How Quantum Physics Will Protect Against Quantum-Busting Encryption

Quantum computing holds the promise of systems that are multiple times faster than today's most powerful supercomputers and can solve problems that are currently out of reach.

At the same time, there's the worry that these powerful systems and their particular computing capabilities will be able to blow through the public key cryptography technologies that are the basis of how data is protected today.

A startup called Quantum Xchange launched recently with $10 million in Series A funding and a vision of using the laws of quantum physics to protect data in transit from the threat posed by upcoming quantum computers.

The company's plan is to launch a fiber-optic dark fabric quantum network to drive its commercial Quantum Key Distribution (QKD) service that will address weaknesses in modern encryption methods that make them vulnerable to computers that will have the computational power to quickly break them, according to Quantum Xchange President and CEO John Prisco. (See Invisible Network Attacks: Good Encryption vs. Bad Encryption.)

The insides of a quantum computer
\r\n(Source: Y. Colombe/NIST via Wikipedia)\r\n

"What we're doing is try to find a way to improve encryption and also make the sending of data a little safer compared to what's been going on and what might happen when people steal data today and then at some point have access to a quantum computer that can decrypt … any encryptions out there," Prisco told Securty Now. "What we're doing is taking RSA encryption and we're adding to it a photonic key, and the concept here that is, if somebody tries to eavesdrop on that transaction, the photonic key changes its state, and therefore the combined photonic key with the RSA key becomes useless for decryption purposes."

The concern is that most data now is protected by Secure Socket Layer (SSL) encryption, which relies on mathematical algorithms that might work well today but will be of little protection when quantum computers become available.

The QKD uses photons of light instead of mathematical algorithms. (See Seamless Cloud Security Depends on Encryption Done Right.)

"It's not relying on solving a difficult math problem, like factoring enormous numbers into two prime numbers," the CEO said. "It's relying on a property of physics, which says if you try to pin down a photon, the photon is going to change in a way that makes, in this case, a key useless to the eavesdropper."

Understanding quantum computing
Quantum computing has been talked about for decades and a growing number of tech vendors -- such as Intel, IBM, Google and Microsoft -- are putting enormous amounts of money and time into quantum technologies. At the same time, countries like China also are pouring a lot of resources into their own efforts.

It's still unclear how long it will be before a true quantum computer comes to market, with predictions ranging from a few years, to ten or more, to never.

The foundation of quantum computing are qubits. In current systems, bits can hold values of 0 or 1. But qubits -- or quantum bits -- can be 0 and 1 at the same time, which opens up the possibility of systems that can run through millions of calculations simultaneously and at high speeds, addressing problems that can't be solved by current supercomputers.

In the cybersecurity world, that means systems that can quickly solve encryption protocols. The problem is that attackers who steal data now may not yet be able to decrypt that data, but that could change with quantum computers, so the urgency to protect data today becomes even greater, Prisco said.

"People are going to steal data," he said. "There's no question that really smart nation-state actors are going to be able to steal the data and there's no trouble with storing that data. If it takes three years, five years or ten years for a quantum computer to be realized, at some point that data, if it's still relevant, is going to be decrypted."

Security concerns
Sending data over a network that leverages Quantum Xchange's technology today will not only help it from being stolen but also will make decrypting it in the future impossible, he said. The plan is to use dark fiber networks that already are in place to make the company's on-demand QKD service available to data being transmitted.

"We're not doing anything to the data transmission channel," Prisco said. "We're just transmitting keys. The data is going to be transmitted the same way it's always transmitted. It's going to be encrypted with the same encrypter, however with a slight firmware modification that will essentially take the key that's generated internally by the encrypter and combine it with the quantum key that we’re generating."

Quantum Xchange is partnering with ID Quantique, a Swiss company that has been using QKD solutions for more than ten years to secure elections in that country. Quantum Xchange is licensing quantum keys generated by QKD devices from ID Quantique. In addition, Quantum Xchange bought technology from Battelle that can extend the range of QKD technology, which will enable the company to create a nationwide network, Prisco said. The Battelle IP is the basis for Quantum Xchange's Trust Node technology.

Right now, the quantum keys can travel up to 80 to 100 kilometers.

(Source: Quantum Xchange)\r\n

With the Battelle technology, Quantum Xchange will be able to keep adding distance in up to 100 km increments in a modular approach that can handle the key without causing it to be changed. The goal is to use the $10 million in funding from New Technology Ventures to deploy dark fiber quantum networks on the Northeast Corridor from Boston to Washington DC, with the first network joining Manhattan with back-office operations in New Jersey.

The network should be nationwide between two and three years, Prisco said.

Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

The use cases are many, he said, from patent offices, banking systems and power utilities to data centers, campus networks and cloud environments, all of which transmit sensitive data that could hurt operations or threaten consumers if the data fell into the wrong hands.

"It's not really a question of if these quantum computers are going to be available, it's really when," the CEO said, adding that some companies are taking the threat seriously. "The argument isn't really, 'I can wait until quantum computers are available.' The argument is, 'Boy I better protect what I have now or people will just scrape and store it until they can decrypt it.' If you have the ability to safeguard now, I can't see a reason not to. It's the sort of thing bankrupts a lot of companies and certainly affects their stock price, so they're taking it very seriously. And as consumers, we want them to take it very seriously."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.