To great fanfare, the ultimate means of keeping secrets was unveiled last week by an international team of scientists and engineers. Based on esoteric concepts rooted in quantum theory, the laws of the subatomic world, the technology is said to be capable of keeping every communication or transaction between business networks utterly secure. But how seriously can such a claim be taken? There's certainly no lack of demand for such technology. Last week the US-based Computer Security Institute published its annual computer crime and security survey, which showed that businesses worldwide now regularly fall victim to technology-based fraud, with losses averaging almost US$500,000.
And there's no doubting the ingenuity of the encryption technology demonstrated in Vienna last week by an Austrian-led consortium. Put simply, it exploits two key features of quantum processes: their randomness, and their exquisitely delicate nature. Cryptologists have long known that randomness lies at the heart of any truly unbreakable code system. All communication involves regularities - for example, the relative frequencies of the letters making up words - that can give codebreakers clues to the content of the message. By mathematically combining the text with a genuinely random "keystream", the result is gobbledygook that remains unreadable until the keystream is stripped off again, revealing the original text.
This so-called "one-time" system was invented by a cryptologist working for the US Army as long ago as 1918 - and remains the only provably unbreakable code system ever devised. Yet it has never been widely used because it suffers from a very simple flaw. The all-important random key must only be used once - hence the term "one-time" - with each fresh key being securely transmitted to the recipient.
The twin problems of creating the random keys and distributing them securely has so far prevented the widespread use of this truly unbreakable one-time system. But the quantum-based system solves both problems at a stroke. Randomness is a common feature of subatomic processes, and is already widely used to generate random numbers. Crucially, however, quantum systems can be created which are exquisitely sensitive to outside interference - making them perfect for deterring eavesdroppers.
For example, as part of last week's demonstration streams of specially-prepared photons of light were used to transmit the random keystream to members of a network up to 80km apart - with any attempt to intercept the keystream instantly revealing itself by subtle changes in the received photons. The culmination of four years' work by scientists and engineers in a dozen European countries, last week's demonstration is a major milestone in the quest for absolutely secure communications, and brings us closest to exploiting the theoretical invulnerability of the one-time system. But the key word here is "theoretical". History suggests there is no encryption system so sophisticated it cannot be undermined by human error.
During the Second World War, the German armed forces relied on the famous Enigma encryption machine to keep their field communications secure. The byzantine complexity of the machine would have utterly defeated the attempts of Allied codebreakers - had it been used properly. Yet carelessness by radio operators - such as using common words as the "key" to set the machine up each day - gave enough clues for codebreakers to read Enigma messages within hours of transmission.
Even the far more sophisticated code machines used by the German High Command for their most secret communications fell prey to human error. In August 1941, a fault during tests of one such Geheimschreiber ("secret writer") led to identical messages being transmitted using different settings - a mistake spotted by Allied analysts, who broke the cipher, read the message and even worked out how the entire machine worked without even seeing it. The resulting intelligence - gleaned with the aid of Colossus, the world's first electronic computer - proved vital to the ultimate Allied victory.
Human error has even proved capable of undermining the "unbreakable" one-time system, as the Soviet Union discovered during the Cold War. The KGB equipped its most important spies with special pads of random numbers, to be used only once for each communication with spy-masters. But in 1942, the Moscow-based unit responsible for creating the pads made a disastrous mistake, and sent out copies of pads that had already been used.
Painstaking work by codebreakers in the US Army Signals Intelligence Service revealed the blunder, allowing them to read top-secret messages between the KGB and its network of spies. They uncovered a vast network of Soviet spies everywhere from the Allied atom bomb project to the White House, along with the notorious British spies Kim Philby, Guy Burgess and Donald Maclean. Quite why the Soviets made such a basic blunder is a mystery, but the official responsible was reportedly executed.
Such cases may seem of only historical significance, but they all highlight the dangers of putting blind faith in encryption technology - no matter how sophisticated it might be.Code-breakers are already devising ways of defeating the "unbreakable" quantum-based systems now in the news. Some of the techniques are very sophisticated, but some are devastatingly simple - as a New Jersey racketeer discovered in 2002.
Nicodemo Scarfo had been very careful about protecting his nefarious e-mails and files using PGP, a widely-used - and essentially unbreakable - encryption software program. Yet the FBI read all of Scarfo's e-mails without any difficulty, simply by installing a device under his keyboard which recorded everything he wrote before it was encrypted. For anyone who thinks last week's demonstration marks the start of a new era of truly secure communication, the moral is clear: those who fail to learn the lessons of cryptological history may be doomed to repeat it.
Robert Matthews is Visiting Reader in Science at Aston University, Birmingham, England
