19 Nov 2018

Quantum computers will soon make some of our strongest encryption useless. And that's where quantum cryptography comes in

This article originally appeared in Wired

Quantum computers will soon render some of our strongest encryption useless, cracking high-entropy keys in seconds thanks to their ability to quickly work out the long prime numbers used to generate them.

If you're wondering what the tech industry is going to do about it, then research, technology and telecommunications experts BT might have the answer.

Photons in a quantum superposition state pulse down a fibre-optic cable at BT's Adastral Park research facility, resolving into binary ones and zeros as they reach their destination, where they're read as a key that can decrypt a parallel stream of data.

Thanks to quantum indeterminacy, any attempt to snoop on the transmitted keys is immediately detected. This is quantum key distribution (QKD), and it's one method of securely transmitting data without using traditional public key encryption.

So far, the QKD encryption system's security seems robust, but it's still experimental, and its first users outside the research community are likely to be those for whom security is far more important than cost or convenience.

BT's head of optical research Andrew Lord predicts that early adopters will include "niche players such as secure government, the financial sector, health, cloud and critical infrastructure."

QKD could be used to protect major UK network routes and provide quantum-protected Ethernet connections for companies that need high-security communications, including firms in the energy sector and "anyone with an asset that needs protecting that would cause a lot of damage if it were in the wrong hands."

How does QKD work?

Quantum key distribution – like most applications of quantum physics to tech – can be a little mind-bending to get your head around at first. It all hinges on the fact that measuring the state of a photon changes that state.

The system BT is working with involves a pair of Toshiba's prototype Quantum Crypto System units, directly connected using fibre-optic cable.

The QKD sender transmits photons, one at a time, down the fibre to the receiving unit. A quantum property is applied separately to each photon – this could be polarisation, phase or position – to designate whether that photon represents a one or a zero.

Because of the nature of matter at this quantum level, the photons can be sent in a superposition state, in which they have states representing both one and zero simultaneously. It's only when the photon is observed or measured that it collapses into a fixed state.

If a third party intercepts the key transmission and reads it, they won't then be able to re-transmit it to the intended receiver in exactly the same state that it was initially sent in. If they try, the receiver will get meaningless data and it'll rapidly become apparent that someone is tapping the line.

Why can't we keep using public key cryptography?

Most of the cryptographic services we use today, from credit cards to secure websites, rely on asymmetric cryptography: a system that uses one key to encrypt the data and another to decrypt it. Binary digital computers are slow at factorising long numbers, so working back to find the prime numbers used to create the public key can take tens or even thousands of years.

"But quantum computers don't do linear arithmetic," BT's lead innovation and security consultant Sam Cater explains. "They don't iterate through sums until they get a success. Instead, they consider all permutations of all possible numbers at the same time – the way time works in the quantum world is truly fascinating."

Currently, the most powerful quantum computers in existence can only handle 72 qubits (quantum bits), meaning that they can only deal with strings 72 bits long – far shorter than most cryptographic keys.

But that's not going to be the case for long.

Encrypted data that's secure and unbreakable today could be rapidly cracked by future quantum computers. Cater warns that "nation states trying to spy on people don't have to intercept communications and decrypt them immediately. They can store that data and stockpile it because storage is cheap."

Researchers are working on quantum-safe classical cryptographic algorithms but QKD represents a cryptographic method that neatly sidesteps the entire problem.

Where will quantum key distribution go next?

The biggest problem with current QKD technology is that you can only send a photon about 100 kilometres down a fibre-optic cable before it's too dim to be received. After that, you've got to decrypt and retransmit it, which calls for a high-security installation and some expensive kit.

BT's longest QKD network, built with £2m of government funding under the auspices of the Quantum Communications Hub, runs between its Ipswich lab and Cambridge University. But those transmission distances are about to get much longer.

The company will soon start work on a European satellite QKD project. The idea is that individual photons will be sent from low Earth-orbit satellites to receiving stations on the ground, allowing the satellites to carry keys with them as they circle the globe.

While current QKD technology requires a photon to be directly transmitted, that limitation may not last forever, either: in the future, QKD could that take advantage of quantum entanglement.

This is the holy grail of quantum communication, where the movement of one of an entangled pair of photons is mirrored by its partner, no matter how great a distance separates them.


BT will be running a concept experiment to illustrate QKD encryption technology at WIRED Smarter 2018 at King's Place in London on October 9.

Read the most recent articles written by BT - A critical enabler

Share this page