We live in "the golden age of spying." Entire systems of encryption are tailored to the recommendations of an agency with an isolated interest in decoding information that passes through them. When not content with the requisite latitude, it privately pairs with companies to reach even further and subvert already feckless rules. The loopholes and backdoors are everywhere. Can any real ciphering occur in such an Orwellian milieu?
A pair of theoretical quantum physicists, Artur Ekert from the Mathematical Institute at University of Oxford and Renato Renner of the Institute for Theoretical Physics at ETH Zurich, carefully considers this question in a new paper for Nature, and ends up with a somewhat unexpected answer. Recent theoretical advances, the authors argue, indicate that the construction of a perfect quantum cryptographic system is possible.
When technical buzzwords are stripped away, all we need to construct a perfect cipher is shared private randomness, more precisely, a sequence of random bits known as a ‘cryptographic key’. Any two parties who share the key, we call them Alice and Bob (not their real names, of course), can then use it to communicate secretly, using a simple encryption method known as the one-time pad. The key is turned into a meaningful message by one party telling the other, in public, which bits of the key should be flipped. An eavesdropper, Eve, who has monitored the public communication and knows the general method of encryption but not the key will not be able to infer anything useful about the message. It is vital though that the key bits be truly random, never reused, and securely delivered to Alice and Bob, who may be miles apart.
The chief ingredients of such an instrument are "monogamous correlations" and "a little bit of 'free will.'" If these requirements are satisfied, "devices of unknown or dubious provenance, even those that are manufactured by our enemies, can be safely used to generate and distribute secure keys."
According to quantum theory, entangled polarized photons can be measured to satisfy the first requirement. And absent total manipulation, just a small degree of free will can produce the necessary randomness:
If someone we trust tells us that such and such a fraction of the choices made by our random number generators cannot be determined by the adversary, then privacy is still possible because local randomness can be amplified. Randomness amplification can itself be done with device-independent protocols, and it works even if the fraction of initial randomness is arbitrarily small or the devices are noisy.
It all looks bizarre and too good to be true. Perfect privacy, secure against powerful adversaries who provide us with cryptographic tools and who may even manipulate us? Is such a thing possible? Yes, it is, but ‘the devil is in the detail’ and we need to look into some practicalities.
There are some theoretical kinks left to sort out, but watch out NSA.