Cryptically Quantum

have a secure communication. Let's say if I'm dealing with an Internet seller, So maybe a seller on Etsy who has created glass handcrafted Star Wars action figures with with with stained tinted coloring and oddly specific. That sounds precarious but beautiful. Yeah, it's also not what I thought you were gonna say, because internet seller, I thought you were either talking about someone who sells in nets or perhaps

or perhaps a dark basement of the Internet exactly. But now I've got you all right, So a vendor, a merchant on the Internet, and you want to make a transaction, you will hear all my special numbers, right. You would want those special numbers to say yeah, but you would not want those special numbers to get out and about to the general public, where they could all make their

own nefarious purchases using your hard earned money. Right, they could go buy their own glass memorabilia or or let's let's say that you are just trying to send a message to someone and you don't necessarily want the entire world to understand what exactly you are saying. You know, right, like things right, right, Like if if I wanted to send Lauren an email talking smack about a certain other host of this show, um, and I didn't want that host to be privy to all the things I had

to say about him. Sure, yeah, And of course no one believes this because you just talked smack right out loud. But alright, that's but hypothetically, if you didn't want me to know, I'm sorry, you didn't want this other host to know, then this would be important. You would want to be able to hide the information. Thus, Uh, this is of course not new to the internet. You know, the idea of being able to hide information so that you can send messages, uh, discreetly, secretly. This is not

something that's that's brand new. This is an ancient idea. Oh no, of course, I mean secrets are power, it's the it's one of the main things we've got going for us as a species. We've learned how to leverage privileged information. Yes, you know something they don't know. When that gives you an advantage, right, Uh, you know obviously if you are able to maintain that advantage, then that

gives you, uh well, prolonged advantage. You don't want that to suddenly become common knowledge because then suddenly it's a it's a level playing field again, and who knows, some bigger, stronger person is going to come around and take all your stuff. So in the in the ancient world, we use things called ciphers, which allowed us to uh to jumble up a message so that only the person who sends it and and the person who receives it ideally

have any chance of figuring out what that messages. Now, that just might mean that you have an agreed upon set of rules, which means when you get a message, you look at the message, the jumbled up message, and you apply those set of rules to it to unscramble it and see what the actual message is. Right. So the dirt simplest version of this would be just say, like an alpha numeric scramble, So you say A is one and B is two, and you write, you translate

your message in whatever language you're writing into numbers. Right, the same kind of thing that you probably did to obscure notes when you were passing them in class when you were in like elementary school. Right, And he's a B and a besa C. No one's ever going to figure it out. Yeah, Yeah, these are all very common, very simple ciphers. Now in the world of the Internet, in the world of computers, these sort of things don't don't fly. It's not going to work anymore because it's

pretty easy to figure that one out. So we're talking about specifically, uh, cryptography in general, which is the whole science of making stuff secret, and then encryption in particular, which is an implementation of cryptography. And the reason why I say that is that frequently people will interchange these two terms, but they do mean different things. We'll probably do it on this podcast. Everybody uses encryption, cryptography, cryptology that they'll get jumbled up, right, And and I admit,

I mean I do this all the time. I it's not because I don't appreciate that there are differences. It's just that my brain starts taking shortcuts and then I get less accurate in my description. But yes, cryptography the overall field encryption a specific implementation of cryptography where you are encrypting a mess it's using some sort of cipher or key, and then someone else has to use a

decoder key to get at the original message. And if everything is cool, then you don't have to worry about anyone else intercepting that message and knowing what's going on. But the problem is, things aren't really cool in the real world, are they not. When you send a message to somebody, it's generally, I think assumed within the world of cryptography that you should always just take as an

assumption that somebody's listening. Yes, I mean we're we're living in a world now where it is incredibly easy for people to listen in, whether on purpose or not. I remember like this this applies to lots of different fields,

not just Internet communication. It could be a telephone, right, I remember using wireless telephones where occasionally it would pick up conversations other people were having that because the channel as were close enough where I was getting interference and I was so eventually one one part of one of the conversations would kind of go like hello, right, is that are we who else is here? Or I would talk into it and then it would be clear that

the other parties on the line couldn't hear me. But yet I was like, well, I don't want to listen in uh, but I would like to make a phone call. So I'm going to go and use one of the hard lined phones that I have instead of one of these super cheap early eighties wireless monstrosities. Of course, your hardline phone can be tapped just as easily, or someone in another branch of the house could pick up another receiver of it. Right, So in this case, we are

going to be talking about some some famous people. Uh, those famous people are not really people. There are actually their names are placeholders for any two entities that wish to exchange information. This would be Alice and Bob. You may have heard of Alice and Bob. Alie and Bob. They're, like I said, placeholders. You want you it's so that you can give examples so people can wrap their heads around the way this kind of secret communication works. So

it's not Alice in Wonderland and Bob Seeker. It's I mean, it could be we might, sure, but we're talking about a third person as well, we're talking also about Eve. Yes, Eve would be a short for Eve's dropper clever huh Sole See what they did there. Eve wants to listen in on this conversation between Alis and Bob for whatever reason. Doesn't matter. We're just talking about, you know again, concepts here. Eve. Also, it does not necessarily have to be an actual conscious

person or entity. No, Eve could be a computer. Eve could also just be an environment because in this case, when we get into uh A later in the podcast, we're gonna be talking about the type of cryptography that um has some limitations around it, and the environment can actually play a role in messing up that cryptography. But in general, we think of Eve as some entity trying to get intercept messages, usually in the middle between Alison Bob,

to try and decipher exactly what is going on. Okay, So, in the world today, if Alison Bob want to have a totally private conversation that nobody else can know about over the Internet, what is the main way we're going to use to communicate privately? Uh That would be using key encryption, a public key and a private key. This is based off something called r s A encryption. It's actually uh, that named after the folks who came up

with it. But the idea here is that you have a public key that allows people to encode messages that are going to be sent to you, and then you have a private key that allows you to decode those messages. And then if you want to send a message back to someone, you use their public key to encode it and they'll use their own private key to decode it. So the public key is something you can send out to the world and it's fine because all it does

is in code messages. It doesn't decode anything um And the private key you keep to yourself and you don't let anyone get hold of it because obviously that would mean they could decode any message meant for you. So in this case, if Alice once said Bob a message, Alice would use Bob's public key, Bob would use his private key to decode it. Then if Bob wanted to respond, he would use Alice's public key, Alice would use her

private key to decode it. Theoretically, everything should remain safe. Okay, but wait a second, how do these keys actually work together? Because I wonder if there's a way to exploit this process. Um, it's it's interesting that you asked that question. So there are different ways to create encryption keys, but one of the most popular is prime factorization. Tell me how it works. Okay, you know what a prime number is, right, It's a number that is only divisible by itself and one. That's correct.

So if you were to take a two prime numbers, So figure out two prime numbers, uh, three and seven? All right, and then you multiply the two of those together you get all right. So if I gave you just the twenty one and I told you it's your job to figure out which two prime numbers I used to multiply together to get to twenty one, you would have to start going through and looking at the divisors

for twenty one and figuring it out. Now, that one's pretty easy, right, But when you get into very large numbers, there's a lot of different possibilities. Yeah. Yeah, it might be worth dwelling for a minute on why that's hard to do. There's no just simple equation for how to get those prime numbers. You have to try them one at a time. So you have to take, okay, is two times two, that's not twenty one? Okay, two times three, that's not twenty. Really, you would just say to one,

is twenty one divisible divisible by two? And if so is the other? Uh? Is the other number also a prime? So you can do it that way. So you take twenty one and you say, all right, let's go to by two. All right, that's that doesn't work. Twenty one divide by three. That gets seven. Wait a minute, three and there are both prime numbers, so that'd be pretty easy.

But yeah, but if you if you're talking about enormous prime numbers, and when I say enormous, I'm talking about something that has maybe you know, forty digits or more behind it. You know, that's a huge prime number or you know, huge prime number, and you multiply it by another huge prime number that has an equal number of digits behind it. You get an incredibly enormous product. And

this is the basis of your encryption. Uh. Then working backwards trying to figure out which two prime numbers made that product is incredibly difficult. It would take a classical computer working on a single core processor years, maybe centuries to figure it out. I've heard it often expressed that it would take more than a person's lifetime to solve these on a classical machine. Yeah. So the three guys that came up with this, their last names were Rivest

still are Rivest, Shamir, and Adelman. So you've got that, uh, And they were the ones who who came up with this this general idea which has been used extensively since then. And um, basically that's the the idea you use. You've got this product which you can then allow people to encode things. Um using this, you know, it's kind of like another mash up type deal. The coded message gets sent to you. Because you have the the actual prime numbers that were used to make that product, you can

decode the message. If you don't have those two prime numbers, you can't decode it. So that's the general idea. And because it's such a hard problem that computers normally would take a very long time to solve, it was considered extremely secure. Well but is it still extremely secure? If if it's so difficult to crack, then well, how is it vulnerable? It depends on It depends on the determination

and resources of your eve that that's exactly right. So the reason it's secure is because of the limitations of computers. But if you were just to say, imagine you had a computer that was way, way, way, way way more powerful than your standard computer today, this problem would start becoming a lot less of a problem. And in fact, we can sort of create these situations today by say,

teaming up a lot of computers together. Right, if you either had a supercomputer that had lots and lots of processing cores, and you created a program to look for the prime, uh the factorization of any number, and you allowed it so that it could take advantage of all those processor course and start solving things in parallel, you cut down on the amount of time it's going to take to do the overall problem because you've got multiple

cores all working on this. Or if you are able to link together a bunch of computers to essentially do the same thing, where each computer is working on part of this problem. Let's say that a computer just has a a chunk of numbers that it's looking at as it goes through. I'll take the first thousand prime numbers, and Joe across the network. You take the next thousand, Yeah, and you're you've got you know, maybe hundreds of computers in this network. This is something that someone with a

zombie army, a botan net could do. They've infected a bunch of computers. They're using their processors to do whatever one of those things could be, to try and do a brute force attack. That's what we call it, because you're using just brute computing force to go through all the potential possibilities to try and find the actual two numbers that were used to multiply together and make that product. Yeah, you're just doing trillions and trillions of calculations spread out.

But even with this approach, R s A is still pretty secure. But just because of the scale of the math involved, the kinds of computers we have today, even if we imagine these brute force scenarios, it's still pretty secure. It is pretty secure if you've got someone who's really, really determined and they're using an advanced computer, especially one that is able to take advantage of graphics processors, which you know, graphics processors are meant to process graphics on

your computer. But a lot of hackers have been using it as a way of creating another avenue for brute force attacks. It's something that is possible to crack, it's not easy to do, and it's still is going to take time, depending upon you know, how resourceful that hacker is,

how many machines they might have at their disposal. But it's it's one of those things where you know, the more the larger year numbers that you're using in your encryption, the more time is required or the more processing powers required to break that encryption, and the less likely it's going to happen because the number of people who have that capability and that desire starts to shrink. You know, the more complex it gets, the fewer people are going

to say, yeah, that's worth my time. Sure. But okay, So we're living in the incredible future, right and we we have or we are starting to develop, at any rate, computers that are different from the classical computers that we

have been talking about. We've talked on this very show before, in fact, about quantum computers computer so you know we talked when we talked about quantum computers, one of the things we discussed is how they might not really even provide an advantage if you're just talking about wanting to stream video and send emails and browse the web. So why on earth would somebody want to build a quantum

computer if it doesn't provide an advantage of those things. Well, yeah, I mean it's it's not necessarily going to help your twitch skills at call of duty. But what it could do is allow you to solve certain types of problems much more quickly than you would with a classical computer. But like these problems specific exactly because you've got cubits. Cubits, yeah, as opposed to bits, right, So a bit is a bit of data. It's a zero oral one. It's kind of like an on or off switch or an often

on switch off your time zero and one. Uh. Cubits are quantum bits, and one of the properties of the quantum world is called superposition, where you can have a quantum particle that can inhabit multiple states simultaneously. So, for example, we talk about photons and their spin, and we'll talk about them more in a minute, but photon can have various types of spin, vertical, horizontal, diagonal. In the quantum state,

it can have all of these simultaneously in superposition. So a cubit can be both a zero and the one at the same time, and technically all values in between. So if you have cubits and you have enough of them, like you have a quantum computer that has a lot of cubits, you can then solve certain really difficult problems like prime factorization, all in parallel, because it's essentially this

is oversimplifying, but essentially doing all the calculations simultaneously. So at any rate, if you've got a quantum computer that has a significant enough number of cubits, then in theory, you could break this kind of prime factorization problem in no time. Okay, But but I mean quantum computers, although they do exist. I mean, who has the time, or the money, or the resources or the desire to possibly own such a fascinating and and rare piece of machinery.

Who also wants to know all of our secrets? We've now entered into the Jonathan Lauren and Joe get On some more government lists part of the podcast. Uh yeah, the n s A. Yeah. So it turns out, among the many things we learned from the leaked documents that Edward Snowden provided about the n s A, one of the things was we discovered a seventy nine point seven million dollar research project known as Penetrating Hard Targets of the n s A, and it was very interested in

building quote a cryptologically useful quantum computer. So I hope you like your email with the side of spying, because this is on the way. The n s A has specifically expressed interest in creating quantum computers that can do that brute force mathematical attack to decode your encrypted messages. Right, it's essentially going to sit there and make private keys. The private public key encryption technique that we've really been reliant upon for more than a couple of decades now

completely useless. It will essentially be one of those things that if they direct their attention to you, they will be able to break that key and read all everything that's coming to you. Right. And so part of the problem is, because all of this research is classified, we don't know how far along they are on this path. I mean, you might think that they're ahead of where the private labs are today, or you might think they're

running neck and neck with them. We don't really know, but we at least know that they are really interested in this and are willing to spend money on it. Okay, but part of part of the game here, you know, you're always going to have people who are trying to keep something secret and people who are trying to figure those secrets out, and as the technology of of one increases,

the other has to in order to compete. So you know, there are people who are working on creating quantum cryptography to help solve this entire problem for us, right, Yeah, So we go to another quantum technology basically to offset that. So the secret breakers are going to get a big advantage with quantum computers, but only because we are using classical computers to set up our original encryption. If we move to ye, a quantum system of of being able

to hide what we're saying. Actually, well, yeah, it's a quantum framework. You can still use classical computers to to do the communication. Yeah, you need you need a quantum emitter is what you're gonna need. I can actually explain what we're talking about here with quantum cryptography, at least on a high level. When you get down to it, you start getting into quantum weirdness that I know happens.

But that's different from saying I understand it, right, Okay, So I have a pretty good way I think of getting into how quantum cryptography works. And so it's this question, why even use a public key in the first place, Why can't you just share a private key between Alison Bob, so they've got a a private uh decode or algorithm known only to them, and then they just use that. Why even put half of that key out there for

people to use in a brute force attack. Well, the answer is kind of obvious because in order to do that, they'd have to share the private key over the Internet. If someone's eavesdropping like Eve, and Eve intercepts the private key, then even you've just given Eve the magic decoder ring to decode all the messages. Right, So ideally, the best case scenario would be that Alison Bob have a private

key known only to them. But that really only works in the real world if I don't know, if they share it somehow physically in the same location, if they go up to each other and whisper it to one another in a completely darkened and sound proof room. If perhaps at one thirty in the morning, Alice here's a gentle scratching near the window, sees Bob outside whispering it's time.

Obviously that is not practical. If, say, the if you are the Alice and the Bob you want to communicate with, is some store online that you want to do business with. You're not going to go meet up somewhere, you might as well just do the transaction in the physical place. I I sometimes do go up to brick and mortar stores at one thirty in the morning and whisper into their walls yes, and they say no, it's the secrets, will be all right. So getting away from the creepy

and into the actual how does this work? But anyway, so ideally you would have a private key. Well, quantum key distribution is a way we have figured out to do exactly that, to share a private key without Eve being able to intercept it. And it's all because it relies upon the laws of quantum physics, not on just zeros and ones. Zeros and ones come into play because that again is the basis for computing, and we haven't created a new model of computing, so we're still reliant

upon that. But how do we generate a key that would allow us to encode and decode messages based on zeros and ones, but transmitted in such a way that it is impossible for an eavesdropper to pick up on it. And that's where we get this quantum key distribution. That's really the other way of saying quantum cryptography. A lot of people think of it as quantum encryption, which is

not what's going on. There's no quantum element to the encryption because by the time you've gotten to the point where you actually have a key, all the quantum stuff is over. You're done with the quantum. Well, I'm sure I've said quantum encryption a ton of times. That's why I'm specifically addressing it now. But if we've said that in the past, and specifically if I wrote those words in the video, I don't know if I did, but well,

even if you didn't, I may have said them. Okay, Well, in any case, what we mean there is quantum key distribution using these quantum principles to create a private key. So here's what's going on. Because we we've danced around it enough and now now I get the the unenviable task of trying to explain this. So all right, Alison Bob,

we still have Alison Bob. Alice wants to send Bob a private message, but first she has to establish this private key between the two of them, And like you said, Joe, you can't just send a private key through classical channels and expect it to get there without someone looking at it. That always assume heve's listening, right, So how does Alice do this? She ends up setting up two different channels of communication. You have a quantum channel of communication and

a classical channel of communication. So in real life, this quantum channel of communication would probably be some kind of fiber optic transmission or a way of transmiss transmitting a photon. Yes, photons, particles of light. Like we said, the particles of light have this, uh, this this quality spin where they can

be spinning vertically, horizontally or diagonally. So beforehand, Alice and Bob have determined which spins will mean a one versus a zero, so you might say vertical spins, those are ones, horizontal spins or zeros, diagonal spins one way or a one, diagonal spins the other way, or a zero. So now they know which one is gonna be a one or a zero. Then what Alice does is she sets up a photon emitter an l e ed would be a good one, uh, and then starts to generate photons one

by one. Now when she generates them, they are they have the superposition where they've got all spins at once. This is unpolarized light. She then puts it through a filter which polarizes the light, either a vertical, horizontal, or diagonal filter. This gives the photon a specific spin. It eliminates all the other possibilities. She then starts to transmit these photons one by one to Bob, changing filters as

she's going to whatever pattern or random group she wants. Now, Bob is receiving these photons and he's passing them through filters of his own. His filters come in two flavors. He's got a filter that will allow either vertical or horizontal uh spin to come through, and he has another filter that will allow diagonal spin to come through either direction of diagonal spin. So what happens if the wrong type of polarized photon hit If a polarized photon hits

the opposite type of so filter. If he has a diagonal filter and a either horizontal or vertical spin photon comes, it will not pass through that filter and he'll get a a fail. Essentially, he will say that he does not know what that particular number will be, but that's okay, that's fine. In fact, he just keeps on going and just the random chance fifty of the time he's going to end up getting a filter that works properly with

this uh, with this this one that Alice sent. That's just based upon you know, a long enough string and probability, because he's you know, he's he can get half of what is sent on the other half he wouldn't. So over a long enough string, you're gonna see success rate.

So then at that point Alison Bob through their classical channels start to go through, and Bob says, all right, here, here are the filters that I used in order, and then Alice will say yes or no, as in, yes, that's the right kind of filter for you to have used, or no it is not. And then by that way they established which bits made it through, because again they've already agreed if a vertical spin is a one and

horizontal spin is a zero. So once they have enough information about which ones passed through, they have a string of ones and zeros. You eliminate all the x is, all the ones where Bob used the wrong filter, and then you would you should have enough information there to create a key to encrypt things. However, if during this classical communication, Alice starts to say, you know what, Bob, you haven't gotten any right at all, and that's really weird.

That's an indication that someone has been snooping. Because one of the facets of quantum, the quantum world, is that by observing, you change the observed right. So if Eve is trying to intercept this private key between Alice and Bob, Eve is actually changing that photon spin and creating a string of photons have exactly the right spin to send it onto Bob. Is not a practical solution. So in other words, Eve ends up changing the key before he

can get to Bob. And but because the key, because those changes are detectable, Alison Bob would know if someone's been listening, and if they know that, they know to abandon that key and to start over, right. So the safety comes in, uh, the awareness of Alice and Bob. It's not that Eve couldn't tap this line. It's that Alie and Bob will always, because of the laws of quantum mechanics, be able to tell if you taped. And this is just to make that key right. There's no

information that's going across yet. Alice hasn't said, hey, Bob, what's for dinner? She hasn't written any kind of message. They're just trying to establish what is the key they're

going to use to encode and decode messages. And because once they established that they have completely symmetrical keys, they're identical keys, I shouldn't say symmetrical, they're identical, then they know that they can encode and decode perfectly, and then they can send over classical channels using that private key.

I mean, it's almost as if they had met up and agreed on a key and then went back their separate ways, right, because they're establishing a key safely over this classical channel of communication, and there's there's no way to determine what that key was because in order to know what the key was, you had to have received those photons. But if you receive the photons, you changed

the photons. So that means that the other recipient, the actual intended recipient would have been, would have caught onto it, and again they would have abandoned it and started again. So Eve would eventually either frustrate Alison Bob to the point where Alison Bob, well, we're just not going to communicate, or Eve would get frustrated and quit trying to eavesdrop because it wasn't productive. She's never going to get anything other than the attempts to create a secure private key, Right,

it's pointless on eves Park. Yes, there's another approach though, right, which has to do with spooky action at a distance. I hadn't even heard about this one, so I'm intrigued to see what you're gonna say. So, Yeah, the other

spooky action is called quantum entanglement. This is where you can create a pair of quantum particles like photons, and they will have identical um identical features in some way, and when you measure one, you will know exactly what the state is of the other particle at the moment that it was measured. Right, So they're entangled. And then you can take them to opposite ends of the galaxy and you look at one, and by looking at at that one, you will immediately know something about the other

one at the other end of the galaxy. Now, from that point on you can't determine anything, right, because you've changed the system by looking at it. Yeah, they're unentangled, wrecked everything. Yes, everything you touch you destroy, which pretty much true in the quantum world. So um, So the idea I saw, and this was more of a hypothetical. This is not typically how it's more typical that's done in that filtering system that I had just talked about.

But hypothetically you could create a set of entangled photons. I believe you would have to measure them exactly at the right time to be able to determine what that sequence was, so that Alice and Bob would have identical private keys. Because here's the thing is, if you observe one, then they become unentangled. So let's say Alice goes ahead

and observes her string of photons. Bob has not looked at his string of photons, but once Alice does, then they become unentangled, and whatever Bob says won't match what Alice has anyway, So I'm not sure exactly how the implementation would work, but hypothetically they have talked about using they being quantum scientists talked about using these strings of

entangled particles in order to create identical private keys. That again, if an eavesdropper gets hold of one of them just by looking at them, they become unentangled and they are no longer useful as a private key. In the first place, so fascinating. Don't know what the implementation would be yet. I I understand the filtering one more than I understand this one. Both of them are pretty dense. Once you

get down to the technical level. Oh yeah, No, once you get down to like, all right, well, why is this happening, you get a lot of I'm always I'm always comforted that quantum physicists themselves usually kind of go like yeah, you get to a point where they're like, yeah, okay, I don't know anymore, Well, there's gonna be. They're really smart people. They can describe what's happening really well. Yeah. When when you start asking them why, either like, well

that's a great question. Why not? Okay? But I wanted to point out something that's really cool about quantum cryptography, which is that this is not some far future, pie in the sky fantasy, is it. No, the idea was today. Yeah, the ideas were mentioned back in the eighties. I mean this, this idea has been around for for like twenty five years um in some form or another. It's not used widely, no, yeah, because it does have some pretty tough limitations. Obviously, we're

talking about these quantum states. They are very delicate. Uh, and again, any kind of disturbance of that state is going to have an effect and thus make this private key sharing um an impossibility. So yeah, you're limited by how far you can transmit this information without danger of the photons getting quote unquote lost along the way. So it's a matter of kilometers, right, and maybe a few

dozen kilometers. But it's not like coast to coast. You could not have a coast to coast fiber optic cable as of right now and expect that quantum state to be preserved for the entire length of that that cable, and so it would be really difficult to share a private key across that way. Yeah. I also want to introduce some other considerations that we should take into account because a lot of people are are looking at quantum

cryptography and they're saying, amazing, it's unhackable. And I actually do agree with them in theory because because of the way it's constructed based on the laws of quantum physics, it is in theory unhackable. The principle is completely sound. The implementation, on the other hand, we don't know. I mean, because that's a problem that's often come up in cryptography before. For example, we've had major uh security scares on the Internet that had nothing to do with the soundness of

public key encryption. Oh sure, so you're talking specifically about heart bleed, right, So yeah, looking at the heart bleed bug. Oh man, everybody had to change their passwords. It was panic. But the problem wasn't that somebody had found a way to decode all of your public key encryption. No, it was a bug. It was it was a vulnerability um

in in open SSL. That's secure socket layer, which is a type of security measure that's in place over a great deal of Internet websites, like many many servers, not not all, but yeah, something like six that we're using that form of security. We're using that specific, specific type. Now,

open SSL had several versions. You know, it's kind of like any other software where you get generations of the software, you know, one point oh one point oh one, one point two, that kind of thing, unless you're Mac and then it's ten point ten for reasons that never mind, I'm going to go off on a tangent. So at any rate, the problem in certain versions of open SSL was in something that they called a heartbeat, and the purpose of the heartbeat was really just to say hey,

are you still there? And the other services yeah, and then everything's fine. Except instead of just saying hey, are you still there and the services yeah, the server responds with whatever the original message was going to be, right, It's it's sort of like asking hey, Jonathan, if you're still there, say yes, and then I would say yes, but but but if you but if instead a tricksy person gets in there and says, hey, Jonathan, I'm tots the server. Are you still there? If so, say yes,

but say it in characters. Yeah. So in this case, what was going on was that the message going out to the server was uh, was short. The actual message was short, but the meta data about the message said

it was much longer. So, in other words, if I send out a request to a server and say hit me back to let me know you're still there, Um, this is the message, and the message is only three characters along, but it says it's five characters long, then the server is going to say, all right, I'm still here. Here your message, but then says, wait a minute, the number of characters I put in here is four short of what it should be. Oh, I'll just fill it up.

With whatever random stuff happens to be in my memory to pad it out. It's kind of like it's it's kind of like cheating, right, You're like, like, oh, they expect to have a thick envelope back, I'm just gonna shove a whole bunch of blank pieces of paper or random things. But yeah, and and so sometimes those random things would be people's passwords or private keys, or private

keys or lots of other wacky information. Yeah. So if you targeted a server that, for instance, handled email exchanges, and you got a bunch of random information in from the server's memory, some of that random information could be private keys that would allow you to decrypt things as if you were that person. Right, it's not like you were using a hack. You were just using that person's key. It's like you had found a key and made a copy of it yourself, and you're using that key to

get in and out of that person's house. Same sort of thing. So you could do it completely undetectable by anybody else. And uh, people began to panic by changing their passwords. But the problem was changing your password doesn't solve that problem. You would have to have the the on the server side you would have to have administrators patched the server open SSL approach to to a version that did not contain that that that bug, and then change your password. Yes, it was only after it had

been patched that changing your password would matter at all. Right, So the analogy of all this to quantum cryptography is that even though the principle might be completely sound, you can always have something like the heart bleed bug. Well, you can always have a problem with the specific way you designed this system. It might be a hardware problem. Maybe the way you're using uh, the way you're emitting photons or something is vulnerable to detection. Here's an easy way,

here's an easy way that would that would totally ruin it. So, you know, we talked about Alice and Bob, and we're talking about them comparing filters. All of that would obviously be automated. You wouldn't actually have two people physically putting filters in place and physically checking that that system. So I think, I see where you're going. Are you talking about if you could control the filters they use, or you don't have to control the filters they use, what

you because even that would be a little weird. But what you could do is if you were not careful in the way you designed the software, you could have it where Alice and Bob are exchanging in order to confirm that the message has gone over, exchanging too much information, revealing what that string of numbers actually is. You know what the idea is that you're sharing information about the process,

but not about the actual zeros and ones. Right, You're you're kind of talking around the problem so that you can both figure out which ones and which zeros came through without actually saying, oh, it's one zero zero one one, because that would be useless. You would essentially be doing

the same thing as sending the private key. But it could be eas lee be where someone creates this this sort of approach and has an implementation that reveals too much about the actual key and gives people enough of a hint to make it useless. Yeah, I've seen some people say also that the process, the security of the process in the long term, will depend on our ability

to create truly random numbers. Uh. And so if you have a number that's supposed to be random, but it's actually not random, right, because folks, random number generators usually are not actually random. No, it's they're they're random ish. They're so complexly derived that they seem random to us. Uh yeah, because I mean it's hard to program a computer to say, make up a number without telling the computer how does it make up a number? It usually

has to pull information from something. There's some really cool examples of doing that by using things like environmental factors, like well, the barometric pressure is such, and the wind direction as such, and so those things are going to mean that I multiply these two umbers together to get your random number, which is kind of cool because it's based on a chaotic system, but still still not still

an algorithm and not actually right. Yeah. I want to introduce another concern on top of that, which is that so there may be design flaws, but we'll trust that, Okay, the people designing these systems are probably very, very smart, and they're taking a lot of precautions. And let's say they do design a foolproof system. You know what they can't do. They can't design foolproof users. Yeah. Now, this

is always going to be a problem. So one of the things that we see over and over again is that a lot of systems they're supposedly secure, end up becoming vulnerable, not because of some inherent flaw or because a hacker was able to crunch numbers enough times to get into a system, or that someone has created a weird program where you type in three guesses on a password and the third one is always right Hollywood, But but rather because you know that guy from Seinfeld has

created a backdoor that's going to let all of the dinosaurs eventually run a buck on the island. Kind of Yeah, the more like more like the idea of, Hey, I wonder what Lawrences password is. Let me pick up this this keyboard. Oh, sure enough, there's a post it note with a password on it, or a much easier one, say, if you're not in the same office, is I send Jonathan and email saying Hey, I'm the new assistant to your system administrator and I need your password in order

to do some maintenance on your computer. Yeah. This is called social engineering. It's manipulating the people in a system rather than the technology, and often it ends up being the most effective way of getting access to any secure system. If you read any reports about some of the famous hackers, a lot of their exploits involved not to use a pun A lot of their exploits involve manipulating people not sitting down at a computer and typing in zeros and

ones until things magically happened. Right. Well, typically the people are the weakest part of the whole process. Yeah, that's why I I I anticipate wiping them all out and making a perfect, clean future where I don't have to worry about these weaknesses, where dinosaurs rule the earth. All right, well this got dark fast. No, obviously I'm not going to wipe out people. Who's who's going to carry all

my stuff? What would you eat? It would be really lonely going to the same restaurants over and over again, all by myself and robot waiters saying table for one again. Yeah, so yeah, I probably won't do that. No, it's not putting it on the back burner, but anyway, Yeah, it's

it's true. Any system, any secure system, you need to look at the people as well as the technology and make sure the people know the best practices for remaining secure and private so that other people who want to get access to that stuff don't have as easy a time about it. The harder we make it, the less likely it'll happen. It doesn't mean that someone who's really

determined won't find a way. Now, the quantum cryptography approach is really darn secure because that's basic laws of physics that, as far as we know, are unbreakable. So if we can get the physical systems to take advantage of those laws of quantum physics, we got it made. But we already are seeing limitations right now, and it's just, you know, there's still questions about whether or not this could ever

be a widely implemented security feature. You know, it might be something that we see in something like a military installation where the different machines on that installation use quantum cryptography to communicate with each other. But if I'm sending an email to a buddy of mine who lives out in California, there may not be a physical system that can take advantage of this, but just because the very nature of the quantum world. So there, you know, things

to think about. But I really think this was an interesting topic. It's great to UH to kind of explore it, especially since we always love looking at the quantum world and marveling at how unusual it is, how how alien

it is to us on the macro level. So we love those kind of topics, and this is where I invite you, our listener, if you have any interesting topics that are future oriented, whether it is a technology you want to know about, or some development in science, or some big question about what what is culture and society gonna be like in a hundred and fifty years, or even hey, there's this other thing that science fiction films never address and I really want to know about it.

You should let us know send us a message. You can contact us on Twitter, Facebook, and Google Plus. We have the handle f W Thinking at All three and we will talk to you again really soon. For more on this topic in the future of technology, visit forward thinking dot com, brought to you by Toyota. Let's Go Places,