Quantum encryption poised to tighten data security

Hancock, N.H. - Is absolute data security achievable? That's a question much on the minds of national security officials as quantum cryptology moves out of the labs and into commercial systems that leverage advanced optical-networking technology.

Three companies-id Quantique SA (Geneva), MagiQ Technologies Inc. (Somerville, Mass.) and NEC Ltd. (Tokyo)-have brought out encryption systems for optical networks that rely on fundamental physical laws to block eavesdropping. Meanwhile, a group based at Austria's University of Vienna is quickly moving toward a commercial quantum-encryption system based on a novel photon entanglement approach.

Even as these products find their way into the arsenal of IT professionals, however, some quantum-information experts are questioning whether the Heisenberg uncertainty principle-the bedrock of quantum-encryption schemes-is the absolute barrier to data theft claimed by proponents of the approach.

Indeed, quantum encryption appears to be following a familiar pattern experienced by past encryption technologies: A new approach that is viewed as "uncrackable" works its way into practice, only to be defeated by a clever attack unsuspected by its creators.

The accepted wisdom driving the recent surge in quantum-encryption schemes posits that physical laws cannot be violated, and thus the quantum properties of photons offer an absolute level of security to optical networks. But Richard Kuhn, a computer security expert at the National Institute of Standards and Technology, has published a method for defeating several quantum-encryption schemes, although Kuhn's method will not work with the BB84 protocol used in commercial systems.

Using a classic gambit called a man-in-the-middle attack, Kuhn shows that an eavesdropper could intercept the photons representing an encrypted sequence of qubits-binary data encoded in the quantum state of single photons-and resend the information without detection.

Such data interception was thought to be impossible since any attempt to observe information encoded in quantum states would randomly perturb the data, leading inevitably to detection of the observation. But Kuhn has come up with variations through which an attacker could use quantum entanglement of photons to extract information without being detected.

In order for this attack to work, the encryption scheme would have to use quantum entanglement as part of secret-key generation. Several proposed encryption schemes are based on entanglement, which is attractive because it produces robust single-photon transmission capabilities.

The BB84 approach, proposed by Charles Bennett and Gilles Brassard in 1984, is the oldest quantum-encryption scheme and has exhibited some weaknesses attributable to the limitations of existing technology. The ideal would be the use of single photons, but it is relatively difficult to pick out single photons from the background noise in optical fibers. Thus the current tactic is to use highly attenuated photon sources so that each qubit is represented by a small group of photons, making them easier to detect.

Though attenuated sources produce encryption schemes that could be transmitted over realistic distances in optical networks, they could easily be cracked by splitting off a few photons from a packet using a beam splitter. The remaining photons would not be perturbed, so the extraction of information could go undetected.

But now Austrian researchers have demonstrated an optical encryption scheme based on BB84 that uses single photons. Ironically, the method was made possible by using quantum entanglement, although the modified BB84 method is not vulnerable to Kuhn's man-in-the-middle attack.

In a real-world experiment, a commercial bank and Vienna City Hall were connected via a fiber-optic link that was run under the streets. The system was able to generate identical random sequences of bits at both ends of the fiber, and the key was used to send a secure bank transfer.

The demonstration system was built under a joint project of the University of Vienna and ARC Seibersdorf Research GmbH. Anton Zeilinger of the university is a pioneer in quantum cryptography whose group was the first to demonstrate key distribution using entangled photons in 1998. The two groups have been working together for two years to produce a commercial quantum-encryption product. A full account of the encryption system appears this month in the online journal Optics Express (www. opticsexpress.org).

From the viewpoint of a security expert, an absolutely uncrackable encryption system is unattainable because all technology is a moving target. Kuhn points out that all the progress in cryptology over the past few centuries was instantly rendered obsolete by the invention of the electronic computer.

Two basic approaches are used today in nonquantum encryption. Private keys are based either on computationally difficult problems or on data streams generated by complex bit transformations. But since computer technology is growing rapidly in computational capability, any such scheme quickly becomes dated.

NIST has a large effort in the area of data security and is attempting to stay ahead of the quantum-encryption game with a sophisticated optical testbed. The facility has already produced a notable enhancement in quantum-key generation: Keys were generated at a rate of 1 Mbit/second, which would be fast enough to encrypt multimedia streams. That indicates that quantum encryption may ultimately be faster than conventional approaches. One persistent trade-off for computer security schemes is that increased security results in slower data processing.

Indeed, quantum-computing theory was thrust into the spotlight when Bell Labs researcher Peter Shor showed that a quantum processor could factor huge prime numbers almost instantly, an operation that is the basis for most existing encryption methods. Quantum-computing schemes have blossomed since then, and quantum hardware is emerging at a rate reminiscent of the early days of the electronic computer.

Researchers are also proposing quantum networks based on teleportation of quantum states for both internal connections and a new type of computer networking.

Quantum information science will be the topic of a conference this week at Cambridge University's Newton Institute. There will be 30 invited talks on such fields as quantum algorithm design, quantum communications and cryptography, and fault-tolerant quantum processing.