A Quantum Leap in Cryptography
Encryption products that use the principles of quantum mechanics are becoming more accessible to companies and government agencies.
Until recently, quantum encryption has been hidden away in specialized laboratories.
But its advocates say the technology – in which single particles of light, or photons, are used to encode data – is now ready to make the leap to the real world. In recent months, the two major vendors of quantum encryption products, id Quantique and MagiQ Technologies, have introduced second-generation products that they say are more straightforward to operate – that is, geared toward network administrators rather than scientists.
Meanwhile, not only is this cutting-edge technology becoming easier to use, but also recent developments may unlock a greater range of applications for it, such as applying it over greater distances, in wireless settings, and to secure satellite communications. Japanese electronics giants NEC Corp. and Toshiba Research Europe Ltd. and leading U.S. technology developer BBN Technologies have all announced successes in extending the range and length of quantum key generation, encoding video as well as audio files, and transmitting the keys or communications through the air as well as optical fiber.
Certainly, scientists have come a long way in the two decades since the idea of quantum cryptography was introduced. Still, the technology has stayed largely in the R&D phase, as researchers have struggled with several technical challenges. Most notably, the distance over which they could convey keys and the ability to generate individual photons have been limited.
In quantum cryptography, single particles of light represent ones and zeros in a binary encryption key. To encode the actual information, the photons are polarized by the sender’s system, that is, the light waves are organized into a single plane. At the other end, a recipient then measures the polarization to retrieve the information.
Since the quantum keys themselves can be as big as the data that’s being encrypted, users can enlist “impenetrable ciphers,” according to Josh Kessler, an analyst and product manager for Boston-based TowerGroup. Such ciphers are extremely secure because the key is never repeated and is as long as the message itself, in contrast to public key encryption, where the key is shorter.
The power of quantum cryptography actually grows out of one of the key principles of quantum mechanics: at the atomic level, any object that is observed is also changed. As a result, someone attempting to steal quantum-encrypted data, by measuring the photons as they travel, would alter the key – an act that legitimate users could detect.
For nearly two decades, the security protocols developed by Rivest, Shamir and Adleman (RSA) for public key encryption have held firm. However, recent security breaches at Bank of America Corp., Wachovia Corp., and LexisNexis – which compromised the financial and personal information of hundreds of thousands of consumers – have exposed the growing problem of data theft. While these scandals were not necessarily the fault of weak encryption or key distribution, they have put greater emphasis on the need for better security surrounding companies’ most sensitive data.
Not surprisingly, at this time the target sectors for quantum security are financial service firms, telecommunications companies, and government agencies – organizations that deal in highly sensitive information and also have the deep pockets to pay for better protection.
At the Infosecurity Europe 2005 trade show in London in April, potential customers got to see the state-of-the-art in quantum cryptography. Geneva, Switzerland-based id Quantique showcased its new turnkey encryption system, which provides a secure connection between two Fast Ethernet fiber-optic networks that can be located up to 100 kilometers apart. Its system, Vectis Link Encryptor, combines quantum key distribution with advanced encryption standards – the quantum keys are distributed securely and continuously over a dedicated optical fiber link, and those keys, in turn, are passed within the appliance to an advanced encryption engine that is used to encrypt and decrypt the information.
Vectis features a touch panel display through which users can monitor the system and a Web server application that displays the system’s log information, using Simple Network Management Protocol (SNMP v.3), which lets network administrators centrally monitor and manage any quantum encryption hardware appliances throughout their network.
“We automated the whole thing, so a network engineer could do this,” says Gregoire Ribordy, CEO of id Quantique, “not just a physicist.”
In March, rival MagiQ Technologies of New York City reworked its Quantum Private Network, after receiving feedback from government and enterprise customers who’d tested it. The latest version now incorporates high-performance security processors and can run on either Windows or Linux operating systems.
MagiQ Technologies’ CEO Bob Gelfond admits that “really not much has changed on the quantum side,” but the networking and basic distribution and other elements have been tweaked to make it a more usable product that can be integrated into a company’s existing system.
With a more business-friendly interface, MagiQ is in the process of cutting deals with original equipment manufacturers (OEM) that would result in their quantum cryptography products being integrated into hardware from major manufacturers as early as 2006.
While small vendors like MagiQ and id Quantique have already staked a claim in this field, they won’t be alone for long. In May, Toshiba’s Cambridge Research Laboratory in the United Kingdom showed off its recent advance: a quantum cryptography system that can be used to encode real-time video and voice at up to 100 frames, or keys, per second. Its developers believe the technology will make it practical for companies and governments to secure video links over a fiber optic link.
Dr. Andrew Shields, the group leader in research and development for quantum cryptography at Toshiba Cambridge and head of the project, believes that the system should be on the market in a couple of years. While the encrypted video comes through “a little jumpy” due to the finite frame rates of the camera, says Shields, “it looks pretty good. We have had a very good reaction. People were quite surprised but delighted that these applications are now real.”
In May, researchers at NEC Corp. announced that, with help from the National Institute of Information and Communications Technology and the Japan Science and Technology Agency, they have been able to generate quantum keys faster and for a more sustained length of time than previously possible. The Tokyo-based IT and network giant was able to continuously generate keys at an average 13 kilobits per second (kbps) over a 16-kilometer commercial optical network for two weeks – the kind of performance that ultimately might make the generation and distribution of quantum keys even easier and more seamless for companies.
Kessler of TowerGroup says that NEC has recently “earned numerous patents related to quantum systems,” and he expects the company to release a commercial product within the year.
Kazuo Nakamura, senior manager for NEC’s fundamental and environmental research laboratories, believes his company’s nearly eight years of dedicated research into quantum cryptography will help them leapfrog competitors who are already selling products.
“We believe that our sustained R&D efforts have given NEC a clear technology advantage over [MagiQ and id Quantique],” says Nakamura. “Before the market accepts quantum cryptography, products need to achieve lower system costs, higher stability, and still-faster operation over longer distances.”
Perhaps the most promising quantum cryptography development, though, is BBN’s recent announcement in early June that along with U.K. partner QinetiQ Ltd. it has created a working wireless version of the quantum cryptography network.
Chip Elliott, principal engineer with the Cambridge, MA-based BBN, says they’ve created a so-called “free-space” quantum cryptography network that can send quantum keys, or encrypted communications, about 15 miles using telescopes lined up at each point, without optical fiber.
Applying the same technology, companies could send quantum-encrypted communications back and forth using a satellite. Elliott says that while free-space quantum cryptography is not as far along in development as the “wired” variety, the systems will be easier and cheaper to implement, since the necessary components are less expensive. He says there may even be free-space encryption products available to businesses and governments by year-end.
Ray Trygstad, assistant director of information technology for the Rice campus of the Illinois Institute of Technology in Wheaton, IL, is more enthusiastic about the potential for free-space quantum cryptography than systems that use optical fiber. Ultimately, he sees free-space as a preferred way to secure pay television or classified telephone calls, or, in the nearer term, for companies to provide truly secure wireless access to employees on their corporate campuses.
Since “wireless security is traditionally very weak,” Trygstad says, “coupling free-space quantum cryptography with WiMax could provide more of a benefit.”
It appears that quantum cryptography has moved from scientists’ blackboards to board rooms faster than even many keen observers thought possible.
Still, challenges remain. Trygstad believes that in the next few years, only a few high-end financial firms and government agencies may use quantum encryption to secure their most sensitive information, since the cost is still relatively high – around $100,000 for two points of connection. Many enterprises may opt to use those security budget dollars in other areas that are more at risk.
But, Kessler argues in his research, financial services firms, in particular, should be considering the use of quantum cryptography, since breakthroughs are currently happening in the mathematical world that could substantially weaken computationally based encryption schemes, like RSA. One major example: mathematicians may be on the verge of proving the Riemann Hypothesis, which outlines how many prime numbers exist below a certain value. If proven, Kessler reasons, a person could figure out the factoring behind an RSA encryption scheme in fewer calculations.
Distance also continues to be problematic for quantum cryptography. Since its keys cannot be measured or tampered en route, traditional kinds of “repeaters” don’t work – so most quantum systems can only relay data between two encryption appliances between 100 and 150 kilometers.
“These distance limitations are continually improving with better photon generation and fiber optics as well as better overall transmission technology,” says Kessler, “but distance remains the most limiting element of quantum key distribution.”
Some users can overcome the issue by linking together systems, so essentially the information is decrypted and re-encrypted at each point along the way. Also, Gelfond maintains that for a lot of his customers the distance limitation is not an issue because they’re transfering and securing information “within the metro core” – between a main office and a back-up site that may be just a few blocks, or floors, away.
Shields and Ribordy say that “quantum repeaters” are being developed, and Shields believes they may be a reality within five years. While most companies wait for the costs to come down, and the technological challenges to be ironed out, early movers like MagiQ, id Quantique, and NEC still see the opportunity in the commercial market.
“Some organizations understand that communication of the most sensitive data warrants the highest security possible,” says NEC’s Nakamura, “and will allocate appropriate budgets to ensure this. We see this type of high-end user as representing the main initial market for quantum cryptography.”
Karen Epper Hoffman writes about business and technology issues from her home in Poulsbo, WA.
Become an Insider to get the story behind the story — and before anyone else.