# Hackers beware: quantum encryption is coming

NEW YORK — Quantum encryption pioneers promise to put the world's first uncrackably secure networks online by early 2003. Based on the quantum properties of photons, quantum encryption guarantees absolutely secure optical communications.

Three independent experiments recently have demonstrated such systems. Geneva-based id Quantique SA encoded a secure transmission on a 70-kilometer fiber-optic link in Europe; MajiQ Technologies Inc., here, used a 30-km link; and researchers at Northwestern University (Evanston, Ill.) demonstrated a 250-Mbit/second quantum encrypted transmission over a short link.

"Our quantum random-number generator and our single-photon detector module are available now and are in use by several customers around the world," said Gregoire Ribordy, a manager at id Quantique. A beta version of a third product, a quantum-key distribution system, "has been fully tested, and we are in advanced discussions with several potential launch customers," he added.

**Securing the Internet**

For its part, MagiQ says that its Navajo system is currently at the alpha stage and promises real beta sites on selected campuses in the United States in the first quarter. Both companies are also talking about secure through-the-air communications with satellites.

Northwestern, meanwhile, vows to have a 2.5-Gbit/s quantum-encryption technology capable of securing the Internet backbone in five years. It says that commercial partners are working with the technology.

There is strong interest in quantum encryption because of its ability to completely eliminate the possibility of eavesdropping. Today encryption/decryption methods are only as good as the length of the key — a 56- to 256-bit value used to scramble the data to be transmitted with a one-way function — that's used to encrypt a message. A common way to create such a one-way function is to multiply two large prime numbers, a simple operation for a computer to perform. However, going backward — that is, taking a large number and finding its prime factors — is very difficult for computers to execute.

Other methods use some hard mathematical problem to create one-way functions, but any scheme of that kind is vulnerable both to advances in computational power and new breakthroughs in mathematics.

**Brute force can work**

The theory is that secret keys for one-time functions let only the receiver decrypt the scrambled bits, but in practice even the most secret key can be found by trial and error. For instance, multiplying two prime numbers together is a difficult code to crack, since there is no known efficient algorithm to find prime factors. But a brute-force approach, in which a hacker tries a large number of multiplications in the hope of hitting the result, might pay off. The standard 56-bit DES encryption code can be cracked on a supercomputer in a few hours; its next-generation successor, AES, ups the ante to a 256-bit key, but code-cracking computers are also speeding up, so the security is only temporary.

By contrast, "quantum cryptography offers the ultimate in secure communications — it's no longer a matter of how fast a computer an eavesdropper has," said Andy Hammond, vice president of marketing at MajiQ.

Instead of depending on the computational difficulty of cracking one-way functions, quantum encryption creates uncrackable codes that employ the laws of physics to guarantee security. Different quantum states, such as photon polarization, can be used to represent 1s and 0s in a manner that cannot be observed without the receiver's discovering it. For instance, if hackers observe a polarized photon, then 50 percent of the time they will scramble the result, making it impossible to hide the eavesdropping attempt from the receiver.

The first quantum technology out of the gate will supplement current public-key systems. Security will be guaranteed only for the keys by means of a technique to change the keys so quickly (up to four times a second) that eavesdropping hackers will have to crack multiple AES codes used during a data transmission. Called quantum-key distribution (QKD), the scheme uses a new type of emitter/receiver for fiber-optic networks based on a single photon. The emitter/receivers are slow (about 1 kbit/s) and limited to less than 100 km, but they offer unerring security that would only be possible for AES by making a new key for each transmission that is the same length as the data to be transmitted.

Earlier this year, id Quantique demonstrated its version of QKD over standard optical fibers installed between Geneva and Lausanne, Switzerland — a 67-km distance. At 1 kbit/s, its 256-bit keys were updated four times a second, greatly complicating the code-cracking task for eavesdroppers. Id Quantique says it is collaborating with European communications giants to add quantum security to satellite communications.

In the United States, MagiQ Technologies recently demonstrated its Navajo QKD system over a 30-km fiber link. Navajo's secure communications link consists of two "black boxes" connected by optical fiber. Like id Quantique's QKD, Navaho implements the uncrackable BB84 quantum-encryption code proposed by Gilles Brassard and Charles Bennett in a 1984 paper titled "Quantum Cryptography: Public Key Distribution."

With BB84, each bit fed into a black box is encoded as a mixture of two equally likely nonorthogonal (separated by an angle not at 90°) quantum states, in this case photon polarization. According to Heisenberg's uncertainly principle, it is impossible to distinguish with certainty between two nonorthogonal quantum states without making a measurement that will change the photon state detected by the receiver. Id Quantique plans to announce real customer installations soon.

**Encryption at 2.5 Gbits/s**

Instead of QKD, Northwestern's approach proposes uncrackable quantum codes for the data itself, not just for the key. Northwestern University professors Prem Kumar and Horace Yuen have reported successful testing of a prototype that runs at 250 Mbits/s. They promise a second-generation model within five years that will attain the 2.5 Gbits/s typical of Internet backbones. "No one else is doing quantum encryption at these speeds," said Kumar.

In QKD, an uncrackably secure key is transmitted first, after which a normal encryption/decryption method is used over insecure lines to send the real data. The algorithm of Kumar and Yuen, in contrast, sidesteps the secure-key route and instead secures the high-speed data streams themselves with quantum physics. Kumar and Yuen use quantum mechanics to encode the actual data being transmitted, not just the key to a one-way function. So even if hackers intercept the data transmission down the optical fiber, quantum physics denies them the ability to decode it because of quantum "noise," Kumar said.

Northwestern's patented technology applies a quantum polarization angle to each transmitted bit. If eavesdroppers try to decode the message they must transgress Heisenberg's uncertainly principle — that is, their observation of the data introduces so much quantum noise as to render the result indecipherable, according to Kumar and Yuen. However, the intended receiver can use the secret key to remove enough noise to decode the encrypted data. Northwestern's secret-key encryption (SKE) secures the data stream using the same basic encoding method MajiQ and id Quantique apply to secure keys. But the SKE system uses 4,096 different polarization angles, vs. four for the QKD technique. So instead of a 50 percent chance a hacker will choose the wrong filter, as in QKD, the chances are only 1/4,096, or .02 percent, with SKE.

Kumar and Yuen predict products within five years from Northwestern's industrial partners: Telcordia Technologies (Red Bank, N.J.) and BBN Technologies (Cambridge, Mass.).