Ask Dr. Gigabyte

Ask Dr. G.

Dr. Gigabyte has returned to answer those questions nagging at the soul of every CIO. If there is something you should know but dont, Dr. Gigabyte can provide the answer that just may save your job through another budget cycle.

Dear Dr. G.: I have been spending sleepless nights worrying about data security. I am afraid to read the National Underwriter weekly magazines for fear my firm will be featured in the lead story as the latest organization to become embroiled in a lost-data scandal. We have sensitive customer information we absolutely must keep secure. I know DES encryption can be cracked in a matter of hours. What am I to do? During a recent round of golf, my CEO told me one of his colleagues claimed his techies had found a 100 percent secure systemsomething called Kwanza encryption. What is that all about?
Wide Awake in Wichita

Dear Wide Awake: Go immediately to the golf course and work on your game. As soon as your brother-in-laws term on the board of directors expires, you will be seeking employment. You might as well take your CEO with you. Your question is riddled with so much fatuous nonsense I hardly know where to begin.
Let me start with the obvious. Kwanzaa (sometimes spelled Kwanza) is an African-American cultural holiday that has been celebrated since 1966. I suggest you hide this issue of Tech Decisions from your HR director. Ignorance in
C-level executives is an ugly thing.

I strongly suspect your CEO overheard a conversation about quantum encryption and, being a CEO, was reluctant to ask what really was said.

Quantum encryption is, in fact, the newest virtually secure method of encrypting data. Current electronic encryption models make use of huge keys that must be crunched by brute force to decrypt the data without having the secret key. Quantum computers will render current encryption schemes useless (see Trends & Tech: Quantum Leaps, April 2003). There is some small irony quantum encryption probably still will be secure when we have quantum computers.

Quantum physics now is being applied to cryptography in two different ways. Random numbers are quite useful in current encryption methodologies. Unfortunately, random-number algorithms depend on a seed because computer algorithms are by their very nature deterministic (if they werent, we would all be out of business). The random quality of the seed always has been the weak link. Quantum random generators utilize the unknowability of events in the microscopic world to generate true random numbers. Most quantum events are completely unpredictable. For example, the probability of a transmission or reflection of a photon on a semitransparent mirror has a 50 percent probability. Algorithms based on such microscopic physical events guarantee undeterminable randomness.
The second manner in which we may use quantum physics to create unbreakable codes is in the use of quantum keys. A serious challenge in cryptography is ensuring private or secret keys have not been compromised or copied. Quantum keys solve this problem.

I will attempt to describe the concept in very simple terms and in very few words. Imagine a secret key that consists of a stream of photons. A photon can be observed in various states that can be interpreted as 0s and 1s. The Heisenberg Uncertainty Principle dictates we can measure only the bits in a single mode or manner. The sender of the key and the receiver of the key measure the bits in the same mannerand communicate that manner to each other in the clear. They then can determine which photons were measured correctly. The modes measured correctly then may be used as a secret key. If a third party has observed the stream of photons during transmission, the key necessarily will be modified by that observation and the sender and receiver will know the key has been compromised. (One of the common maxims of quantum mechanics is observing a subatomic particle changes its states.) Thus the sender and receiver are able to share a secret key with the certain knowledge it has not been compromised. (I knowvery simplistic, but I have only a single page.)

That, my nocturnal friend, is the quick and dirty answer to your question.

If any of my readers have any intelligent questions, please send them to me. Dr. G. does accept PayPal honorariums.

Readers are invited to send their questions to Dr. Gigabyte at gigabyte@tdmag.com for response in this column. Letters are for purposes of exploring insurance IT issues only and may or may not be contributed by any particular individual.