Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Brought to you by Toyota. Let's go places. Welcome to
Forward Thinking either everyone, and welcome to Forward Digging, the
podcast that looks at the future and says you spend
me right round, baby, right round. I'm job in Strickland,
(00:20):
I'm Lauren, and I'm Joe McCormick. So, guys, have you
ever needed to, you know, have a nice, quiet, secure
communication with someone or something? Yeah, I might need to
have a secure communication. Let's say if I'm dealing with
an Internet seller, So maybe a seller on Etsy who
(00:41):
has created glass handcrafted Star Wars action figures with with
with stained tinted coloring and oddly specific. That sounds precarious
but beautiful. Yeah, it's also not what I thought you
were gonna say, because internet seller, I thought you were
either talking about someone who sells in nets or perhaps
(01:01):
or perhaps a dark basement of the Internet exactly. But
now I've got you all right, So a vendor, a
merchant on the Internet, and you want to make a transaction,
you will hear all my special numbers, right. You would
want those special numbers to say yeah, but you would
not want those special numbers to get out and about
(01:22):
to the general public, where they could all make their
own nefarious purchases using your hard earned money. Right, they
could go buy their own glass memorabilia or or let's
let's say that you are just trying to send a
message to someone and you don't necessarily want the entire
world to understand what exactly you are saying. You know, right,
(01:43):
like things right, right, Like if if I wanted to
send Lauren an email talking smack about a certain other
host of this show, um, and I didn't want that
host to be privy to all the things I had
to say about him. Sure, yeah, And of course no
one believes this because you just talked smack right out loud.
But alright, that's but hypothetically, if you didn't want me
(02:06):
to know, I'm sorry, you didn't want this other host
to know, then this would be important. You would want
to be able to hide the information. Thus, Uh, this
is of course not new to the internet. You know,
the idea of being able to hide information so that
you can send messages, uh, discreetly, secretly. This is not
something that's that's brand new. This is an ancient idea.
(02:28):
Oh no, of course, I mean secrets are power, it's
the it's one of the main things we've got going
for us as a species. We've learned how to leverage
privileged information. Yes, you know something they don't know. When
that gives you an advantage, right, Uh, you know obviously
if you are able to maintain that advantage, then that
gives you, uh well, prolonged advantage. You don't want that
(02:52):
to suddenly become common knowledge because then suddenly it's a
it's a level playing field again, and who knows, some bigger,
stronger person is going to come around and take all
your stuff. So in the in the ancient world, we
use things called ciphers, which allowed us to uh to
jumble up a message so that only the person who
sends it and and the person who receives it ideally
(03:15):
have any chance of figuring out what that messages. Now,
that just might mean that you have an agreed upon
set of rules, which means when you get a message,
you look at the message, the jumbled up message, and
you apply those set of rules to it to unscramble
it and see what the actual message is. Right. So
the dirt simplest version of this would be just say,
(03:36):
like an alpha numeric scramble, So you say A is
one and B is two, and you write, you translate
your message in whatever language you're writing into numbers. Right,
the same kind of thing that you probably did to
obscure notes when you were passing them in class when
you were in like elementary school. Right, And he's a
B and a besa C. No one's ever going to
figure it out. Yeah, Yeah, these are all very common,
(03:58):
very simple ciphers. Now in the world of the Internet,
in the world of computers, these sort of things don't
don't fly. It's not going to work anymore because it's
pretty easy to figure that one out. So we're talking
about specifically, uh, cryptography in general, which is the whole
science of making stuff secret, and then encryption in particular,
(04:21):
which is an implementation of cryptography. And the reason why
I say that is that frequently people will interchange these
two terms, but they do mean different things. We'll probably
do it on this podcast. Everybody uses encryption, cryptography, cryptology
that they'll get jumbled up, right, And and I admit,
I mean I do this all the time. I it's
(04:43):
not because I don't appreciate that there are differences. It's
just that my brain starts taking shortcuts and then I
get less accurate in my description. But yes, cryptography the
overall field encryption a specific implementation of cryptography where you
are encrypting a mess it's using some sort of cipher
or key, and then someone else has to use a
(05:04):
decoder key to get at the original message. And if
everything is cool, then you don't have to worry about
anyone else intercepting that message and knowing what's going on.
But the problem is, things aren't really cool in the
real world, are they not. When you send a message
to somebody, it's generally, I think assumed within the world
(05:28):
of cryptography that you should always just take as an
assumption that somebody's listening. Yes, I mean we're we're living
in a world now where it is incredibly easy for
people to listen in, whether on purpose or not. I
remember like this this applies to lots of different fields,
(05:49):
not just Internet communication. It could be a telephone, right,
I remember using wireless telephones where occasionally it would pick
up conversations other people were having that because the channel
as were close enough where I was getting interference and
I was so eventually one one part of one of
the conversations would kind of go like hello, right, is
that are we who else is here? Or I would
(06:11):
talk into it and then it would be clear that
the other parties on the line couldn't hear me. But
yet I was like, well, I don't want to listen
in uh, but I would like to make a phone call.
So I'm going to go and use one of the
hard lined phones that I have instead of one of
these super cheap early eighties wireless monstrosities. Of course, your
hardline phone can be tapped just as easily, or someone
(06:34):
in another branch of the house could pick up another
receiver of it. Right, So in this case, we are
going to be talking about some some famous people. Uh,
those famous people are not really people. There are actually
their names are placeholders for any two entities that wish
to exchange information. This would be Alice and Bob. You
(06:55):
may have heard of Alice and Bob. Alie and Bob. They're,
like I said, placeholders. You want you it's so that
you can give examples so people can wrap their heads
around the way this kind of secret communication works. So
it's not Alice in Wonderland and Bob Seeker. It's I mean,
it could be we might, sure, but we're talking about
a third person as well, we're talking also about Eve. Yes,
(07:17):
Eve would be a short for Eve's dropper clever huh
Sole See what they did there. Eve wants to listen
in on this conversation between Alis and Bob for whatever reason.
Doesn't matter. We're just talking about, you know again, concepts here. Eve. Also,
it does not necessarily have to be an actual conscious
person or entity. No, Eve could be a computer. Eve
(07:41):
could also just be an environment because in this case,
when we get into uh A later in the podcast,
we're gonna be talking about the type of cryptography that
um has some limitations around it, and the environment can
actually play a role in messing up that cryptography. But
in general, we think of Eve as some entity trying
to get intercept messages, usually in the middle between Alison Bob,
(08:05):
to try and decipher exactly what is going on. Okay, So,
in the world today, if Alison Bob want to have
a totally private conversation that nobody else can know about
over the Internet, what is the main way we're going
to use to communicate privately? Uh That would be using
key encryption, a public key and a private key. This
(08:27):
is based off something called r s A encryption. It's
actually uh, that named after the folks who came up
with it. But the idea here is that you have
a public key that allows people to encode messages that
are going to be sent to you, and then you
have a private key that allows you to decode those messages.
And then if you want to send a message back
(08:49):
to someone, you use their public key to encode it
and they'll use their own private key to decode it.
So the public key is something you can send out
to the world and it's fine because all it does
is in code messages. It doesn't decode anything um And
the private key you keep to yourself and you don't
let anyone get hold of it because obviously that would
mean they could decode any message meant for you. So
(09:12):
in this case, if Alice once said Bob a message,
Alice would use Bob's public key, Bob would use his
private key to decode it. Then if Bob wanted to respond,
he would use Alice's public key, Alice would use her
private key to decode it. Theoretically, everything should remain safe. Okay,
but wait a second, how do these keys actually work together?
Because I wonder if there's a way to exploit this process. Um,
(09:35):
it's it's interesting that you asked that question. So there
are different ways to create encryption keys, but one of
the most popular is prime factorization. Tell me how it works. Okay,
you know what a prime number is, right, It's a
number that is only divisible by itself and one. That's correct.
So if you were to take a two prime numbers,
(09:56):
So figure out two prime numbers, uh, three and seven?
All right, and then you multiply the two of those
together you get all right. So if I gave you
just the twenty one and I told you it's your
job to figure out which two prime numbers I used
to multiply together to get to twenty one, you would
have to start going through and looking at the divisors
(10:17):
for twenty one and figuring it out. Now, that one's
pretty easy, right, But when you get into very large numbers,
there's a lot of different possibilities. Yeah. Yeah, it might
be worth dwelling for a minute on why that's hard
to do. There's no just simple equation for how to
get those prime numbers. You have to try them one
at a time. So you have to take, okay, is
two times two, that's not twenty one? Okay, two times three,
(10:41):
that's not twenty. Really, you would just say to one,
is twenty one divisible divisible by two? And if so
is the other? Uh? Is the other number also a prime?
So you can do it that way. So you take
twenty one and you say, all right, let's go to
by two. All right, that's that doesn't work. Twenty one
divide by three. That gets seven. Wait a minute, three
and there are both prime numbers, so that'd be pretty easy.
(11:02):
But yeah, but if you if you're talking about enormous
prime numbers, and when I say enormous, I'm talking about
something that has maybe you know, forty digits or more
behind it. You know, that's a huge prime number or
you know, huge prime number, and you multiply it by
another huge prime number that has an equal number of
digits behind it. You get an incredibly enormous product. And
(11:24):
this is the basis of your encryption. Uh. Then working
backwards trying to figure out which two prime numbers made
that product is incredibly difficult. It would take a classical
computer working on a single core processor years, maybe centuries
to figure it out. I've heard it often expressed that
it would take more than a person's lifetime to solve
(11:47):
these on a classical machine. Yeah. So the three guys
that came up with this, their last names were Rivest
still are Rivest, Shamir, and Adelman. So you've got that, uh,
And they were the ones who who came up with
this this general idea which has been used extensively since then.
And um, basically that's the the idea you use. You've
(12:10):
got this product which you can then allow people to
encode things. Um using this, you know, it's kind of
like another mash up type deal. The coded message gets
sent to you. Because you have the the actual prime
numbers that were used to make that product, you can
decode the message. If you don't have those two prime numbers,
you can't decode it. So that's the general idea. And
(12:32):
because it's such a hard problem that computers normally would
take a very long time to solve, it was considered
extremely secure. Well but is it still extremely secure? If
if it's so difficult to crack, then well, how is
it vulnerable? It depends on It depends on the determination
and resources of your eve that that's exactly right. So
(12:52):
the reason it's secure is because of the limitations of computers.
But if you were just to say, imagine you had
a computer that was way, way, way, way way more
powerful than your standard computer today, this problem would start
becoming a lot less of a problem. And in fact,
we can sort of create these situations today by say,
(13:17):
teaming up a lot of computers together. Right, if you
either had a supercomputer that had lots and lots of
processing cores, and you created a program to look for
the prime, uh the factorization of any number, and you
allowed it so that it could take advantage of all
those processor course and start solving things in parallel, you
(13:40):
cut down on the amount of time it's going to
take to do the overall problem because you've got multiple
cores all working on this. Or if you are able
to link together a bunch of computers to essentially do
the same thing, where each computer is working on part
of this problem. Let's say that a computer just has
a a chunk of numbers that it's looking at as
(14:00):
it goes through. I'll take the first thousand prime numbers,
and Joe across the network. You take the next thousand, Yeah,
and you're you've got you know, maybe hundreds of computers
in this network. This is something that someone with a
zombie army, a botan net could do. They've infected a
bunch of computers. They're using their processors to do whatever
one of those things could be, to try and do
(14:21):
a brute force attack. That's what we call it, because
you're using just brute computing force to go through all
the potential possibilities to try and find the actual two
numbers that were used to multiply together and make that product. Yeah,
you're just doing trillions and trillions of calculations spread out.
But even with this approach, R s A is still
(14:43):
pretty secure. But just because of the scale of the
math involved, the kinds of computers we have today, even
if we imagine these brute force scenarios, it's still pretty secure.
It is pretty secure if you've got someone who's really,
really determined and they're using an advanced computer, especially one
that is able to take advantage of graphics processors, which
(15:06):
you know, graphics processors are meant to process graphics on
your computer. But a lot of hackers have been using
it as a way of creating another avenue for brute
force attacks. It's something that is possible to crack, it's
not easy to do, and it's still is going to
take time, depending upon you know, how resourceful that hacker is,
how many machines they might have at their disposal. But
(15:28):
it's it's one of those things where you know, the
more the larger year numbers that you're using in your encryption,
the more time is required or the more processing powers
required to break that encryption, and the less likely it's
going to happen because the number of people who have
that capability and that desire starts to shrink. You know,
(15:48):
the more complex it gets, the fewer people are going
to say, yeah, that's worth my time. Sure. But okay,
So we're living in the incredible future, right and we
we have or we are starting to develop, at any rate,
computers that are different from the classical computers that we
have been talking about. We've talked on this very show before,
in fact, about quantum computers computer so you know we
(16:13):
talked when we talked about quantum computers, one of the
things we discussed is how they might not really even
provide an advantage if you're just talking about wanting to
stream video and send emails and browse the web. So
why on earth would somebody want to build a quantum
computer if it doesn't provide an advantage of those things. Well, yeah,
I mean it's it's not necessarily going to help your
twitch skills at call of duty. But what it could
(16:36):
do is allow you to solve certain types of problems
much more quickly than you would with a classical computer.
But like these problems specific exactly because you've got cubits. Cubits, yeah,
as opposed to bits, right, So a bit is a
bit of data. It's a zero oral one. It's kind
of like an on or off switch or an often
on switch off your time zero and one. Uh. Cubits
(17:00):
are quantum bits, and one of the properties of the
quantum world is called superposition, where you can have a
quantum particle that can inhabit multiple states simultaneously. So, for example,
we talk about photons and their spin, and we'll talk
about them more in a minute, but photon can have
(17:20):
various types of spin, vertical, horizontal, diagonal. In the quantum state,
it can have all of these simultaneously in superposition. So
a cubit can be both a zero and the one
at the same time, and technically all values in between.
So if you have cubits and you have enough of them,
like you have a quantum computer that has a lot
(17:42):
of cubits, you can then solve certain really difficult problems
like prime factorization, all in parallel, because it's essentially this
is oversimplifying, but essentially doing all the calculations simultaneously. So
at any rate, if you've got a quantum computer that
has a significant enough number of cubits, then in theory,
you could break this kind of prime factorization problem in
(18:05):
no time. Okay, But but I mean quantum computers, although
they do exist. I mean, who has the time, or
the money, or the resources or the desire to possibly
own such a fascinating and and rare piece of machinery.
Who also wants to know all of our secrets? We've
now entered into the Jonathan Lauren and Joe get On
(18:27):
some more government lists part of the podcast. Uh yeah,
the n s A. Yeah. So it turns out, among
the many things we learned from the leaked documents that
Edward Snowden provided about the n s A, one of
the things was we discovered a seventy nine point seven
million dollar research project known as Penetrating Hard Targets of
(18:51):
the n s A, and it was very interested in
building quote a cryptologically useful quantum computer. So I hope
you like your email with the side of spying, because
this is on the way. The n s A has
specifically expressed interest in creating quantum computers that can do
that brute force mathematical attack to decode your encrypted messages. Right,
(19:13):
it's essentially going to sit there and make private keys.
The private public key encryption technique that we've really been
reliant upon for more than a couple of decades now
completely useless. It will essentially be one of those things
that if they direct their attention to you, they will
be able to break that key and read all everything
(19:33):
that's coming to you. Right. And so part of the
problem is, because all of this research is classified, we
don't know how far along they are on this path.
I mean, you might think that they're ahead of where
the private labs are today, or you might think they're
running neck and neck with them. We don't really know,
but we at least know that they are really interested
in this and are willing to spend money on it. Okay,
(19:55):
but part of part of the game here, you know,
you're always going to have people who are trying to
keep something secret and people who are trying to figure
those secrets out, and as the technology of of one increases,
the other has to in order to compete. So you know,
there are people who are working on creating quantum cryptography
(20:16):
to help solve this entire problem for us, right, Yeah,
So we go to another quantum technology basically to offset that.
So the secret breakers are going to get a big
advantage with quantum computers, but only because we are using
classical computers to set up our original encryption. If we
move to ye, a quantum system of of being able
(20:38):
to hide what we're saying. Actually, well, yeah, it's a
quantum framework. You can still use classical computers to to
do the communication. Yeah, you need you need a quantum
emitter is what you're gonna need. I can actually explain
what we're talking about here with quantum cryptography, at least
on a high level. When you get down to it,
you start getting into quantum weirdness that I know happens.
(21:01):
But that's different from saying I understand it, right, Okay,
So I have a pretty good way I think of
getting into how quantum cryptography works. And so it's this question,
why even use a public key in the first place,
Why can't you just share a private key between Alison Bob,
so they've got a a private uh decode or algorithm
(21:25):
known only to them, and then they just use that.
Why even put half of that key out there for
people to use in a brute force attack. Well, the
answer is kind of obvious because in order to do that,
they'd have to share the private key over the Internet.
If someone's eavesdropping like Eve, and Eve intercepts the private key,
then even you've just given Eve the magic decoder ring
(21:46):
to decode all the messages. Right, So ideally, the best
case scenario would be that Alison Bob have a private
key known only to them. But that really only works
in the real world if I don't know, if they
share it somehow physically in the same location, if they
go up to each other and whisper it to one
another in a completely darkened and sound proof room. If
perhaps at one thirty in the morning, Alice here's a
(22:09):
gentle scratching near the window, sees Bob outside whispering it's time.
Obviously that is not practical. If, say, the if you
are the Alice and the Bob you want to communicate with,
is some store online that you want to do business with.
You're not going to go meet up somewhere, you might
as well just do the transaction in the physical place.
I I sometimes do go up to brick and mortar
(22:31):
stores at one thirty in the morning and whisper into
their walls yes, and they say no, it's the secrets,
will be all right. So getting away from the creepy
and into the actual how does this work? But anyway,
so ideally you would have a private key. Well, quantum
key distribution is a way we have figured out to
(22:54):
do exactly that, to share a private key without Eve
being able to intercept it. And it's all because it
relies upon the laws of quantum physics, not on just
zeros and ones. Zeros and ones come into play because
that again is the basis for computing, and we haven't
created a new model of computing, so we're still reliant
(23:17):
upon that. But how do we generate a key that
would allow us to encode and decode messages based on
zeros and ones, but transmitted in such a way that
it is impossible for an eavesdropper to pick up on it.
And that's where we get this quantum key distribution. That's
really the other way of saying quantum cryptography. A lot
of people think of it as quantum encryption, which is
(23:38):
not what's going on. There's no quantum element to the
encryption because by the time you've gotten to the point
where you actually have a key, all the quantum stuff
is over. You're done with the quantum. Well, I'm sure
I've said quantum encryption a ton of times. That's why
I'm specifically addressing it now. But if we've said that
in the past, and specifically if I wrote those words
(23:59):
in the video, I don't know if I did, but well,
even if you didn't, I may have said them. Okay, Well,
in any case, what we mean there is quantum key
distribution using these quantum principles to create a private key.
So here's what's going on. Because we we've danced around
it enough and now now I get the the unenviable
task of trying to explain this. So all right, Alison Bob,
(24:22):
we still have Alison Bob. Alice wants to send Bob
a private message, but first she has to establish this
private key between the two of them, And like you said, Joe,
you can't just send a private key through classical channels
and expect it to get there without someone looking at it.
That always assume heve's listening, right, So how does Alice
do this? She ends up setting up two different channels
(24:43):
of communication. You have a quantum channel of communication and
a classical channel of communication. So in real life, this
quantum channel of communication would probably be some kind of
fiber optic transmission or a way of transmiss transmitting a photon. Yes, photons,
particles of light. Like we said, the particles of light
have this, uh, this this quality spin where they can
(25:05):
be spinning vertically, horizontally or diagonally. So beforehand, Alice and
Bob have determined which spins will mean a one versus
a zero, so you might say vertical spins, those are ones,
horizontal spins or zeros, diagonal spins one way or a one,
diagonal spins the other way, or a zero. So now
they know which one is gonna be a one or
(25:26):
a zero. Then what Alice does is she sets up
a photon emitter an l e ed would be a
good one, uh, and then starts to generate photons one
by one. Now when she generates them, they are they
have the superposition where they've got all spins at once.
This is unpolarized light. She then puts it through a
(25:47):
filter which polarizes the light, either a vertical, horizontal, or
diagonal filter. This gives the photon a specific spin. It
eliminates all the other possibilities. She then starts to transmit
these photons one by one to Bob, changing filters as
she's going to whatever pattern or random group she wants. Now,
(26:08):
Bob is receiving these photons and he's passing them through
filters of his own. His filters come in two flavors.
He's got a filter that will allow either vertical or
horizontal uh spin to come through, and he has another
filter that will allow diagonal spin to come through either
direction of diagonal spin. So what happens if the wrong
(26:28):
type of polarized photon hit If a polarized photon hits
the opposite type of so filter. If he has a
diagonal filter and a either horizontal or vertical spin photon comes,
it will not pass through that filter and he'll get
a a fail. Essentially, he will say that he does
not know what that particular number will be, but that's okay,
that's fine. In fact, he just keeps on going and
(26:50):
just the random chance fifty of the time he's going
to end up getting a filter that works properly with
this uh, with this this one that Alice sent. That's
just based upon you know, a long enough string and probability,
because he's you know, he's he can get half of
what is sent on the other half he wouldn't. So
(27:10):
over a long enough string, you're gonna see success rate.
So then at that point Alison Bob through their classical
channels start to go through, and Bob says, all right, here,
here are the filters that I used in order, and
then Alice will say yes or no, as in, yes,
that's the right kind of filter for you to have used,
or no it is not. And then by that way
(27:32):
they established which bits made it through, because again they've
already agreed if a vertical spin is a one and
horizontal spin is a zero. So once they have enough
information about which ones passed through, they have a string
of ones and zeros. You eliminate all the x is,
all the ones where Bob used the wrong filter, and
then you would you should have enough information there to
(27:53):
create a key to encrypt things. However, if during this
classical communication, Alice starts to say, you know what, Bob,
you haven't gotten any right at all, and that's really weird.
That's an indication that someone has been snooping. Because one
of the facets of quantum, the quantum world, is that
(28:14):
by observing, you change the observed right. So if Eve
is trying to intercept this private key between Alice and Bob,
Eve is actually changing that photon spin and creating a
string of photons have exactly the right spin to send
it onto Bob. Is not a practical solution. So in
other words, Eve ends up changing the key before he
(28:37):
can get to Bob. And but because the key, because
those changes are detectable, Alison Bob would know if someone's
been listening, and if they know that, they know to
abandon that key and to start over, right. So the
safety comes in, uh, the awareness of Alice and Bob.
It's not that Eve couldn't tap this line. It's that
Alie and Bob will always, because of the laws of
(28:59):
quantum mechanics, be able to tell if you taped. And
this is just to make that key right. There's no
information that's going across yet. Alice hasn't said, hey, Bob,
what's for dinner? She hasn't written any kind of message.
They're just trying to establish what is the key they're
going to use to encode and decode messages. And because
once they established that they have completely symmetrical keys, they're
(29:22):
identical keys, I shouldn't say symmetrical, they're identical, then they
know that they can encode and decode perfectly, and then
they can send over classical channels using that private key.
I mean, it's almost as if they had met up
and agreed on a key and then went back their
separate ways, right, because they're establishing a key safely over
this classical channel of communication, and there's there's no way
(29:43):
to determine what that key was because in order to
know what the key was, you had to have received
those photons. But if you receive the photons, you changed
the photons. So that means that the other recipient, the
actual intended recipient would have been, would have caught onto it,
and again they would have abandoned it and started again.
So Eve would eventually either frustrate Alison Bob to the
(30:05):
point where Alison Bob, well, we're just not going to communicate,
or Eve would get frustrated and quit trying to eavesdrop
because it wasn't productive. She's never going to get anything
other than the attempts to create a secure private key, Right,
it's pointless on eves Park. Yes, there's another approach though, right,
which has to do with spooky action at a distance.
(30:26):
I hadn't even heard about this one, so I'm intrigued
to see what you're gonna say. So, Yeah, the other
spooky action is called quantum entanglement. This is where you
can create a pair of quantum particles like photons, and
they will have identical um identical features in some way,
and when you measure one, you will know exactly what
(30:48):
the state is of the other particle at the moment
that it was measured. Right, So they're entangled. And then
you can take them to opposite ends of the galaxy
and you look at one, and by looking at at
that one, you will immediately know something about the other
one at the other end of the galaxy. Now, from
that point on you can't determine anything, right, because you've
(31:08):
changed the system by looking at it. Yeah, they're unentangled,
wrecked everything. Yes, everything you touch you destroy, which pretty
much true in the quantum world. So um, So the
idea I saw, and this was more of a hypothetical.
This is not typically how it's more typical that's done
in that filtering system that I had just talked about.
But hypothetically you could create a set of entangled photons.
(31:33):
I believe you would have to measure them exactly at
the right time to be able to determine what that
sequence was, so that Alice and Bob would have identical
private keys. Because here's the thing is, if you observe one,
then they become unentangled. So let's say Alice goes ahead
and observes her string of photons. Bob has not looked
(31:54):
at his string of photons, but once Alice does, then
they become unentangled, and whatever Bob says won't match what
Alice has anyway, So I'm not sure exactly how the
implementation would work, but hypothetically they have talked about using
they being quantum scientists talked about using these strings of
entangled particles in order to create identical private keys. That again,
(32:17):
if an eavesdropper gets hold of one of them just
by looking at them, they become unentangled and they are
no longer useful as a private key. In the first place,
so fascinating. Don't know what the implementation would be yet.
I I understand the filtering one more than I understand
this one. Both of them are pretty dense. Once you
get down to the technical level. Oh yeah, No, once
(32:39):
you get down to like, all right, well, why is
this happening, you get a lot of I'm always I'm
always comforted that quantum physicists themselves usually kind of go
like yeah, you get to a point where they're like, yeah, okay,
I don't know anymore, Well, there's gonna be. They're really
smart people. They can describe what's happening really well. Yeah.
When when you start asking them why, either like, well
(33:00):
that's a great question. Why not? Okay? But I wanted
to point out something that's really cool about quantum cryptography,
which is that this is not some far future, pie
in the sky fantasy, is it. No, the idea was today. Yeah,
the ideas were mentioned back in the eighties. I mean this,
(33:21):
this idea has been around for for like twenty five
years um in some form or another. It's not used widely, no, yeah,
because it does have some pretty tough limitations. Obviously, we're
talking about these quantum states. They are very delicate. Uh,
and again, any kind of disturbance of that state is
going to have an effect and thus make this private
(33:43):
key sharing um an impossibility. So yeah, you're limited by
how far you can transmit this information without danger of
the photons getting quote unquote lost along the way. So
it's a matter of kilometers, right, and maybe a few
dozen kilometers. But it's not like coast to coast. You
could not have a coast to coast fiber optic cable
(34:04):
as of right now and expect that quantum state to
be preserved for the entire length of that that cable,
and so it would be really difficult to share a
private key across that way. Yeah. I also want to
introduce some other considerations that we should take into account
because a lot of people are are looking at quantum
cryptography and they're saying, amazing, it's unhackable. And I actually
(34:26):
do agree with them in theory because because of the
way it's constructed based on the laws of quantum physics,
it is in theory unhackable. The principle is completely sound.
The implementation, on the other hand, we don't know. I mean,
because that's a problem that's often come up in cryptography before.
(34:47):
For example, we've had major uh security scares on the
Internet that had nothing to do with the soundness of
public key encryption. Oh sure, so you're talking specifically about
heart bleed, right, So yeah, looking at the heart bleed bug.
Oh man, everybody had to change their passwords. It was panic.
But the problem wasn't that somebody had found a way
(35:10):
to decode all of your public key encryption. No, it
was a bug. It was it was a vulnerability um
in in open SSL. That's secure socket layer, which is
a type of security measure that's in place over a
great deal of Internet websites, like many many servers, not
(35:31):
not all, but yeah, something like six that we're using
that form of security. We're using that specific, specific type. Now,
open SSL had several versions. You know, it's kind of
like any other software where you get generations of the software,
you know, one point oh one point oh one, one
point two, that kind of thing, unless you're Mac and
then it's ten point ten for reasons that never mind,
(35:51):
I'm going to go off on a tangent. So at
any rate, the problem in certain versions of open SSL
was in something that they called a heartbeat, and the
purpose of the heartbeat was really just to say hey,
are you still there? And the other services yeah, and
then everything's fine. Except instead of just saying hey, are
you still there and the services yeah, the server responds
(36:12):
with whatever the original message was going to be, right,
It's it's sort of like asking hey, Jonathan, if you're
still there, say yes, and then I would say yes,
but but but if you but if instead a tricksy
person gets in there and says, hey, Jonathan, I'm tots
the server. Are you still there? If so, say yes,
but say it in characters. Yeah. So in this case,
(36:33):
what was going on was that the message going out
to the server was uh, was short. The actual message
was short, but the meta data about the message said
it was much longer. So, in other words, if I
send out a request to a server and say hit
me back to let me know you're still there, Um,
this is the message, and the message is only three
(36:53):
characters along, but it says it's five characters long, then
the server is going to say, all right, I'm still here.
Here your message, but then says, wait a minute, the
number of characters I put in here is four short
of what it should be. Oh, I'll just fill it up.
With whatever random stuff happens to be in my memory
to pad it out. It's kind of like it's it's
kind of like cheating, right, You're like, like, oh, they
(37:16):
expect to have a thick envelope back, I'm just gonna
shove a whole bunch of blank pieces of paper or
random things. But yeah, and and so sometimes those random
things would be people's passwords or private keys, or private
keys or lots of other wacky information. Yeah. So if
you targeted a server that, for instance, handled email exchanges,
and you got a bunch of random information in from
(37:39):
the server's memory, some of that random information could be
private keys that would allow you to decrypt things as
if you were that person. Right, it's not like you
were using a hack. You were just using that person's key.
It's like you had found a key and made a
copy of it yourself, and you're using that key to
get in and out of that person's house. Same sort
of thing. So you could do it completely undetectable by
(38:01):
anybody else. And uh, people began to panic by changing
their passwords. But the problem was changing your password doesn't
solve that problem. You would have to have the the
on the server side you would have to have administrators
patched the server open SSL approach to to a version
that did not contain that that that bug, and then
(38:24):
change your password. Yes, it was only after it had
been patched that changing your password would matter at all. Right,
So the analogy of all this to quantum cryptography is
that even though the principle might be completely sound, you
can always have something like the heart bleed bug. Well,
you can always have a problem with the specific way
you designed this system. It might be a hardware problem.
(38:46):
Maybe the way you're using uh, the way you're emitting
photons or something is vulnerable to detection. Here's an easy way,
here's an easy way that would that would totally ruin it. So,
you know, we talked about Alice and Bob, and we're
talking about them comparing filters. All of that would obviously
be automated. You wouldn't actually have two people physically putting
filters in place and physically checking that that system. So
(39:10):
I think, I see where you're going. Are you talking
about if you could control the filters they use, or
you don't have to control the filters they use, what
you because even that would be a little weird. But
what you could do is if you were not careful
in the way you designed the software, you could have
it where Alice and Bob are exchanging in order to
(39:30):
confirm that the message has gone over, exchanging too much information,
revealing what that string of numbers actually is. You know
what the idea is that you're sharing information about the process,
but not about the actual zeros and ones. Right, You're
you're kind of talking around the problem so that you
can both figure out which ones and which zeros came
through without actually saying, oh, it's one zero zero one one,
(39:54):
because that would be useless. You would essentially be doing
the same thing as sending the private key. But it
could be eas lee be where someone creates this this
sort of approach and has an implementation that reveals too
much about the actual key and gives people enough of
a hint to make it useless. Yeah, I've seen some
people say also that the process, the security of the
(40:15):
process in the long term, will depend on our ability
to create truly random numbers. Uh. And so if you
have a number that's supposed to be random, but it's
actually not random, right, because folks, random number generators usually
are not actually random. No, it's they're they're random ish.
(40:35):
They're so complexly derived that they seem random to us.
Uh yeah, because I mean it's hard to program a
computer to say, make up a number without telling the
computer how does it make up a number? It usually
has to pull information from something. There's some really cool
examples of doing that by using things like environmental factors,
like well, the barometric pressure is such, and the wind
(40:56):
direction as such, and so those things are going to
mean that I multiply these two umbers together to get
your random number, which is kind of cool because it's
based on a chaotic system, but still still not still
an algorithm and not actually right. Yeah. I want to
introduce another concern on top of that, which is that
so there may be design flaws, but we'll trust that, Okay,
the people designing these systems are probably very, very smart,
(41:19):
and they're taking a lot of precautions. And let's say
they do design a foolproof system. You know what they
can't do. They can't design foolproof users. Yeah. Now, this
is always going to be a problem. So one of
the things that we see over and over again is
that a lot of systems they're supposedly secure, end up
becoming vulnerable, not because of some inherent flaw or because
(41:41):
a hacker was able to crunch numbers enough times to
get into a system, or that someone has created a
weird program where you type in three guesses on a
password and the third one is always right Hollywood, But
but rather because you know that guy from Seinfeld has
created a backdoor that's going to let all of the
dinosaurs eventually run a buck on the island. Kind of Yeah,
(42:03):
the more like more like the idea of, Hey, I
wonder what Lawrences password is. Let me pick up this
this keyboard. Oh, sure enough, there's a post it note
with a password on it, or a much easier one, say,
if you're not in the same office, is I send
Jonathan and email saying Hey, I'm the new assistant to
your system administrator and I need your password in order
(42:25):
to do some maintenance on your computer. Yeah. This is
called social engineering. It's manipulating the people in a system
rather than the technology, and often it ends up being
the most effective way of getting access to any secure system.
If you read any reports about some of the famous hackers,
a lot of their exploits involved not to use a
(42:46):
pun A lot of their exploits involve manipulating people not
sitting down at a computer and typing in zeros and
ones until things magically happened. Right. Well, typically the people
are the weakest part of the whole process. Yeah, that's
why I I I anticipate wiping them all out and
making a perfect, clean future where I don't have to
worry about these weaknesses, where dinosaurs rule the earth. All right,
(43:10):
well this got dark fast. No, obviously I'm not going
to wipe out people. Who's who's going to carry all
my stuff? What would you eat? It would be really
lonely going to the same restaurants over and over again,
all by myself and robot waiters saying table for one again. Yeah,
so yeah, I probably won't do that. No, it's not
(43:33):
putting it on the back burner, but anyway, Yeah, it's
it's true. Any system, any secure system, you need to
look at the people as well as the technology and
make sure the people know the best practices for remaining
secure and private so that other people who want to
get access to that stuff don't have as easy a
time about it. The harder we make it, the less
(43:54):
likely it'll happen. It doesn't mean that someone who's really
determined won't find a way. Now, the quantum cryptography approach
is really darn secure because that's basic laws of physics that,
as far as we know, are unbreakable. So if we
can get the physical systems to take advantage of those
laws of quantum physics, we got it made. But we
(44:16):
already are seeing limitations right now, and it's just, you know,
there's still questions about whether or not this could ever
be a widely implemented security feature. You know, it might
be something that we see in something like a military
installation where the different machines on that installation use quantum
cryptography to communicate with each other. But if I'm sending
an email to a buddy of mine who lives out
(44:38):
in California, there may not be a physical system that
can take advantage of this, but just because the very
nature of the quantum world. So there, you know, things
to think about. But I really think this was an
interesting topic. It's great to UH to kind of explore it,
especially since we always love looking at the quantum world
and marveling at how unusual it is, how how alien
(45:01):
it is to us on the macro level. So we
love those kind of topics, and this is where I
invite you, our listener, if you have any interesting topics
that are future oriented, whether it is a technology you
want to know about, or some development in science, or
some big question about what what is culture and society
(45:22):
gonna be like in a hundred and fifty years, or
even hey, there's this other thing that science fiction films
never address and I really want to know about it.
You should let us know send us a message. You
can contact us on Twitter, Facebook, and Google Plus. We
have the handle f W Thinking at All three and
we will talk to you again really soon. For more
(45:47):
on this topic in the future of technology, visit forward
thinking dot com, brought to you by Toyota. Let's Go Places,