The next frontier: quantum cryptography
As familiar encryption systems reach their limits, the strange world of particle physics offers new solutions.
- Researchers are studying the use of particles at the quantum scale to create tamper-proof encryption keys.
- Geneva-based ID Quantique is one of Europe’s stand-out success stories
Encryption underpins every exchange of personal data we make online. From bank details to instant messaging services and medical records, encryption is designed to keep information firmly in the hands of the intended recipients. The current standard, known as RSA, generates keys using algorithms that are easy to compute in one direction (like multiplying two large prime numbers), but virtually impossible in the other (in this instance, factoring that number back into its two component primes). Breaking the system is not impossible, just improbable – like finding a single bookmark among all the books on the planet.
Unfortunately, RSA (from the surnames of its creators, Ron Rivest, Adi Shamir, and Leonard Adleman), is not foolproof. “Since these schemes are based on unproven mathematical complexity assumptions, an unexpected algorithmic innovation could immediately compromise security,” explains Ulrik Lund Andersen of the Technical University of Denmark. Google recently made waves in the cryptography world by breaking the Secure Hash Algorithm 1 (SHA-1), an outdated but once popular formula. Their approach was not exactly run-ofthe- mill: “This attack required at least 9,223,372,036,854,775,808 computations,” the team explained. A single CPU would need 6,500 years to crack SHA-1.
In the future, familiar systems may be augmented by and in some instances even replaced with quantum key distribution (QKD). This emerging approach is part of the “second quantum revolution”, which exploits the strange nature of particles at quantum scale to perform tasks that conventional computers can’t come close to. In the case of QKD, that means using photons to create entirely unique, tamper-proof encryption.
While these keys are theoretically unbreakable, according to the laws of physics, that does not mean they will always perform perfectly in the real world. “While QKD is unconditionally secure in principle, in practice a determined hacker might crack it,” warns Anthony Laing from Bristol University. “Scientists playing the role of a hacker look for loopholes – not in the protocol, but in its implementation.” As a result, researchers across Europe are working hard to ensure that execution of this new technology delivers on the promise of its theoretical capabilities.
Scaling for cities
Point-to-point quantum encryption equipment is already mature to the point that prototypes are available for purchase. Toshiba’s Cambridge Research Laboratory and University of Geneva spinoff ID Quantique both offer QKD systems capable of key distribution over standard telecom fibre links exceeding 100 km. Andersen notes, however, that building usable commercial networks still poses serious technical challenges. “Sending and decoding encrypted quantum signals requires highly specialized equipment,” he says. “In addition, it’s not yet possible to send quantum signals across distances much larger than a major European city like Copenhagen with a high bit rate.” Andersen’s project is part of a national Quantum Innovation Centre named Qubiz, which could help bypass the current need for highly specialised equipment.
Currently there are two main approaches to QKD – discrete variable and continuous variable. Andersen explains: “With discrete variable QKD, detectors are reliable over long distances, but must be cooled to low temperatures to efficiently count photons. Continuous variable QKD can work at room temperature and, to some extent, with off the shelf detector systems.” Continuous variable QKD is attractive because it is potentially compatible with existing high-rate telecommunication infrastructure. The drawback is that conventional noise can render the system insecure because the receiver cannot distinguish between it and the noise an eavesdropper would create.
Andersen’s team has established a “measurement-device-independent” protocol for continuous variable QKD that rules out attacks on the measurement station – the most obvious target for a nefarious eavesdropper. “Even if the hacker has access to all the measurements made by the mast, it won’t help him or her intercept the key needed to decode the encrypted signals,” Andersen explains. “We are about to implement this protocol over a distance of around 20 km to prove its viability in real-world applications.”
After effective metro-scale networks are established, the next logical step will be to join these networks. That’s part of the plan for the UK’s Quantum Communications Hub (QComm Hub) once test networks in Bristol and Cambridge are operational. The €30 million initiative sees research institutes working in close collaboration with several large private sector players, including BT and Toshiba, to ensure that they develop viable data-security services over the next five years.
Moving beyond metro-scale won’t be easy. The distribution of quantum keys over long distances suffers from photon loss during transmission. “At some point, we’ll need to develop and then install new hardware called quantum repeaters,” explains Bristol’s Laing, who is also a QComm Hub co-investigator. Quantum repeaters are like substations between two distant parties.
Teleportation and the final frontier
The basic idea of a repeater is to divide a quantum channel into shorter segments and distribute entanglement between end nodes. Entanglement is then extended over the entire link by entanglement swapping. For example, if person A’s particle is entangled with person B’s, and person B teleports it to person C, person A’s particle is now entangled with person C’s.
“Another way around the distance challenge is to locate communication stations in space,” says Laing. “Here, the photons need only to pass through a few tens of kilometres of air before they are out of the atmosphere, so loss can be significantly reduced.” This is an area in which China has already made its first breakthrough. As part of the Quantum Experiments at Space Scale project, Chinese physicists led by Pan Jianwei at the University of Science and Technology of China measured entangled photons over a distance of 1,200 km between two ground stations via the Miscius satellite, which used a crystal to produce pairs of entangled photons in orbit.
“Another interesting option is drones,” says Hugo Zbinden, co-founder of ID Quantique. “A network flying at a level of around 15,000 m could prove effective for organisations like governments, especially if they’re already using drones at these altitudes for surveillance and security.” In 2007, ID
Quantique’s Cerberus QKD system was used for elections in Switzerland. It was deployed for the 2010 FIFA World Cup in South Africa, and QKD-as-a-Service was launched in 2011, using Cerberus to secure communications in a metropolitan area network with connection distances up to 100 km.
While ID Quantique is Europe’s stand out success story for quantum R&D efforts, it is playing catch-up to China and the US. However, Europe recently decided to excel in quantum communications over the next decade. The European Commission recently launched a 10-year, €1 billion effort to advance the state of commercialized quantum technologies. Quantum networks will be a big part of that picture, and Zbinden is optimistic that work can progress faster than some players in the sector are predicting. “Within the next two years, a testbed European network of trusted nodes will be implemented,” he says. “This will not be commercially viable yet, but in a decade’s time it will be.”
Since the 1960s, Moore’s law has guided the production of processors and transistors. However, the continuous shrink of silicon chips approaches physical limits.
The European Commission wants to build a strong battery industry that can compete with Asia, but has it entered the game too late?