Quantum cryptography promises communications security boost

Location-based quantum cryptography doesn't need secure channels or pre-shared encryption keys

A new variant of quantum cryptography (QC) called position-based QC could herald a huge breakthrough in communications security – although commercial applications are still a long way off.

The advantages of the system are outlined in the research paper, 'Position-Based Quantum Cryptography,' to be presented in Las Vegas at the 51st Annual IEEE Symposium on Foundations of Computer Science this October.

The position-based key exchange scheme aims to solve security problems that can arise from users communicating privately between locations – such as from within an enterprise to the cloud – without secure channels or pre-shared keys (PSKs), according to the research paper's authors.

One of the problems with PSKs is that they need to be sufficiently long, and randomly chosen to resist so-called 'brute force' attacks, which could in theory break weak keys.

Positioned-based quantum cryptography doesn't require PSKs, and is therefore theoretically more secure.

Quantum cryptography uses quantum mechanical material properties to secure communications, whereas classical methods in use today rely on hefty mathematical functions to encrypt communications links.

BT chief security officer Bruce Schneier's recent blog on the topic said the technology had real potential.

"Location-based encryption – a system by which only a recipient in a specific location can decrypt the message – fails because location can be spoofed," said Schneier.

"This research group has shown that sending quantum bits – the quantum equivalent of a bit – instead of only classical bits, gives a secure protocol such that the location [of a device] cannot be spoofed."

Businesses hoping to exploit position-based QC will have a long wait, however. "Don't expect this in a product anytime soon. Quantum cryptography is mostly theoretical and almost entirely laboratory-only," Schneier said.

Two of the paper's four authors, Nishanth Chandran and Rafail Ostrovsky, work at the Los Angeles branch of the University of California (UCLA).

Ran Gelles works at the Cryptology and Information Security Group, in Amsterdam, and Vipul Goyal works in India for Microsoft Research.