A University of Toronto researcher is working to improve a security technology that could one day make existing PKI implementations obsolete.
Professor Hoi-Kwong Lo, who works in the Centre for Quantum Information and Quantum Control at U of T, is conducting research into quantum cryptography as a means of securing data transmitted via fibre optic cable.
The technique is a break from standard encryption methods which employ public key infrastructure, or PKI. It uses laser light particles, more commonly known as photons, to carry encryption keys.
While quantum cryptography shows great promise, a major shortcoming is that it is only effective over short distances, said Lo, who published a study on the subject in the most recent issue of Physical Review Letters.
Lo has been working with existing quantum cryptographic products to make them more commercially viable.
“We can encrypt a much longer message and encrypt it over a much longer distance,” he said. “We are implementing a new idea which can allow us to send data over much longer distances. It makes the technology much more practical.”
Uncertainty principle
Where PKI uses complex mathematical equations that can be understood and solved by computers, quantum cryptography relies on Heisenberg’s Uncertainty Principle, which states that merely observing an object will alter it.
Lo’s technique produces photonic decoys. If a hacker attempts to intercept the data stream the shape of those decoys would change, which would warn network administrators someone is trying to tamper with the data.
Before Lo began to modify the commercial product, it was only secure up to 10 km. He claims that his technique increases that distance to 15 km. Subsequent experiments increased it to 60 km. Lo said that 120 km is in reach.
This type of encryption technology is of particular interest to the financial community and for military applications, he said.
Rob Gelfond, the CEO of New York City-based MagiQ Technologies, said that he already has some customers for his quantum cryptographic solution, the Quantum Private Network.
He said the product has been available for several years and his clients use it as an adjunct to their existing security technology.
“It means that they don’t have to rely on us 100 per cent, so if our system were to fail for any reason, they would be no worse off than with what they have today,” he said.
Lo experimented with a product made by a Swiss company, not Gelfond’s QPN, but Gelfond said distance has always been a problem for quantum security. To get around that issue, he said you have to place more QPN devices on the network and operate them using a cascading effect.
The price of quantum solutions has been radically reduced in recent years — from millions of dollars to thousands — but it’s still a nascent technology, said Gelfond. IBM and other companies have investigated quantum security but his is one of the few companies that has rolled the dice and produced a commercial product, according to Gelfond.
“If you know of the prototypes that are specifically set up in labs, there’s equipment spread all over the table.
It’s stuff that you probably need a Ph D. to come over every half an hour to check the knobs,” he said.
It could be years before the technology sees mainstream adoption, said Lo, but that’s all the more reason to keep working on a solution.
“One question is future-proofing. We think (existing security) is enough but we can never be sure,” he said.
“It’s kind of like the Holy Grail of physics and crypto: If you come up with a quantum computer it renders everything else before it (obsolete),” said Mary Kirwan, principal of Toronto-based security consultancy Headfry Inc. “It’s kind of like David and Goliath. The PKI guys and government shuddered when they heard about this.”
It’s conceivable that a decade from now, contemporary encryption could be cracked and worthless, said Lo, meaning we’ll need something to take its place.
