Yes or no, will your next phone have quantum cryptographic 2FA?
If one of the vendors here at RSA has anything to do with it, the answer is “yes”. Quantum cryptography would prove orders of magnitude more difficult to break, and also throw orders of magnitude of levels of protection around critical data. The problem: quantum anything is really hard to wrangle.
"Taming quantum physics and putting it in a box has been disturbingly daunting."
Taming quantum physics and putting it in a box has been disturbingly daunting. Barely fidget with any part of the process and the whole thing crashes – and in strange ways. It is super sensitive. But it’s also super powerful. Remember when no one thought you could drop the core CPU voltage because any introduced noise would be seen as a change in logic state and create a mess? Making quantum physics behave is like that, but far worse.
Regardless, right now a group of Aussies at Quintessence Labs have a quantum-based random number generator shoehorned into a small box about twice as thick as a deck of cards, and bolted to a card inside a server chassis. While the whole box currently costs more than a new Toyota, they claim the cost will drop steeply with adoption.
Want something smaller? The next generation will be half that size if they have their way. Remember floppy disks’ data density versus microSD cards? Along those lines. I asked whether they think they could fit one on a phone eventually, they answered a hopeful “yes”.
So we’re all trying to solve mobile security, well, along with a lot of other kinds of security. If we threw quantum cryptography at the problem, we may get very close to an “unbreakable lock”, regardless of who wanted access. There simply wouldn’t be any practical way of expecting it be breakable for any reason. Oh, if you had a spare thousand years, you could give it a shot.
Unless you had quantum computing powers trying to break crypto. Quantum computing has also been envisioned as a means to try to brute force existing cryptography that’s currently considered “pretty good”, like the stuff that we all are already using and have been for some time. When leveling that amount of computer power against existing algorithms, suddenly things that took an obscene amount of time to attempt to break can be compressed to the point that it may be possible (albeit still non-trivial, well, for now).
"Once again security becomes a game of cat-and-mouse – just a quantum cat in this case."
So once again security becomes a game of cat-and-mouse, just a quantum cat in this case. Which gets us back to the question about whether it’s a good thing to build an unbreakable lock, something no one can get into for any reason, good or bad. And while folks may have to wrestle with what is considered good and bad in a new dimension now, if a phone comes out with quantum physics based two-factor authentication, I’m getting one! Oh, and if you lose your quantum crypto key, you are probably well and truly out of luck.