Long-Distance Quantum Cryptography

A hybrid system could secure transmissions over hundreds of kilometers

Using the quirky laws of quantum physics to encrypt data, in theory, assures perfect security. But today’s quantum cryptography can secure point-to-point connections only about 100 kilometers apart, greatly limiting its appeal.

Battelle Memorial Institute, an R&D laboratory based in Columbus, Ohio, is now building a “quasi-quantum” network that will break through that limit. It combines quantum and classical encryption to make a network stretching hundreds of kilometers with security that’s a step toward the quantum ideal.

“In a few years, our networks aren’t going to be very secure,” says Don Hayford, senior research leader in Battelle’s national security global business. Cryptography relies on issuing a secret key to unlock the contents of an encrypted message. One of the long-standing worries is that sufficiently powerful computers, or eventually quantum computers, could decipher the keys. “We looked at this and said, ‘Somebody needs to step up and do it,’ ” Hayford says.

By the end of next year, Battelle plans to have a ring-shaped network connecting four of its locations around Columbus—some of which transmit sensitive defense contract information—that will be protected using quantum key distribution, or QKD. If that smaller network is successful, Battelle then plans to connect to its offices in the Washington, D.C., area—a distance of more than 600 km—and potentially offer QKD security services to customers in government or finance over that network.

Quantum cryptography uses physics, specifically the quantum properties of light particles, to secure communications. It starts with a laser that generates photons and transmits them through a fiber-optic cable. The polarization of photons—whether they’re oscillating horizontally or vertically, for example—can be detected by a receiver and read as bits, which are used to generate the same “one-time pad” encryption key at both ends of the fiber. (A one-time pad is an encryption key that consists of a long set of random numbers, and so the message it hides also appears to be a random set of numbers.) Messages can then be sent securely between the sender and receiver by any means—even carrier pigeon—so long as they are encrypted using the key. If someone tries to intercept the key by measuring the state of the photons or by reproducing them, the system will be able to detect the intrusion and the keys will be thrown out.

Over long distances, though, light signals fade, and keys can’t be distributed securely. Ideally, “quantum repeaters” would store and retransmit photons, but such devices are still years away, say experts. Battelle’s approach is essentially to daisy-chain a series of QKD nodes and use classical encryption to bridge the gaps. Locations less than 100 km away will be connected by fiber-optic links and the data secured by a QKD system from Geneva-based ID Quantique. For two more-distant nodes (call them A and C) to communicate, there must be a “trusted node” between them (call it B). Nodes A and B can share a key by quantum means. Nodes B and C can also share a separate key by quantum means. So for A and C to communicate securely, A’s key must be sent to C under the encryption that B and C share. You might think the quantum-to-classical stopover in the trusted node might be a weak point, but even inside that node, keys are protected using one-time pad encryption, says Grégoire Ribordy, the CEO and cofounder of ID Quantique. The trusted node will also be located at a secure site and have other measures to prevent tampering.

These nodes, which are still under development, will be designed to integrate with corporate security systems, distributing keys for virtual private networks or database security within a building. “The idea is to set up a network which would be dedicated to cryptography-key management,” says Ribordy. ID Quantique’s gear will do the quantum key exchange, while Battelle will build the trusted nodes.

Researchers also hope to treat satellites in space as trusted nodes and to send photons through the air, rather than over optical-fiber links. In the nearer term, though, Battelle’s land-based QKD network may be the most viable approach to introducing quantum encryption into today’s networks. Yet it still faces significant challenges. For starters, the cost of point-to-point QKD is about 25 to 50 percent more than for classical encryption, says Ribordy, and connecting locations hundreds of kilometers apart would require multiple systems. That means Battelle will need to find a customer with an application that warrants the added expense. Verizon Communications, which offers network security services, tested QKD from 2005 to 2006, but it determined there wasn’t a viable business case because of distance limitations and the limited market for the technology.

Also, QKD hardware can’t easily plug into the existing telecom hardware, says Duncan Earl, chief technology officer of GridCom Technologies, which plans to use QKD for electricity grid control networks. Established networks have routers and switches that would ruin the key distribution’s delicate physics.

On a technical level, though, the work really only requires good engineering, not scientific breakthroughs, says Hayford. And the hybrid approach can accommodate future advances in quantum cryptography, such as quantum repeaters. Given the growing concerns over cybersecurity, it’s better to test the worth of quantum encryption sooner rather than later, he says.

Related Stories