These cryptographic primitives are the foundation on which you build the protocols, and then you implement them, and then you use them with trusted people.

Today, most systems are broken at the higher layers, but what we’re saying is, with quantum computers, a lot of these primitives are going to be broken. And with quantum communication and other quantum technologies, we can find new, better primitives out of which to build the foundations.

So, it’s a special time in the history of cryptography in that we know we need to fix the foundations, because there are some key pieces that are broken with quantum computers, and we have these really wonderful new primitives to put into the foundations as well.

Q – Where does Waterloo sit in the world of quantum cryptography research, and how is its work regarded?

A – Waterloo has a long-standing reputation in classical cryptography going back to the early 1980s, when the data-encryption group was founded at the University of Waterloo, out of which Certicom was founded. Certicom is the primary developer of elliptic-curve cryptography, which is now used in standards around the world and in BlackBerry.

We didn’t know it, but it actually dated back even further, with Bill Tutte. He was a crypto who figured out how to break these high-level Fish codes that the Nazis were using for high-level strategic communications, and they built Colossus (the world’s first electronic computer) to implement his cryptanalytic attack on these Fish codes.

It was amazing that he found out the structure of the codes, and then he found out how to break them, but it was computationally intensive so they built Colossus, and it was one of the greatest intellectual feats of the war, and of the 20th century. But it was classified, so he never talked about it.

He came to Toronto actually, but he was doing mathematics, which maybe wasn’t so fashionable, so we headhunted him to Waterloo. We largely built the mathematics faculty around him and others, but he was certainly one of the major pioneering figures in the math faculty at the university.

And many of the people he supervised and mentored, and the people they supervised and mentored, were the founders of the cryptography group.

The data encryption group started the Centre for Applied Cryptographic Research, which recruited me to start a quantum computing group because they realized that you can’t do 21st-century cryptography without knowing about quantum computing and quantum cryptography.

This is because quantum computing defines what’s hard and easy, so it defines which computational-secure protocols are really secure, and it also gives us new quantum protocols.

So I was hired, and then I said ‘you can’t have a quantum computing group without some physics’, so we started expanding into physics, and then Perimeter Institute and Mike Lazaridis came along and said, ‘Well why don’t you take this up a few notches’ and started an institute for quantum computing.

We now have 17 faculty and we’re going to grow to 30.

Since the late 90s we started making our name in quantum computing and quantum cryptography, and now I would say we’re regarded as one of the world leaders in quantum cryptography.

We have many of the top people developing new cryptographic primitives and new applications, and blind quantum computing and quantum fingerprinting and so on.

We have Norbert Lütkenhaus, who is a world authority on the security of practical QKD systems. Norbert is second to none in the world in this field.

We have guys like Thomas Jennewein, who is an expert in freespace quantum communication. He’s leading a project to do quantum communication with satellites, which will help us achieve long distance. One of the short-term challenges of quantum key distribution is, you can only do it over a few tens or a couple of hundred kilometres. One solution is to use satellites to achieve global distances, so Thomas is a world leader in that.

We have world experts in quantum algorithms for those interested in quantum cryptography, but also for people who want to do computationally secure classical cryptography that is secure against quantum computers.

I think we sit very well – second to none – in terms of quantum cryptography research in the broad sense, and also in the narrow sense with quantum key distribution.

Q – How is quantum cryptography already contributing to protecting people’s privacy, whether online or on mobile devices?

A – I would say the deployment of quantum cryptography is still very limited right now, so it’s not currently being used on a large scale. But there are banks using it, and governments and so on currently, in these niche applications, link encryptors and so on.

In the broader sense, there’s a question of people having confidence in the systems we use today. Do you trust that your health information is really going to remain private, and so on.

I think people probably are a bit nervous or skeptical about long-term security right now, for many reasons, including the prospect that quantum computers will break some of the existing codes.

There have been several demos of small networks around the world; there’s QKD network demos in Tokyo, there was one in South Africa at the World Cup, there’s one in Europe, one in China.

Q – What about this notion of authorities, such as the government or law enforcement, always wanting to maintain some kind of back door into our information? Does that pose a threat to full-scale development of the most secure cryptographic solutions?

A – I don’t think so, not in any fundamental way, because there are unbreakable codes already. So, if the bad guys are organized, there already are unbreakable codes they could be using, so really, why don’t we let the good guys have a robust infrastructure?

If you talk to a privacy expert and you suggest the notion that only bad guys want to keep their information secret and have something to hide, they’ll rip you to shreds and give you 20 reasons why this is a fallacy.

Privacy is fundamental to our freedom in many ways, our autonomy and so on.

Also, one of the ways we catch criminals is by people volunteering information, and these people want their privacy to be preserved, for very good reasons. They’re the good guys and they’re willing to stick their necks out to help law enforcement authorities track down criminal behaviour, and they want assurances that they’re not going to be revealed.

So I think on the whole you want a robust, reliable information security infrastructure. You can still have lawful access and all these things; there’s nothing fundamentally stopping it; it would work just the way it works today.

Q –What commercial opportunities will quantum cryptography create for Canadian tech entrepreneurs looking to do business in the online security market?

continue reading…