Quantum Hokum?
Hughes (amongst others) has been working on free space quantum key distribution for some time. The original idea, invented by IBM and the Uni of Montreal, was demonstrated using free space optics over a distance of about 30cm. At that time they didn't think it would work in fibre. A collaboration between BT and the Defence Research Agency (now Qinetiq) established that the technique could be made to work in fibre. Fibre systems can now reliably establish keys over about 150km and free space systems (both commercially available) have managed around 30km (the best I last heard of).
Calling the thing quantum encryption is a misnomer because it's basically a key distribution system in which the laws of physics guarantee the security of the key (provided everything has been set up right of course - there's more than one way to skin a cat). The key can then be used either in conventional symmetric crypto systems or, if the quantum key rate is high enough, in one-time pad systems which provide perfect secrecy.
The idea is that the key information is transmitted in a single quantum state. The security is provided by a clever use of, effectively, the Heisenberg uncertainty principle. The information being randomly encoded in one of two complementary bases. Precise measurement of one basis will destroy any information about the other - so if an eavesdropper gets the coding basis wrong she'll destroy the information contained in the actual coding basis.
Bits that never reach the reciever never form part of the key so the system is robust against loss. If the error rate, caused by an eavesdropper, or some other physical disturbance, is too high then a key cannot be securely established. But below a certain error rate a secret key can be established with precise limits known about how much information could possibly have been leaked about the key to an eavesdropper. This information leakage can be made arbitrarily small by sacrificing enough key bits.
The comms requirements on the quantum channel are different to those needed for the conventional communication. if you're going to use a symmetric algorithm (say 256 bit AES) then you only need to establish 256 bits of secret key. When this has been established you can use any channel you like to send your encrypted communication hopefully at a much higher data rate.
The security of QKD depends upon a number of factors
- the ability to generate, modulate, and measure single quantum states
- a true random number source
- establishment of an authenticated channel between sender and receiver
- the assumption that the laws of quantum mechanics cannot be violated
In a battlefield scenario, for example, the ability to send keys over free space could be quite useful. The beauty of QKD is that it also allows extremely rapid update of key material - giving it the ability to be used as a technique for securing sessions without the need for dependence upon a more secure 'master' key. Of course, one still needs to have established the necessary authentication mechanism, otherwise man-in-the-middle attacks can be performed (although technically difficult).
In terms of future threats then QKD may well prove to be an interesting alternative to conventional methods of key distribution, particularly when quantum computers start biting. With a well-designed algorithm the fastest form of attack is exhaustive key search (that's the design requirement). Quantum computers effectively can only reduce the key size by a half (the best they can do in search techniques) so QKD systems will remain secure against quantum computers, provided they don't use asymmetric crypto techniques based on factoring or discrete logs for their authentication.