entanglement is the idea that once two particles have interacted, later on, even when separated, whatever you do to one impacts the other.
Quantum computers are coming
While many people, including many crypto experts, consider practical quantum computing impossible, certain companies are developing light-based quantum computers already, and you can buy quantum-based products today. Right now, the quantum computers built and demonstrated are very rudimentary. But their creators have shown they can work -- that they can act as transport mechanisms -- and they're getting better each year. Quantum computers are likely to be very, very fast. Give them an insanely difficult math problem, and they should be able to solve it instantaneously.
Quantum computers, when fully realized, will be able to crack most of the encrypted secrets of our lifetime -- except for secrets protected by quantum ciphers. We'd better start thinking about encryption that's resistant to quantum computers sooner rather than later.
To protect our future secrets, we need quantum (or postquantum) encryption routines. There is a possibility that the most advanced cryptographers -- such as the NSA -- are already using quantum encryption. But if they've reached that bar and used quantum encryption beyond a few simple demonstration tests, it isn't publicly known yet.
An iron-clad solution -- in theory
Quantum encryption works because if anyone tries to intercept the encrypted secret, the mere act of viewing the secret will change the secret. Not only does the invader fail to obtain the secret, but authorized people will know that someone tried to tamper with their secret. In other words, quantum encryption sounds pretty great.
Unfortunately, the quantum encryption done so far has been very limited. We're essentially waiting for quantum computers to mature enough for the practical applications to catch up with the theory, which is par for the course in physics even outside of quantum mechanics. Many people are already demonstrating that they can "crack" quantum-encrypted secrets.
But here's my biggest beef about quantum crypto: Today's encryption isn't even close to being the weakest link. Today, nearly any good hacker can break directly into any computer. Forget trying to hack encryption; hack the endpoint. Take all the secrets. Forget quanta, forget subatomic particles, entanglements, and wave theory. None of that means anything unless we do a better job protecting endpoints.
This story, "Quantum cryptography is the last, best defense," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.