Ask Dr. G.

Dr. Gigabyte has returned to answer those questions nagging atthe soul of every CIO. If there is something you should know butdont, Dr. Gigabyte can provide the answer that just may save yourjob through another budget cycle.

Dear Dr. G.: I have been spending sleepless nights worryingabout data security. I am afraid to read the National Underwriterweekly magazines for fear my firm will be featured in the leadstory as the latest organization to become embroiled in a lost-datascandal. We have sensitive customer information we absolutely mustkeep secure. I know DES encryption can be cracked in a matter ofhours. What am I to do? During a recent round of golf, my CEO toldme one of his colleagues claimed his techies had found a 100percent secure systemsomething called Kwanza encryption. What isthat all about?
Wide Awake in Wichita

Dear Wide Awake: Go immediately to the golf course and work onyour game. As soon as your brother-in-laws term on the board ofdirectors expires, you will be seeking employment. You might aswell take your CEO with you. Your question is riddled with so muchfatuous nonsense I hardly know where to begin.
Let me start with the obvious. Kwanzaa (sometimes spelled Kwanza)is an African-American cultural holiday that has been celebratedsince 1966. I suggest you hide this issue of Tech Decisions fromyour HR director. Ignorance in
C-level executives is an ugly thing.

I strongly suspect your CEO overheard a conversation aboutquantum encryption and, being a CEO, was reluctant to ask whatreally was said.

Quantum encryption is, in fact, the newest virtually securemethod of encrypting data. Current electronic encryption modelsmake use of huge keys that must be crunched by brute force todecrypt the data without having the secret key. Quantum computerswill render current encryption schemes useless (see Trends &Tech: Quantum Leaps, April 2003). There is some small irony quantumencryption probably still will be secure when we have quantumcomputers.

Quantum physics now is being applied to cryptography in twodifferent ways. Random numbers are quite useful in currentencryption methodologies. Unfortunately, random-number algorithmsdepend on a seed because computer algorithms are by their verynature deterministic (if they werent, we would all be out ofbusiness). The random quality of the seed always has been the weaklink. Quantum random generators utilize the unknowability of eventsin the microscopic world to generate true random numbers. Mostquantum events are completely unpredictable. For example, theprobability of a transmission or reflection of a photon on asemitransparent mirror has a 50 percent probability. Algorithmsbased on such microscopic physical events guarantee undeterminablerandomness.
The second manner in which we may use quantum physics to createunbreakable codes is in the use of quantum keys. A seriouschallenge in cryptography is ensuring private or secret keys havenot been compromised or copied. Quantum keys solve thisproblem.

I will attempt to describe the concept in very simple terms andin very few words. Imagine a secret key that consists of a streamof photons. A photon can be observed in various states that can beinterpreted as 0s and 1s. The Heisenberg Uncertainty Principledictates we can measure only the bits in a single mode or manner.The sender of the key and the receiver of the key measure the bitsin the same mannerand communicate that manner to each other in theclear. They then can determine which photons were measuredcorrectly. The modes measured correctly then may be used as asecret key. If a third party has observed the stream of photonsduring transmission, the key necessarily will be modified by thatobservation and the sender and receiver will know the key has beencompromised. (One of the common maxims of quantum mechanics isobserving a subatomic particle changes its states.) Thus the senderand receiver are able to share a secret key with the certainknowledge it has not been compromised. (I knowvery simplistic, butI have only a single page.)

That, my nocturnal friend, is the quick and dirty answer to yourquestion.

If any of my readers have any intelligent questions, please sendthem to me. Dr. G. does accept PayPal honorariums.

Readers are invited to send their questions to Dr. Gigabyte at[email protected] forresponse in this column. Letters are for purposes of exploringinsurance IT issues only and may or may not be contributed by anyparticular individual.