A team of researchers from Northwestern University in the US and BBN Technologies have demonstrated the world's first working quantum cryptography network. Northwestern University's Dr Gregory Kanter, who coordinated the demonstration, talks to Liz Tay about the basics of quantum cryptography and its potential for use in security systems of the future.

**What is quantum cryptography?**

A broad definition would be any system that utilizes effects arising from quantum physics to aid in creating cryptographic systems. Quantum key distribution, quantum data encryption, and quantum bit commitment are some examples. Key distribution generates shared secret keys usually for use in data encryption, which protects data from unauthorized observation.

You can view key distribution as the combination to a safe and data encryption as the safe itself. If I want to send a package over an insecure distribution system without allowing it to be tampered with, I could put the package in a safe, send the safe to the desired party, and have them open the safe with the combination. In order to do this I need to securely share a secret (the combination) and have a safe which is not easy to open without the combination. These two functions are distinct, but necessary for end-to-end security.

One can classify quantum cryptography into two types. One type exploits effects that are fundamentally 'quantum' and have no classical analog. An example would be quantum key distribution (QKD) based on entangled photon states. Such techniques can be very powerful, but are also quite fragile, making them difficult to implement in fibrer links greater than about 100km.

Another class would be systems that exploit certain immutable properties of quantum physics, such as the ultimate limit on signal-to-noise ratio dictated by quantum optical theory, and exploit these phenomena in a classical (macroscopic and easily observable) environment. This latter classification is much more robust. An example of such a system would be the AlphaEta method of data encryption.

One type of quantum cryptography is not strictly better than the other (although some quantum cryptographic systems are better than others) as both types have different beneficial properties.

**Why is there a need for quantum cryptography?**

Cryptographers, who try to build systems which can securely communicate information, are forever hounded by cryptanalysts who try to break into these systems. Methods of providing security that were effective some years ago may, due to advances in computation power or analysis techniques, become vulnerable. In fact, there are cases where new systems designed for security are shown to have critical flaws very early in their life cycle (for instance, security issues associated with WiFi).

Using quantum effects is a new tool which can greatly increase the power of a cryptographer. In principle quantum effects can also be used to increase the power of an eavesdropper, but this requires a quantum computer which is extremely difficult to build.

Some researchers think useful quantum computers will never materialize, but the field is still very young. If a quantum computer can be built, it could wreak havoc on many traditional cryptographic protocols, particularly those based on the difficulty of factoring large numbers which are often used to distribute secret keys (so called public key cryptography).

However, in principle some quantum cryptographic objectives, such as quantum key distribution, may be proven to be invincible to any advances in technology including a quantum computer. Although no concrete quantum system has been proven to be fully (unconditionally) secure, this is one of the goals of the community. Note that the quantum effects used in cryptography are much easier to produce than a quantum computer, and commercial quantum key distribution systems currently exist.

Thus, it appears that quantum cryptography has the upper hand over quantum cryptanalysis, as it is both achievable and probably more powerful. In any event, users must continue to improve their cryptographic systems as attackers can also benefit from new technologies.

**What was new about the NU/BBN demonstration?**

Northwestern University researchers developed a new method to encrypt data which uses quantum noise to help improve the security of optical communication systems. This quantum-enhanced encryption technique is called AlphaEta.

AlphaEta is inherently compatible with the current fibre infrastructure. For instance, the signals can travel through long-haul amplified fibre links. AlphaEta has been demonstrated in realistic environments previously. However, previous demonstrations required the secret keys to be directly coded into the system (pre-shared).

Note that AlphaEta is an encryption system which is a fundamentally different function than a quantum key distribution (QKD) system. QKD systems are severely hampered by the fragility of the quantum states used, and thus are not amplifiable and can not propagate long distances (about 100km). AlphaEta, in contrast, is much more robust and performs similarly to traditional optical communication systems.

Page Break

**How many other working demonstrations of quantum cryptography have been developed?**

Quantum key distribution systems have been demonstrated in several laboratories around the world, and commercial systems also exist. In 2004 BBN demonstrated the first Quantum Network which provided fully functional, end-to-end key distribution in a networked environment. The NU/BBN demonstration interfaced an AlphaEta cryptosystem with BBN's QKD network such that fresh keys were periodically loaded into an AlphaEta encryption system. Since both encryption and key distribution are needed for secure communications, this combination of QKD and quantum enhanced encryption forms an unprecedented cohesive security model.

**How much did your systems cost and what did they involve?**

QKD systems typically require certain special equipment such as single photon counters which increase their cost beyond traditional communication systems. However, the cost is seen to be manageable as multiple companies have developed commercial systems. AlphaEta encryption systems use commercially available components and would likely require only a modest premium over traditional high performance optical links.

**Is there a limit to the geographic span of a quantum computing network? If a hacker tries to intercept information, is the information destroyed?**

As previously mentioned, there is a practical limit to the geographical size of a QKD network (typically less than 100km for a direct fibre link). When functioning properly, a QKD network determines when a hacker is intercepting information and adjusts accordingly to limit the information an attacker can get to an acceptable level.

AlphaEta encryption can in principle work over distances of the same order of magnitude as traditional optical communication systems. AlphaEta does not stop hackers from intercepting the signals but instead makes the signals so difficult to interpret that they are useless to the attacker. Technically the information is not destroyed; it is just extremely well hidden.

**What do you think the future will be like for cryptography?**

Several companies currently have working commercial quantum key distribution systems, and BBN's QKD network has been operational for years. Additionally, a new company called NuCrypt is developing an AlphaEta encryption system for commercial use. Thus, in some sense, quantum cryptography is already here today.

However, it will likely be a few years before more complete systems such as the NU/BBN quantum cryptography network will be attempted for commercial use. New techniques such as distributed entanglement are being researched that could lead to exciting new applications as well. There is great potential (but also many technical hurdles) in the quantum world making it difficult to predict where it will be 10 years from now.

The current functionality of quantum cryptography, namely key distribution and encryption, are important parts of secure systems. However, there are many other parts to a fully secure network such as preventing denial-of-service attacks and protection against viruses. IT security is an incredibly vast but also extremely important field, and we need all the tools we can develop in order to help preserve our modern way of life.