When a technology wanders out of Scientific American and into The Economist, it’s generally a sign that something is afoot. This is the case with quantum computing. Quantum computing is complicated and so is quantum cryptography. That’s because quantum mechanics is really, really complicated. And so is trying to figure out the implications of someone getting it all to the market.
Quantum computing is jolly complicated, but the essence of it is that it uses quantum mechanics to do lots of things at the same time instead of one thing after another as conventional computers do. This is called quantum parallelism. Researchers have already built simple, small quantum computers and they seem to work within limits. One of those limits is that it is very difficult to stop 'noise'. Quantum computers manipulate quantum bits (or 'qubits') that can be on and off simultaneously. Qubits are stored by manipulating the quantum properties of atoms (eg, spin) but these are difficult to manage and the slightest disturbance (ie, noise) disrupts the system. Developments continue apace, however. Scientists have begun experimenting with mechanical qubits in which the states are stored in the twist of carbon nanotubes, and these may prove to be more stable [1].
So what? Well, a decade ago a Bell Labs scientist (Peter Shor) discovered a way to use the property of quantum parallelism to solve a very specific mathematical problem very efficiently [2]. The problem is finding the factors of large numbers. Now it happens that this problem is far from esoteric, because the difficulty of finding the factors of large numbers by conventional means is the lynchpin of modern cryptography: it’s the technology behind the little padlock that shows up in your web browser (when you visit your bank, for example). As far as I’m aware, the biggest number that has been factored so far with a quantum computer is 15 so the world’s financial systems aren’t in immediate danger: for one thing, we already knew the prime factors of 15 (ie, three and five). Still, the fact that an actual quantum computer has factored anything at all tells us that it might prudent to find new ways to encrypt data.
An obvious place to look to defend data from a quantum computer would be quantum cryptography. This works by using the law of physics again, taking advantage of the fact that it is impossible for someone to observe quantum particles (eg, photons) without being detected: thus, you could be sure that no-one was listening to your conversation with a bank. And banks have been investigating this property.
The financial world’s interest is obvious. Almost all the money in the world is already electronic and the movement of that money through electronic networks is protected by cryptography. Generally speaking, the cryptography used is a combination of symmetric cryptography and asymmetric (ie, public key) cryptography. Symmetric keys are used to encrypt the data in flight (eg, from an ATM to the bank host) and asymmetric cryptography is used to distribute the keys used in the symmetric cryptography. If there’s a threat to either of these techniques, or a better way of encrypting money, then banks need to know about.
They’ve already been doing some experiments. Last year, a quantum cryptography link was used to transfer money between Vienna City Hall and the Bank Austria Creditanstalt, when the Mayor of Vienna sent a 3,000 Euro donation to a University of Vienna acccount [3]. This was a first step, but being able to send photons down a fibre-optic cable from A to B is of limited use. What business needs is a network, so various people are trying to build one. The Pentagon’s Defense Advanced Research Agency (DARPA, the original home of the Internet) has already built one comprising six servers: it’s called Qnet [4].
Qnet and similar efforts use quantum key distribution to securely transfer cryptographic keys between nodes. The nodes then use those keys to encrypt the actual data being transferred. Unfortunately, there’s an obvious problem: I may well send data to the bank securely, but how do I know it’s the bank? What if someone else is on the end of the line [5]? That problem is solved using our old friend public key cryptography (the cryptography that quantum computing renders useless). Oh well: back to squares 0 and 1 simultaneously.

The cheque may or may not be in the post
The situation is therefore that quantum computing will eventually render the kind of public key cryptography that is currently widely used, useless. It may well be useless now, because a mathematical genius (co-opted by a government somewhere and operating in complete secrecy) has already made a theoretical breakthrough in factoring large numbers. Who knows? With all this uncertainty, all we can say is that people will still want to keep things secret in the future, so they will need quantum cryptography to do this. But the limitations in the way that quantum cryptography works (if, and it’s a big if, I have understood it properly!) mean that it depends on classical cryptography to work, so there is a problem to be solved.
Given that the industries that depend on encryption and authentication (eg, financial services) need probably a decade to develop new schemes and switch to them, they will soon have to make an informed guess as to when (clandestine mathematical wizards aside) quantum computing will develop the operational ability to break public key cryptography.
And it will, definitely, happen. Just as one of the first uses of the modern computer (the Bletchley Park Bombe) was to break the symmetric key cryptography used by the Nazi military (Enigma and all that), so one of the first uses of a quantum computer will be to break the public key cryptography used by the military, government, bank, pharmaceutical and other systems in place today. But note the implication: breaking the codes will not simply mean that banks won’t be able to use it to exchange messages in confidence in the future but that all data encrypted using public key cryptography since it was invented (in the 1970s) will become visible.
Keeping today’s information secret is running into the laws of physics. So what should you do? Note that quantum computing does not have much of an impact on symmetric cryptography (provided the key lengths are long enough): it is asymmetric cryptography that is potentially threatened [6]. So if you want to keep your data secret for a very long time, then use symmetric cryptography (eg, the encryption built into Apple’s OS X, which uses the Advanced Enryption Standard, AES) but don’t use asymmetric cryptography to store the keys to it!
It seems that this strategy, on a bigger scale, will be the one adopted in the financial services world. By choosing longer key lengths for symmetric cryptography as they move to AES and by using quantum cryptography to distribute the keys (and cycle the keys), the industry will have a workable response to interesting developments in the quantum world.

Related Website: www.chyp.com
Author's e-mail: dave.birch@chyp.com

References
1. Choi, C. Qubit Twist in Scientific American. 292(4): p. 16 (Apr. 2005).
2. Bit by bit in The Economist (1st Apr. 2004).
3. Knight, W. Entangled photons secure money transfer in NewScientist.com (22nd Apr. 2004).
4. Biever, C. First quantum cryptography network unveiled in NewScientist.com (4th Jun. 2004).
5. Paterson, K., F. Piper, and R. Stack. Why Quantum Cryptography? in Cryptology ePrint Archive. 2004(156) (6th Jul. 2004).
6. Piper, F. Cryptography: the state of the art in proc. of Digital Money Forum, Consult Hyperion (London: Mar. 2005).