Are we ready for a quantum leap in cloud security?

The tech may be tough, but could quantum computing lead to an unconditionally safe cloud?

Depending upon your age, the phrase 'Quantum Leap' either conjures up images of Scott Baluka as the time-travelling physicist Dr Sam Beckett or the change of an electron from one quantum state to another. Those who are most likely to visualise the latter are now promising a quantum leap in the state of security in the cloud, courtesy of the very science-fiction sounding use of entangled states, superposition and blind quantum calculations.

Yes, we are talking quantum computing here, which frankly is nothing new. I first encountered the concept way back in 1995, and that was more than a decade after the field was introduced by Richard Feynman in 1982. Please note that IANSC (I Am Not Sheldon Cooper) so forgive my simplistic explanation but I guess a quick definition is in order before I go any further.

As the name suggests, a quantum computer does not process data by passing electrons through transistors and encoding them into binary digits, but instead uses 'caged atoms' better known as qubits. Now here comes the head hurting part: while both a qubit and a binary digit (or bit) can be either a 0 or a 1, the qubit is capable of superposition. This means it can be both at the same time.

While this whole field can be summed up by a sign saying "you don't have to be Einstein to work here but it helps," the basic assumption of this superposition means a quantum computer can process the problem and all the possible solutions at the very same time.

Sorry about this, but you also have to throw in something called entanglement before we can approach the security side of the quantum computing fence I'm afraid. I hope you are sitting comfortably…

Entanglement describes a condition relating to a bunch of quantum particles connected together. When any particle is affected by an external measurement, the state of the entangled particles that are connected to it are also affected; no matter how far removed from the original particle they may be.

Entanglement is vital when it comes to the field of quantum cryptography as it pretty much guarantees the secrecy of encrypted data. Any attempt to measure (or interfere with) quantum data also disturbs that data and makes the attempt immediately visible – to put it another way, the entanglement aspect of quantum computing is so delicate that any attempt to snoop on the flow of encrypted traffic would immediately break it (destroying the data in the process) and require another quantum encrypted packet to be sent until one gets through without any 'measurement' or eavesdropping taking place.

This is all well and good in theory, a place where everything can be and is usually assumed to be perfect. Back in the real world of physical implementation of theory, where the likes of you and me live, perfection is much harder to ensure.

That's where quantum cryptography starts to look less than the 100 per cent secure than quantum physicists, and others with a vested interest keep telling us. When you start to think about the hardware needed to send, for example, the single photons which are required for 'perfect' quantum key distribution then imperfection creeps in. Lasers sometimes screw up and send a bunch of photons instead of just the one and that introduces the possibility of snooping that wouldn't be picked up by the entanglement argument.

Even when the boffins went back to the drawing board and started working on a device-independent protocol to circumvent the physical imperfection problem, it was soon found to be rather embarrassingly and simplistically flawed. The flaw being that the protocols in development treat the quantum cryptography process as a one-off thing, with the kit being used once and then replaced.

In the real world, once more, this falls apart as soon as you think about using memory storage in a device used more than once, which could record before and release after encrypted information is transmitted. It is far too costly at this point in time to even start thinking about disposable quantum crypto devices.

And now, I am informed, quantum physics could be the answer to cloud security according to physicists from the Vienna Centre for Quantum Science and Technology at the University of Vienna and the Institute for Quantum Optics and Quantum Information of the Austrian Academy of Sciences. Having typed that mouthful in, this better be good I can tell you.

And you know what? It sounds as if it might be just that. This particular bunch of quantum particle geniuses have performed an experiment which proves a quantum computer can be constructed with the ability to 'hide' all the data and data processing from the computer itself, therefore 'completely' secure cloud computing. This process of blind quantum calculation means the quantum computer, or quantum cloud if you prefer, would not be able to distinguish between decrypting some code, transmitting some invoices or looking up an entry in a telephone directory.

There are no prizes for guessing the way this works in a theoretical secure quantum cloud implementation is all rather complicated, but as I understand it (and IANSC still applies) the user making a query of the cloud prepares the qubits on his or her own quantum computer (the host machine), meaning the condition of those qubits is only known to them. The query is then transmitted to the cloud as a set of instructions, without the cloud computer actually knowing the original state of those qubits.

Still with me? Good, then I shall continue as it gets even more baffling. The cloud can work with the resulting ones and zeros it gets as output, but is entirely unable to interpret the actual data values.

This blind data processing ensures the cloud handling the request not only knows diddly squat about the input data, but it knows exactly the same about the processing it applies to it and the output that results from that processing.

Although I admit that this sounds like me on an average working day, the boffins reckon it could eventually lead to the unconditional security of cloud data. The key word being 'eventually' as it really all is still in the realm of the fantastical at the moment.

The experiment itself demonstrated the blind processing concept by squirting photons created with a laser beam pushed through a blue crystal to create some incoming red photons in a process known as spontaneous parametric down-conversion. These red photons were then 'entangled' in a state of polarisation and then calculated measurements for a deterministic quantum algorithm and a probabilistic database sorting algorithm, before the boffins checked the outcome of the measurements on the blind cluster state.

No, I don't really understand that either, but I do understand the bit where the researchers behind the discovery said it is all highly complex and could take 20 years before there's a quantum computer sufficiently powerful to enable even a lab demo of anything capable of doing something vaguely useful in real world terms.

So, just as Dr Sam Beckett found himself leaping from life to life "striving to put right what once went wrong" so quantum computing theory is bouncing around hoping that the next leap will get it nearer to finding the solution to quantum security and bringing it home to the cloud...

Sign up for our free newsletter