Quantum encryption combats threat posed by quantum computing hacks

July 2, 2018
With the impending advent of quantum computing threatening to increase the horsepower of cyberattacks, ADVA Optical Networking has reported on its participation in a pair of efforts to enable quantum-level encryption. One, led by the University of Cambridge, has seen the deployment of fiber links in the UK fortified with a quantum key distribution (QKD) scheme. The second trialed a potentially even greater level of security via a post-quantum public-key encryption system on a route that leveraged multiple research and education (R&E) networks.

With the impending advent of quantum computing threatening to increase the horsepower of cyberattacks, ADVA Optical Networking has reported on its participation in a pair of efforts to enable quantum-level encryption. One, led by the University of Cambridge, has seen the deployment of fiber links in the UK fortified with a quantum key distribution (QKD) scheme. The second trialed a potentially even greater level of security via a post-quantum public-key encryption system on a route that leveraged multiple research and education (R&E) networks.

Current optical networks can enjoy a significant amount of security from data transmission breaches, says Jörg-Peter Elbers, senior vice president, advanced technology, at ADVA. Layer 1 encryption capabilities using Diffie-Hellman key exchange techniques are widely considered sufficient to withstand de-encryption attempts that use current technology. However, security experts fear that Diffie-Hellman won’t hold up to the power of attacks that use quantum computing resources. More robust key exchange and, potentially, encryption algorithms likely will need to be employed, Elbers explains.

The two recent efforts illustrate the direction that the next generation of encryption may take. In the University of Cambridge effort, the university has partnered with ADVA, Toshiba, and the Quantum Communications Hub to use QKD to secure a metro network in Cambridge; there is also a separately constructed 120-km spur link that connects to BT Labs’ Adastral Park facility in Ipswitch. QKD uses a distinct channel for quantum-based key exchange at the photon level that can reside on the same fiber as the encrypted transmission or a separate one. Attempts to intercept the data disturbs the photons, which likely will result in coding errors and will alert network managers of a “man in the middle” intrusion.

In the Cambridge network, the FSP 3000 platforms use QKD encryption capabilities from Toshiba, based on early drafts of a new ETSI quantum-safe cryptography standard a Toshiba-led Industry Specification Group has under development. Researchers will use the network to test the application of QKD-enabled encryption in a variety of scenarios.

Post-quantum key exchange

Meanwhile, security specialists also have interest in quantum-sturdy techniques that can augment existing security schemes quickly and efficiently. ADVA participated in a demonstration of such an approach alongside Broadnet, GÉANT, NORDUnet, PSNC, and UNINETT. Here, the partners demonstrated the use of “post-quantum” key encryption based on a variant of the Niederreiter scheme. The scheme has been around for some time, explained Elbers. It uses larger keys than those typically employed in Diffie-Hellman; optical transport systems now support transmission rates great enough that the larger key size no longer significantly degrades transmission efficiency. One benefit of the approach is that it can be implemented at the network endpoints, leaving the rest of the network untouched. Thus, such key encryption can complement any encryption scheme the network has in place. The Niederreiter scheme is one option under consideration within the NIST Post Quantum Encryption Standardization effort.

The field trial saw the Niederreiter-based approach implemented on a 2,300-km link from Poznań, Poland, to Trondheim, Norway. The run made use of three R&E networks, thus demonstrating the ability of the encryption approach to work in a multi-domain environment. The post-quantum key exchange algorithm worked smoothly with the FSP 3000’s commercially available ConnectGuard AES encryption capabilities. The trial also saw the Niederreiter algorithm used in combination with Diffie-Hellman to create a hybrid key exchange system.

Elbers predicts network operators such as governments, financial institutions, R&E organizations, and others would have interest in the quantum-resilient security measures described here. However, both the ETSI and NIST standards efforts are ongoing; Elbers predicted the NIST work would last at least until 2022. He theorized that commercialization of such technologies might come before the standards work completes.

For related articles, visit the Network Design Topic Center.

For more information on high-speed transmission systems and suppliers, visit the Lightwave Buyer’s Guide.