Perfect security is available, but you probably don’t want it.
Oh, sure, the perfect security itself is attractive. But it comes with a huge burden that restricts the technique to just the very most critical communication, and it limits how much of that communication can be done.
The original term is the Vernam Cipher, although subsequent spy novels have entrenched the term One-Time Pad.
You must start with a source of truly random data for a key stream, and that is the first difficulty. Computers are deterministic, on their own they can’t produce randomness (although, if used very carefully, a computer’s observations of traffic on a busy network or disk I/O timing on a busy file server can provide decent randomness). Humans don’t understand probability, as shown by the success of lotteries and casinos, so don’t ask a human to generate the key stream.
Physics provides the only source of truly random data. As I mentioned last year, truly random data is available.
The second difficulty is that your key has to be as big as your data. If you plan to secure a 10 megabyte file with a one-time pad, you need 10 megabytes of purely random key data. The cleartext and key are combined with an exclusive-OR or XOR operation, which is analogous to multiplying two analog signals.
The third difficulty, and this is what really gets in the way, is that you much have that same bulky purely random key at both ends. You must never re-use any key data as that leaks information. Just ask the Rosenbergs. Well, no, you can’t, they were executed after being detected as Soviet spies because they reused keys and were detected by the VENONA program.
How are you going to get the key to the other end? You need an absolutely trusted communication channel, maybe you meet with your correspondent in a secure facility to exchange key data. Why don’t you just exchange your messages then? Oh, the whole point is that you don’t have a secure communication channel yet, you’re trying to build one? Then how will you transfer keys?
Enter quantum key distribution or QKD.
If your communication is based on the polarization of individual photons, then with good hardware and careful use you can transmit a key stream between two locations. As we see in Learning Tree’s Cloud Security Essentials course, security requires the right technology and its careful use. Since the signaling is based on single photons, any interception will cause obvious corruption. It’s tamper detection, you send random key bits down the link and only use those that arrived tamper-free.
This isn’t science fiction, it’s actually being used. QKD was used for a bank transfer in Vienna in 2004, and companies in Geneva, New York, Australia and Paris offer commercial QKD systems.
Quantum key distribution is defensive technology, keeping your secrets. How can quantum effects be used to break security? Come back next week to find out!