By applying quantum physics to encryption, one company promises speedier, more secure key exchanges
Michael J. Bechetti
Quantum computing promises immense speed and flexibility by exploiting the unusual properties of subatomic particles.
So far, that promise has been largely theoretical, but a 4-year-old New York company is beta-testing what it calls the first commercially viable product using quantum mechanics to exchange cryptographic keys.
Digital information consists of a series of binary digits'bits'usually represented as 1s or 0s. Transmitted optically, a bit consists of pulses of thousands of photons.
But in the Navajo Quantum Key Distribution system, each binary digit is transmitted on an individual photon.
Robert Gelfond, chief executive officer of MagiQ Technologies Inc. of New York, said there are limits to the current effectiveness of quantum key distribution.
'This is first-generation technology,' Gelfond said. Nevertheless, he believes it could revolutionize computing by representing data with the multiple quantum states of subatomic particles.
Whether a particle stands for a 0 or a 1 depends on factors such as the spin direction of an electron or the polarization of a photon. That flexibility will make quantum computing fast and quantum cryptography inherently secure, Gelfond said.
'You can't make a copy of the key because the laws of quantum physics prevent it,' Gelfond said. And, because of the speed of quantum changes, 'keys can be changed hundreds of times per second.'Wind talkers
MagiQ announced the Navajo Quantum Key Distribution system in February and demonstrated it at the recent GovSec trade show in Washington.
The appliances, named for the World War II Navajo code-talkers who baffled Japanese eavesdroppers, could be available as soon as the end of the year. Pricing has not been set but likely will be high.
'We've been overwhelmed by companies that want to beta-test,' Gelfond said. The quantum cryptosystem could soon reach government testers, he said, although he declined to name the interested agencies.
Navajo would not replace conventional cryptosystems but instead secure their weakest point: the exchange of encryption keys. The product will ship with both Triple Data Encryption Standard and Advanced Encryption Standard algorithms.
A fiber-optic link must connect two of the Navajo appliances for sending and receiving.
In the first step of producing a key, the sender creates a string of bits with a random-number generator. These bits are represented by variously oriented photons.
A separate random-number generator determines the polarization of each photon. The digital information on each photon therefore depends on two factors: orientation and polarization.
When the key is transmitted, the data stream is secure because of the Heisenberg uncertainty principle, which says that the act of observing a subatomic particle alters its properties.
If a third party eavesdropped on the key exchange, either the photon's orientation or its polarization would change. That would show up as an observable error rate, invalidating the key and making the eavesdropper's information worthless.
'By sending single photons, we are closing the hole for eavesdropping,' said Audrius Berzanskis, MagiQ's senior researcher. 'There is no quantum Xerox machine. If you copy, you destroy.'
Photons can be accurately 'read' at the other end of the link only if the receiver is set to the proper polarization as each photon is received. The receiver's polarization shifts randomly for each photon, so that some are 'read' accurately and some inaccurately.What's left is key
To determine which ones are accurate, the sender and receiver compare their notes on the order of polarization. The inaccurately read bits are discarded, and the remaining bits, known only to the sender and receiver, form the key.
Once a key is established, encrypted transmissions can be sent outside the optical link between the Navajo appliances. For extra security, the encryption key can be changed on an almost continual basis during a transmission. Even if one key were discovered, the amount of data compromised would be small.
Implementing quantum-key exchange is complex, Berzanskis said. Generating and detecting single photons with the desired qualities also is difficult, and timing is critical because the receiver has to know when to look for each photon.
'We are pushing the limits of technology here, working with single photons,' Berzanskis said.
Other limitations arise from the fiber-optic connection between the devices. Using them for desktop-to-desktop encryption will be awkward, so both sender and receiver must work in secure environments.
The value of quantum-key distribution lies in top security rather than economy.
Its cost probably makes Navajo feasible only as a network-to-network encryption system, Gelfond said, and its use likely will be justifiable only if absolute data safety is required.
There also are distance limits. Amplification or regeneration of photons destroys their data content by changing their state, so quantum-key distribution works only over several tens of kilometers with current fiber-optic cable. That restricts its use to storage, campus and metropolitan area networks.