Two hundred local government employees across the capital of China's eastern Shandong province will soon be encrypting messages with keys that are "impossible" to crack.
QuantumCTek, headquartered in the humid, subtropical city of Hefei in eastern China, will next month launch a commercial network for creating and sharing secure "quantum keys" across 200km2 of Jinan, China. It'll be the first such citywide system in the country, and outside scientists tell us it's likely one of the largest in scale (at least, that isn't top secret) in the world.
The classical encryption we enjoy today in our apps, sites and services has a tiny flaw: it's based on the principles of mathematics. If a computer were able to make an unlimited number of guesses, then it could theoretically discern any key.
Many security professionals call existing government-grade cryptosystems – such as 128-bit or 256-bit AES keys – secure enough for practical purposes. It would take today's computers an infeasible amount of time to find the correct key and then crack private messages open (it's publicly known that the US's National Security Agency can today crack 80-bit encryption, but scientists believe that AES-256, which could require a computer to make up to 2256 guesses, might take 100 years to be feasible to crack.)
QuantumCTek CEO Yong Zhao is worried about the future possibility: quantum computers, which can exploit the mysterious principles of quantum mechanics to perform computations much faster than a classical computer, finding values for keys much more quickly. With one quantum computing algorithm, for example, 256-bit keys could be discerned in 2128 steps or less.
Distributing RSA over a public communication channel might not be secure if RSA could be cracked, Zhao says.
QuantumCTek's new quantum key distribution network, as first reported by China's state news agencies earlier this month, has six "control centres" spread throughout Jinan that facilitate sharing keys hidden inside the states of photons. Like quantum computers, these special keys exploit the principles of quantum mechanics.
In this case, the aim is make them physically unguessable, thus future-proofing encryption done by these keys to possible attack.
"We know there's no backdoor," Zhao told The Register.
How it works
In the quantum key distribution network, the control centres generate and stores random keys at 10kbps, 24 hours a day. The bits of these keys get stored as 0 or 1 inside the polarisation states of photons. By the principles of quantum mechanics, once you measure a photon's state, you can't measure it again without changing the state – so good luck guessing it after it's used!
The system has one fibre for sharing photons and one fibre for data transfer.
For our classic crypto couple Alice and Bob to communicate, they first must receive a secret random number, N, that will be used to help authenticate their interaction via any one of the control centres.
Then, they each generate their own separate sequence of random bits, A1 for Alice and B1 for Bob. Alice and Bob send their respective bits – stored as photon states – to that control centre.
Using four semiconductor photodetectors (about the size "of a small box" – Zhao declined to clarify their size or provide further technical details) – the control centre measures their polarization state and creates new bit sequences, C1 for Alice and C2 for Bob. After doing some postprocessing (C1 and C2 are shorter than the original bits because of fibre losses, channel noise and measurement error) for length and security, the control centre creates a K1 for Alice and K2 for Bob, which it shares with Alice and Bob inside photons.
Next, the control centre encrypts K1 by adding its bits to K2 (called a "one-time pad") and sends K1 to Bob via photons. Now, Bob has K2, so he can decrypt K1 to get it. Hence Bob can use K1 to decrypt any future messages from Alice.
The control centre also shares a third key, K3, with Alice and Bob that will be used in addition to their secret random number for authentication, created the same way.
Alice then encrypts a message with K1, typically by using AES or SM4 (a Chinese encryption standard) or, in cases where extreme security is necessary, using a one-time pad. Alice creates a checksum of this message using the random number, encrypting it with K3.
Alice then sends the K1-encrypted message and K3-encrypted checksum to Bob. Bob uses K1 to decrypt the message, and verifies it came from Alice by decrypting the checksum with K3 and recomputing it using the random number N they'd shared previously.
They send 40 million photons per second, and in the end they get, on average (after processing) a data transfer rate of 4,000bps sent. The longest transfer is about 50km to 60km. Zhao says the system photon loss is about .2 or .3dB per kilometer.
The frequency of key updating depends on the wishes of the users, he says.
From theory to practice
The CEO said the most difficult part of engineering was making the system commercial – to deal with the reality of working in a real environment. The team created a test bed network in 2013, which evolved into the commercial network this year – with 100 test users. Testing finally finished just under three weeks ago, on 30 June.
Zhao said researchers independent from QuantumCTek had evaluated the security of the network (to check for any loopholes) and are preparing a paper on the results of the test bed network. For documentation, he referred The Register to papers on the backend technology published before the testbed network was constructed (see here, here, here and here).
By the end of next month, he says 200 employees in the local Jinan government (which owns the network) will use it for sending text, photos and videos.
He says many researchers are working on using satellites to aid with quantum key distribution or quantum encryption, and he says that "I think we need both" a ground network as well as satellites because of technical difficulties during ground-to-satellite communication (you'd need a satellite for communicating from China to the United Kingdom, for example, because of losses at great distances).
"We think our tech is secure right now," he says. "Why do we wait until quantum computers can break classical cryptography?"
Companies such as NEC and Toshiba are also testing quantum key distribution, while companies such as ID Quantique in Geneva have been offering hardware for quantum key distribution for years. Many research groups are also developing their own quantum communication networks.