Node-free quantum encryption could secure communications at scale, say researchers

Node-free quantum cryptography network could make niche technology mainstream

UPDATED Scientists claim to have made a breakthrough in quantum cryptography that could make internet communications “impregnable” against cyber-attacks.

A team of researchers has developed a quantum communications network that could lower the price and complexity of building quantum key distribution systems.

This could transform an established but niche technology currently limited to use by banks and governments into something available to “millions of users in the not too distant future”, according to Dr Siddarth Joshi, who led the study at Bristol University’s Quantum Engineering Technology Labs.

“Until now, building a quantum network has entailed huge cost, time, and resource, as well as often compromising on its security which defeats the whole purpose.”

Quantum solace

Quantum key distribution allows two parties to share a secret key used to encrypt and decrypt information. Any successful attempt to intercept the key by an eavesdropper would result in the corruption of the key being exchanged because of fundamental principles of quantum mechanics.

Any attempt to monitor the state of a quantum system must disturb it, introducing anomalies in the process that can be detected and used to abort a key exchange.

Read more of the latest internet infrastructure security news

But while quantum key distribution has been deployed by banks in China and, back in 2007, to secure elections in Switzerland, their resource-intensity has precluded their general application.

“Until now efforts to expand the network have involved vast infrastructure and a system which requires the creation of another transmitter and receiver for every additional user.

“Sharing messages in this way, known as trusted nodes, is just not good enough because it uses so much extra hardware which could leak and would no longer be totally secure,” said Dr Joshi.

The ‘entanglement’ principle

The new technique is designed to overcome this problem by leveraging the ‘entanglement’ principle, whereby two particles simultaneously interact with each other at vast distances from one another.

“This latest methodology, called multiplexing, splits the light particles, emitted by a single system, so they can be received by multiple users efficiently,” said Dr Joshi.

The Bristol team’s node-free prototype can sustain eight users with the same number of receiver boxes, compared to the 56 boxes that would be required using previously best available method of quantum key distribution.

And the gains in resource efficiency would only widen as networks are scaled up, the theory goes.

The researchers say that they built their network for £300,000 in a matter of months, while commercially available production systems might cost millions in comparison.

The system was road-tested in Bristol with receiver boxes connected at various points around the UK city’s existing optical fibre network.

The end of MitM attacks?

Quantum key distribution is not based “on problems that are difficult to solve” like RSA, which “can be hacked with clever algorithms, powerful computers and enough time,” Dr Joshi tells The Daily Swig.

“Implemented correctly”, quantum key distribution leverages the laws of physics to ensure that “data being transmitted cannot be intercepted and hacked”.

This could herald the end of manipulator-in-the-middle (MitM) attacks, says the researcher, even if threat actors build their own quantum systems and connect “into the path between” the sender and recipient.

“The no-cloning principle forbids the exact duplication of a quantum state and [attackers] will introduce errors and hence be detected.”

The service would still be prone to denial of service – which “could be as simple as cutting the fibre with a scissor” – while encrypted communications could be leaked by data recipients or insecure endpoints.

However, entanglement-based quantum communication allows “end users to verify the quantum functionality of” devices. “Further, various device independent protocols exist which can ensure security even if some of the underlying quantum devices are compromised.”

Dr Joshi said the researchers do not have a partner to develop the technology commercially.

“However, we are open to collaborations with partners to develop this further,” he added. “We do have several commercial partners and projects about many different aspects of quantum communication.”

This article was updated on September 9 with additional comments from Dr Joshi.

RELATED GnuTLS fixes ‘encryption interruptus’ security flaw