Cambridge physicists have come up with a new way to build a secure Quantum Key Distribution (QKD) network that could extend the technology’s range beyond 500km for the first time.
Key distribution is the process of sharing cryptographic keys between people who want to communicate securely. QKD is key distribution that attempts to use the fundamental properties of quantum mechanics to make eavesdropping impossible.
Currently, the distance a point-to-point QKD network can communicate is a few hundred kilometres at best, at which point data rates plunge towards the ‘emptying a swimming pool with a straw’ rate of (and you’re not misreading this) 1.16 bits per hour at 400km.
Hypothetically, a quantum repeater could be used to boost the signal, but these are not yet technically feasible thanks to their complex physics.
Another option, demonstrated recently by the Chinese Micius programme, is to send photons through the air from satellites to a network of ground stations.
The team at the Cambridge Research Laboratory of Toshiba Research Europe (CRL) has come up with a more down-to-earth alternative called Twin-Field QKD (TF-QKD) designed to dovetail with conventional communications networks in use today.
Instead of sending photons between two points a long way apart, each station sends photons to a closer central location, boosting bitrates (and therefore secure key rates) to around 100 bits per second for the same channel loss.
TF-QKD allows this to be done securely without the complexity of a repeater, while guaranteeing the security of the channel. The equipment needed for the intermediary would be simple, the team said.
Dr Andrew Shields of Toshiba’s Cambridge Research Lab and co-author of the paper on TF-QKD, told Naked Security:
It doesn’t measure their bit value, it just tells us if they’re the same or different. The station then reports it to Alice and Bob [the communicating parties]. This intermediate point doesn’t have to be in a special location and can even be operated by an adversary.
But why does QKD matter anyway?
At some point, a future quantum computer running Shor’s famous algorithm could pose a threat to the public key encryption that is central to today’s internet.
According to NIST, that could happen by 2029 in the worst case, which would give us a decade to come up with alternatives.
This could conceivably drive security back to symmetric encryption ciphers not based on integer factorisation, such as AES, which can be made more resistant to quantum computers by increasing their key length and boosting hashing output length.
In such a world, the job of QKD would be to distribute these keys securely backed by an absolute guarantee that should the keys be intercepted – i.e. the photons read – that will become known.
Unfortunately, decades of slow development mean that QKD has plenty of sceptics – ‘it’s the future of secure communication and always will be’ to paraphrase this view.
Its point-to-point protocols are also seen as unsuitable to serious use on the internet, not to mention the possibility that it might be expensive to implement.
A couple of years ago, Britain’s NCSC put out a glum document pointing out how far QKD has to go before it can be used in anger.
Reckoned the NCSC:
Post-quantum public key cryptography appears to offer much more effective mitigations for real-world communications systems from the threat of future quantum computers.
Easier said than done of course – which is why TF-QKD could be helpful insurance come the day when a quantum computer makes life more complicated for everyone.