The science of cryptography is at the heart of cyber security. Mobile phone calls, messaging and online banking all rely on complex mathematical algorithms to scramble information in order to protect it from malicious hackers, spies and cyber criminals.
It is no exaggeration to say that there would be no confidentiality or security online without encryption and that many of the operations we take for granted would not be feasible. Faced with increasing cyber attacks against critical infrastructure—including but not limited to power utilities, transport networks, factories and the health care industry—encryption is evolving to meet the threat.
The most prevalent system nowadays is public key encryption. It works by giving users two keys: a public key, shared with everyone, and a private key.
The keys are large numbers that form part of an intricate mathematical algorithm that scrambles a user’s messages. The sender encrypts a message by using the receiver’s public key in order that only the intended recipient can unlock it with her or his private key.
Even though the public key is freely available, the numbers involved are sufficiently large to make it very difficult to reverse the encryption process with only the public key.
As computers become more powerful, however, and in the face of rogue states with the technology resources to pose a more serious threat, cryptographers are turning away from mathematics and looking to physics—specifically the laws of quantum mechanics—to achieve greater security. Wikipedia defines quantum cryptography as “the science of exploiting quantum mechanical properties to perform cryptographic tasks.”
Computers store data using two states: on or off. These are called bits and are represented as a 1 or a 0. Quantum bits have more states that are changing continuously.
That is because quantum cryptography is based on the behaviour of quantum particles, which are smaller units than molecules. For example, an encryption system called quantum key distribution (QKD) encodes messages using the properties of light particles.
The only way for hackers to unlock the key is to measure the particles, but the very act of measuring changes the behaviour of the particles, causing errors that trigger security alerts. In this way, the system makes it impossible for hackers to hide the fact that they have seen the data.
Quantum cryptography is an area of interest for two key expert groups:
- IEC Technical Committee (TC) 65: Industrial-process measurement, control and automation, which is responsible for the IEC 62443 series of standards on Industrial Communication Networks – Network and System Security.
- ISO/IEC JTC 1/Subcommittee 27, part of the Joint Technical Committee (JTC) set up by the IEC and the International Organization for Standardization (ISO) to work on International Standards for information technology. SC27 is best known for the ISO/IEC 27000 series of Standards.