QuintessenceLabs derives keys from a quantum source that is truly random, which means they might be legitimately unbreakable...
The strength of encryption depends heavily on the quality of the cryptographic keys. QuintessenceLabs, an Australian cybersecurity company that uses quantum physics to build data security tools, has developed a qStream quantum random number generator (QRNG) that provides encryption keys with full entropy, meaning they are truly random.
The first round of quantum key distribution (QKD) technologies created keys using mathematical techniques (sometimes based on physical phenomena) that were so profoundly complex they didn’t need to be inherently random; the assumption was that seeming to be random was just as good as being random. It turned out that in some instances, the assumption was wrong. The search for a technique that was truly random — truly entropic — was far from over.
Jane Melia, the vice president of strategic business development for QuintessenceLabs, described how the company derives keys from a quantum source that is inherently unpredictable, and therefore truly random.
She also said the company’s technique avoids a common problem in cryptography. When transferring encrypted data, the process of encrypting and decrypting can come at the cost of performance. Melia said QuintessenceLabs’ technology supports 1 Gbps speeds for commercial applications in enterprise, cloud or shared environments such as entropy as a service (EaaS), simulations, modeling and computer games.
In addition, QuintessenceLabs has used its quantum expertise to develop QKD capabilities which will protect the exchange of encryption keys between remote locations, safe even from the attacks of quantum computers.
“Second-generation quantum key distribution (QKD), using coherent lasers, allows us to have a higher throughput rate and use more standard off-the-shelf equipment, which has performance and cost benefits, although it’s actually more complex to implement,” said Melia.
She added, “The market for this type of technology was small when the company was founded, it was still quite early days, but it took time to develop this type of technology and bring it to a commercial level. And working on the QKD provided many parallel benefits. With the work that we were doing, it required us to develop quantum random number generators at very high rates and do a lot of key management because you need to manage the keys that you’re sharing. And so we actually developed a very good source of entropy, our quantum random number generator at one gigabit per second, and commercial key management capabilities that we have deployed around the world.”
The company is leveraging quantum tunneling, to “qStream,” its quantum random number generator (QRNG). By generating stronger encryption keys, the company is improving data protection.
Quantum physics for security
In terms of how quantum phenomena are being used to improve security, there are several elements to consider. First of all, one of the anchors of security is entropy or randomness. And a lot of the randomness that we’re using today is deterministic or pseudo-random. And that’s not necessarily effective.
“So one key thing that quanta can do, which is really important, just to build a solid foundation for security is to provide entropy, good quality entropy. Einstein said ‘God doesn’t play dice;’ he was very uncomfortable with the concept of uncertainty around quanta. But basically, all the experiments and all the theories, showing that there is an unpredictability about quanta that we can capture to develop randomness,” said Melia.
In the past, and still today with non-quantum tools, if you wanted high-quality entropy, you have to sacrifice performance. “And what’s happening now is that we’re able to combine the quality of entropy with its speed to make this useful from a business perspective. For example, some of the top 20 banks in the world are using our entropy devices to improve security within their network. Another thing quantum can do for security is the key exchange,” said Melia.
Melia pointed out that key exchange is really a threat to asymmetric encryption, which is how we exchange keys today. And that it will be vulnerable to quantum computers as quantum computers mature.
“In fact, a lot of people are saying that already today our data is under the threat of harvesting attacks, whereby it is captured, held, and then maybe decrypted later, as quantum computers mature. So the good thing is that the computers aren’t there yet. The challenge, though, is that quantum computers will be able to break symmetric encryption in the next years, I don’t know if it’s five or ten years. And we have to be ready for that. There’s a delay in developing systems to replace our current key sharing methods,” Melia said.
“So the time to start to address these issues is now and quantum technology can help in two ways,” she continued. “One way that people are starting to address it is by using quantum-resilient algorithms, like the work being done by NIST and many companies to come up with better asymmetric encryption. This is, essentially, an alternative to standard encryption that will allow us to exchange keys, which is a good approach but remains vulnerable to future advances in computing. An alternative way, which is more robust, but somewhat more challenging, is to use physics to protect that exchange. That’s what QuintessenceLabs really focuses on with quantum key distribution,” said Melia.
A cryptographic system consists of two or more parties exchanging information using various methods and protocols. Cryptography, therefore, provides methods to support message security. Some cryptographic methods require the use of a key that must be of high quality with secure protocols for distribution. “We can distinguish three types of security primitives: keyless primitives with arbitrary-length hash functions, symmetric-key primitives to keep the information confidential, and public key primitives for key exchange,” said Melia
A weakness in conventional symmetric key cryptographic systems is the distribution of key material among the parties. This key distribution problem has several solutions involving public-key algorithms (RSA, DH, ECC, DSS, etc.) or symmetric key protocols (e.g., Kerberos). In all this, the main advantage of quantum key distribution over conventional cryptographic techniques is to allow the continuous generation of the information-theoretically secure key.
Quantum physics offers an information-theoretically secure method with QKD (quantum key distribution) that allows two remote parties to securely generate secret material.
A QKD system comprises a sender unit (we’ll call her Alice) and a receiver unit (Bob) housed in secure locations. Optical fiber provides the physical layer for the quantum channel. An ethernet network communication link between Alice and Bob is used for peripheral communication between the two parties. This pair of links (the quantum channel and the classical channel) forms the basis of the “QKD layer” of all QKD systems.
Alice transmits coded random information about quantum states of light, and Bob measures these states with detectors. Subsequently, through algorithms, Alice and Bob extract a cryptographically secure key. Information theory shows that QKD is secure with zero chance of intercepting secret keys.
“Using the Heisenberg principle, you’re exchanging information, if it’s observed it is changed, and you have a protocol that allows you to assess whether there’s been any interference on the exchange of keys and enables you to discard keys as appropriate. The good thing is, if you’ve been able to successfully exchange the keys using that protocol, those keys have been securely exchanged. So your data encrypted with those keys is going to be safe for as long as you need it,” said Melia.
The laser transmitter is divided into two interferometer-like arms, one reference and the other signal. Two independent random number sequences are generated using a pair of quantum random number generators (QRNGs), whose outputs are encoded to the laser amplitude and phase in the signal arm using an amplitude modulator (AM) and a phase modulator (PM). The laser signals are recombined with a polarized beam splitter (PBS) and transmitted along with the fiber. The receiver has a polarization controller (PC) and a polarized beam splitter (PBS) to split the signal and reference. The two homodyne detectors are used to measure the amplitude and phase quadratures.
Two approaches related to the corpuscular or wave aspect of the quantum of light are employed to generate the secret key. The first approach is the single-photon discrete variable QKD (DV-QKD): information is encoded based on polarization and other quantum parameters. The second approach is continuous variable QKD (CV-QKD): information is encoded based on the amplitudes and phase of a coherent laser acting as a transmitter, and a receiver measures the parameters.
Amplitude and phase quadratures of light can be detected using balanced homodyne detectors that require a local oscillator, with a signal-to-noise ratio greater than 10 dB for a bandwidth greater than 3 GHz. The local oscillator offers robustness against jitter and acts as a filter so that only photons with the same frequency and in the same optical mode as the local oscillator’s laser are detected with its detector.
Although CV-QKD is a much younger technology, it offers similar performance and safety levels to DV-QKD. CV-QKD, however, requires more complex processing, which has been a barrier to some development, but with the potential of lower production cost due to the use of standard off-the-shelf components. In 2009, it was demonstrated that CV-QKD is theoretically information-safe at the same level as DV-QKD. CV-QKD can be implemented by modulating the amplitude and phase of a coherent laser and are compatible with current telecommunications technologies.
A true single-photon source is very dispensable and can sometimes be approximated using an attenuated laser. Both sources obey the Poissonian statistic where there is a non-zero probability of generating two photons per pulse with a safety risk.
In a DV-QKD, the efficiency is related to photon detection using avalanche photodiodes or superconducting devices. The following factors limit the efficiency: dark noise, jitter, and detector dead time. Single-photon detectors in any case can be expensive and require cooling (via liquid nitrogen or liquid helium) to achieve maximum performance. The evolution of the technology has made it possible to reach distances of over 200 Km for DV-QKD with a speed of a few hundred bits per sec.
The CV-QKD technique offers a high key rate using off-the-shelf telecommunications components, including shot noise limited lasers, modulators, and balanced detectors, all in small form factors.
CV-QKD does not require single-photon detectors and can leverage improvements in technology to improve efficiency, particularly leveraging advances in VLSI areas with indium phosphide (InP) solutions, planar lightwave circuits (PLCs), and more recently, silicon photonics.
“One of the fundamental physical limitations of quantum key distribution is the distance because the noise of the signal increases exponentially with a distance, which means that although in theory, quantum key distribution can go maybe hundreds of kilometers, in practice to get the throughput that people need, we’re talking about 50 kilometers or 60 kilometers,” said Melia.
She added, “fundamentally, quantum key distribution is what they call information-theoretical security, which means there’s not enough information there for the computer to solve that problem, regardless of its processing power. And that’s the beauty of quantum key distribution. Quantum computers can improve, but they still won’t be able to intercept the keys being exchanged, just as they won’t be able to predict quantum entropy, because each bit is 100% independent of the bits around it.
“Simply put, mathematics is vulnerable to improvements in processing power, to supercomputers, to quantum computers. But solutions that use physics such as quantum entropy and quantum key distribution are not. These technologies can give us a really strong foundation from which to build next steps for a quantum safe future. For example, right now, we don’t have a quantum-safe internet, which, of course, we all rely on. Clearly, an internet vulnerable to quantum attacks would be very risky indeed. There’s a lot of work being done right now on the concept of a quantum internet, which could for example be protected, anchored basically by the distribution of quantum keys. And this would be a new era in which our data exchange becomes safe and secure again. This is really exciting. Like one area of focus that we’re going to hear about in the next 10 to 20 years is the quantum internet which should transform our communications infrastructure.”
Quantum tunneling is a phenomenon in which a particle travels through a barrier that, according to classical mechanics, it should not be able to cross. Quantum tunneling results in random fluctuations in the current with no way to predict the behavior. QuintessenceLabs has developed a qStream solution to measure and digitally process these fluctuations to generate “full-entropy” random numbers, replacing random number generators (PNRGs) based on deterministic algorithms with vulnerability issues.
QuintessenceLabs’ “qStream” quantum random number generator is NIST SP 800-90A compliant and meets the requirements of NIST SP 800 90B and C draft. It is provided as a standalone appliance or as part of its Trusted Security Foundation (TSF).