Securing the post quantum world with a ‘shared key’

In this three part-series on protecting our post quantum society, I have explored what indeterminism means for the world, as well as some of the strategies we can use to protect our core assets. In this final part, I consider the ‘many key’ approach to protection.

The many key principle

This approach gives new meaning to the definition of a shared key. Imagine for instance, a large group of people trying to find a single key to a single door. But unlike a normal door, the lock was made without a key. To solve this problem, the group must set out to find a key that fits. This is similar to the many door principle discussed in my second post , but instead of having an indeterministic door with deterministic (for the door creator) locations, we have a deterministic door type and location, and an indeterministic key state.

The many key principle attempts to create key-states amongst different end-points of the network. They all perform the same transformations upon the key-state. Each results in different spin-off states that can be observed. Because we cannot fully observe the key-state without breaking it, we require many transformations upon the key-state to be performed. Each transformation siphons more information, which allows us to better predict the state of the actual, sought after key with increasing probability. However, the only way to confirm that one person’s ‘guess’ of the key is the right key, is to observe the key-state. If designed smartly, this answer is only non-random if enough information about the key is gathered. So, the algorithm gains better probabilities from longer iterations but never really has good odds of being decoded. If you don’t guess right, the lock changes.

Once someone has observed the key, everyone will instantaneously know, as the transformations they have been doing will no longer result in spin-off states due to the breaking of their local pairs used in the entangled state. Someone then declares himself the ‘owner’ of the key and others can see if this person is actually right by reviewing his key with their personal answers. After all, their answers must be part of the original key, or the key is false and everybody will know this (hence the key is ignored). This can be done in public deterministically, as by design, nobody else has enough information to guess the key right. It is only to confirm the guessed key as genuine.

One might question what the use of such a key is, to a door where nobody knows what the actual key is. It is however, a good method to achieve consensus about using a key, for instance, to launch a nuclear missile. The only difference being that the calculation in this scenario could be done quantum-mechanically utilizing its principles to ensure computational difficulty, chance and avoid the possibility of cheating. The downside of this is that it is likely that several key-state sessions will need to be made, before consensus (‘the key’) is achieved, and this takes time.

Encrypting indeterministic data

Another consideration that must be made is that we work with deterministic data. This means that we’d always need clever ways to restrict access as described above. One might say that we can also create simple indeterministic data and encrypt each dataset with a deterministic key. Without the key, it would intrinsically be impossible to ever retrieve the data.

Of course, we can only observe deterministically. Every observation that we do will be recorded in the present deterministically. If we were to store deterministic data contained in an indeterministic state, we’d need enough copies to ensure that after measuring everything, we could still retrieve the right set of data. And even then, there is a possibility that after encryption, retrieving the data for myself will fail. Unless loss of data is an option, data will always be deterministically encrypted making it hard to prove an attack once the encrypted data has been found.

Security in a post quantum world

Security is not completely flawed, but in the post quantum world, we need to readjust how we protect our core assets, and utilize concepts that are more durable than the ones we use today. Simply viewing encryption as a means of regularly updating anti-virus software, to stay ahead of possible encryption breaking is not enough. This new society requires a total mind-shift, of which I have only just scratched the surface in this three-part series.

It is perhaps comforting to know that every security practice we will ever use, including all of those described in this series, will always have a deterministic element in it. For all these practices, we can always wonder; “Is it really unbreakable?” And to me, that uncertainty is surprisingly comforting.

For more information on the future of quantum computing security, check out my previous blog posts on defining indeterminism and protecting core assets with a many door approach.

About Frederik Kerling

Frederik Kerling is a Business Consultant who started in the Foundation of Atos Consulting the Netherlands. As a theoretical physicist specializing in Quantum engineering he has over a decade experience with Quantum Physics. In his Master thesis he made explicit reference of the possible threat of Quantum Computers to cybersecurity, and is a Quantum Specialist within Atos. As a Business Technologist he has experience with Data Analytics, Software Asset Management and Digital Transformation. In his spare time he loves to travel and practices martial arts.