hy should carriers and data- centre owners be interested in something as far-fetched as quantum key cryptography? First, because it’s not far-fetched after all, and second, your old encryption methods are soon going to be as insecure as a 1930s Enigma machine. That means confidential data you store in encrypted form today will be readable by anyone with the right computing power in a few years.
Andrew Shields is assistant managing director of Toshiba’s labs in Cambridge and chairs the quantum key group at the European Telecommunications Standards Institute (ETSI). Data that’s being stored using RSA encryption won’t be secure "in maybe 10-15 years. If you want to keep information secure you won’t be able to use RSA because that will be broken."
A decade or so, isn’t that plenty of time? "No, you need to start securing the data now," says Shields. That’s why companies such as BT, Telefónica and Toshiba are actively working on quantum key dist-ribution (QKD). Telefónica has already carried out a field trial over regular metro fibre in Madrid, and now wants to explore practical uses of the highly secure tech-nology. BT has also worked with Toshiba on sending highly secure data along fibre. Telefónica worked with equipment developed by Huawei in Munich.
QKD uses one of the weirder features of quantum physics. First described by Albert Einstein in 1935, quantum entanglement means that pairs of particles – photons of light in this case – are related even if they are separated by a great distance. It was, Einstein is reputed to have said, "spooky action at a distance". Most people working in telecoms research haven’t needed even to think about it for years. "I had to get out my ancient university textbooks," says Andrew Lord, head of optical research at BT, who studied physics at Oxford.
Telefónica board member Juan-Ignacio Cirac, a physicist who is a pioneer of quantum computing, says: "We can make a random bit sequence to appear at one place and simultaneously at another one, without making it pass in between. It is sort of magic, but something that quantum physics predicts. It is a way of exchanging secure keys that we have to make the most of, since it cannot be hacked."
That’s central to all forms of modern cryptography. But QKD will work better than RSA, say its advocates, and faster, and in a way that will reveal if the key information has been intercepted. The problem with crypto is that once you have the key you can decode the message, so you have to keep the key immensely secure so it can’t be broken. That’s what happened 75 years ago in the UK, when Alan Turing, Tommy Flowers and others developed computers to crack wartime codes.
Three-quarters of a century later and computers are immensely more powerful, says Lord – who works in BT’s labs, the direct successor to the UK’s Post Office Research Lab where Flowers built the world’s first stored-program electronic computer in 1943. Quantum computing in the next few years could be so powerful that today’s encrypted data is as secret as a message in lemon juice in mirror writing. The answer: use quantum physics as a better way to distribute the keys.
That means sending the keys as individual photons of light, one at a time, along a fibre. "We’ve demonstrated a key rate of 10Mbps," says Shields. Using 512-bit keys, that means you can send out a new key 30,000 times a second. "Or you can use the electronic equivalent of a one-time pad," he says (check any good spy novel for what that means). "The key can be as big as the data."
Diego Lopez, Telefónica’s head of technology exploration and standards, told me: "We demonstrated that we can integrate quantum key cryptography into our normal network services to enhance secure transmission." That’s a big challenge, because one photon doesn’t have much energy. It’s hard to stop it being swamped by the signal. But there’s a benefit in sending keys a quantum at a time. If someone intercepts it, the recipient gets nothing: you can’t break a photon into two.
For the Madrid trial, Telefónica’s own staff installed the equipment. "The fibre and all the elements were commercial. There was nothing special about them.
We used a half-rack of commercial servers." BT and Toshiba ran their trial on real fibre networks, too. According to Lopez, the range of QKD is "limited to 200-300km" at the moment, "but at least this means you can run QKD services in metro environments. This is something that we are working on."
There are still some challenges, worries Lord. The beginning and end of each encrypted link are potentially insecure. "We need to ensure there are no short-cuts," he says. "These things have to be integrated into regular equipment." The ETSI group that Shields chairs is working on standards for QKD.
All are sure that QKD will be vital as we move into the world of network functions virtualisation (NFV). "If you have virtualised functions you need to be sure you have the right ones and that the link is secure," says Lord. For Telefónica the next step is trials with "several potential users: we want to interconnect data centres to data centres, and data centres to customers", says Lopez.