Quantum cryptography effectively 'useless'

Bruce Schneier speaks out

Security expert Bruce Schneier does not believe in the efficacy of quantum cryptography

The deployment of networks protected by quantum cryptography is "nearly useless" for practical purposes, according to security expert Bruce Schneier.

The world's first network using quantum cryptography went live last week in Austria, but Schneier said in an article for Wired that the deployment changes little in the security field.

"The basic idea is still unbelievably cool, in theory, and nearly useless in real life," he said.

"Even quantum cryptography does not 'solve' all of cryptography. The keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption."

Schneier explained that the weakest point of any network is not in the transmission of data itself but at the endpoints of the network. Quantum cryptography does not solve this basic problem.

"It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be 50ft tall or 100ft tall, because either way the attacker is going to go around it," he said.

Quantum cryptography systems rely on an application of the Heisenberg Uncertainty Principle, which broadly states that it is impossible to observe quantum information without altering it.

This makes eavesdropping impossible, since as soon as it takes place the change in data can be recognised and the network shut down.

Even quantum computing itself is not the be-all and end-all of computer security, Schneier argues.

The sole effect on symmetric cryptography would be to halve the amount of time taken to break the encryption key, and that could be countered simply by increasing key sizes.