Industry Observations-Technical Insight

Oil Droplets and Your Banking Credentials

Warning: IANAQC (I am not a quantum cryptographer)

What does a droplet of oil have in common with the security of your banking credentials? Very little, you might think. However, there is research that came out a few months back, that confirms a theory made (and then dismissed) over 80 years ago about quantum effects. Bear with me.

For the last 80 years or so people have believed that particles are in two or more places at once, and only once measured do they “choose” a position and lock in. By virtue of being in two or more places at once, it is believed that a quantum computer can test all theories in a binary question simultaneously (on or off). Each binary question is effectively one bit of entropy, and if you get enough bits, you can build a very powerful computer.

From a computer security perspective it means that factoring large primes is a relatively easy thing to do – you get enough bits into your machine and you can factor the largest publicly available crypto-systems. While it is believed by the likes of Dr. Martin Helman (of Diffe-Hellman-Merkel key exchange infamy) that we have 10 years before such a machine is feasible and an additional 10 years before such a machine is usable, that still brings the time horizon of quantum cryptology into our lifetime.

That’s a scary thought if you have secrets that need to live beyond your lifetime – you only have 20 years before they are breakable by the military — or by anyone who could afford such a device in their evil lair; the only caveat would be the data collection and storage space for all that encrypted data.

However, recent findings suggest that particles might actually not be in multiple positions all at once; they might instead act like a droplet of oil dancing along the surface of a pool of water. Unlike a droplet of water, an oil droplet won’t go beneath the surface of the water (because of differing densities for oil and water). Instead, the oil droplet will bounce along on the surface. But when the oil droplet is first dropped, it causes a ripple, and that ripple will bounce around and could actually interact with the oil droplet again, causing it to move seemingly erratically.

So perhaps quantum particles, like oil, do not behave in “spooky” ways, but rather in very deterministic (as opposed to probabilistic) ways. That is to say that there may be no “magic” behind how particles behave – it may just be a very challenging fluid-dynamics problem. If we knew enough about the waves and the oil we might be able to predict exactly where the oil (or particle) would end up. Okay, but what does this have to do with your banking password?

If this theory is indeed true, cryptographers might be unable to build a quantum computer capable of being in a super-position (two positions at once), and therefore capable of factoring all possible variations at once in the way once envisioned. If that is true, we could be much safer in the near-term as our secrets stay safe from such a machine. That means that crypto-reliant technologies like SSL/TLS might actually have some greater longevity than previously thought (barring things like Poodle, BEAST, CRIME, etc.).

Although this is an unconventional theory, one that is not at all agreed upon by the scientific community (yet), and a difficult one to prove at that, it might make your banking passwords safe for a little longer than we previously thought. Who knew? Oil. Hmm! Read more about it in Wired.

Tags: web security