Quantum cryptography: security solace

Never mind the new James Bond Quantum of Solace film, this is more scary than fiction. There are only a handful of companies in the world that know much about quantum cryptography, yet they hold the key to secure networks in future.

MagiQ (whose backers include Amazon co-founder Jeff Bezos and whose CEO is a former Wall Street trader, Robert Gelfond), Switzerland's id Quantique (a spin-off from the University of Geneva), Smart Quantum based in New York and the Centre for Quantum Technology (CQT), University of KwaZulu-Natal, South Africa, led by Professor Francesco Petruccione.

As Abdul Mizra, physicist at CQT, explains, "Fibre optic networks were always considered to be inherently secure, but now you can buy an off-the-shelf device for US$200 that enables you to eavesdrop on transmissions, including public key encryption codes."

He adds, "The problem with classical encrypted key code distribution is that it is based on the unproven assumption of complexity theory - that is, there are just too many possible combinations to compute to break the code. In fact, all you need is a simple calculator to figure it out so long as you have one of the keys or even part of one. The assumption of complexity hasn't kept up with the advances in computing power."

And all without those you are eavesdropping on even knowing about it. Apparently there have already been a number of instances involving banks' networks, discovered after the event. The information cannot be copied, but is replicated elsewhere.

Mizra explains, "Quantum cryptography is governed by the intrinsic physical behaviour of quantum particles [photons, light particles, that is] as opposed to maths complexities."

However, quantum cryptography has some way to go before it can be commercially deployed. At the moment it can only handle a limited number of end-users and only works over short distances.

Mizra adds, "We use a star architecture, passive optical networks to run the cryptography on, so no routing is involved, but we can only run it on dark fibre for the moment and need to be able to use it alongside lit fibre."

In recognition of these and other limitations that need to be overcome, as well as the growing security threat to public encrypted keys, ETSI has just formed ETSI Industry Specification Group (ISG) on Quantum Key Distribution (QKD). It agreed on the following six Work Items in under 60 minutes:

"¢ security assurance requirements
"¢ user requirements
"¢ components and internal interfaces
"¢ application interface
"¢ security proofs
"¢ QKD devices integration within standard optical networks

The first specifications from these Work Items are expected to be published at the Group's second meeting, as early as December 2008.

Like quantum computing and networks, these guys move fast.