The first quantum key distribution network in the United States promises un-hackable data security.
FORTUNE — As revelations about the depth and breadth of the NSA’s digital eavesdropping program continue to come to light, Ohio-based Battelle Memorial Institute is rolling out a new kind of network encryption designed to be virtually un-hackable — not only now, but in the future. The non-profit research and development contractor has installed the first quantum key distribution (QKD) protected network in the U.S. linking its headquarters in Columbus to those in its manufacturing facilities in Dublin, Ohio, some 20 miles away.
Transmission of secure data typically relies on encryption and decryption “keys” generated by sophisticated algorithms and swapped between sender and receiver so encrypted data can be deciphered. These keys are generally considered secure, but their degree of security is highly dependent on how much computing power a third party has at its disposal. High-powered supercomputers can crack many of today’s standard encryptions, and those encryption schemes that aren’t breakable now will become so in the future as the speed and power of supercomputers continue their ever-accelerating uptick.
In other words, even the best standard encryption that’s considered unbreakable today will be vulnerable at some point in the future — likely the near future. That’s one reason agencies like the NSA are building massive server farms in the Utah desert on which to bank encrypted data that they can’t yet decipher. And it’s why Battelle and its partners at Swiss quantum technology outfit ID Quantique are investing heavily in a new encryption scheme that they see as the future of high-value data security.
“We’re a contract R&D organization, so we have a lot information we want to protect,” says Don Hayford, a senior research leader at Battelle. “We started looking about three years ago into network security in general, and we could see that things like RSA-1024 [a commonly used 1,024-bit encryption key] has probably been broken, some of the other public-key infrastructure technologies maybe haven’t been broken yet but will soon be broken by bigger, stronger, faster computers. So we weren’t just looking at our security, but at the country in general. What’s going to happen when these things are all falling apart?”
QKD stood out to Battelle’s researchers as the best technically feasible means of generating secure encryption that wasn’t just a solution that works now and that won’t leave data exposed in the future. But QKD also has some drawbacks, including a limited range and potential difficulties in sharing keys. So Battelle turned to ID Quantique, a Geneva-based quantum technology company with extensive experience in quantum communications, to help smooth out those issues.
QKD works by tapping some of quantum physics’ stranger phenomena to make it virtually impossible for a third party to steal an encryption key without sender and receiver being aware. Using a standard encryption algorithm, the sender encrypts the data and transmits it to the receiver. But instead of sending along the key by conventional means, it is encoded into a single photon — the elementary particle of light — which is then placed into a correlated state with a second photon. Physicists call this “entanglement” (Einstein called it “spooky”) and under the laws that govern the quantum world any attempt to observe or measure one photon affects the other correlated photon regardless of whether they are in the same room or on opposite sides of the planet.
The key-encoded photon is then beamed through a standard fiber cable to the receiver who can use the key to decrypt the data. If any third party should somehow be able to get between send and receiver on the network at just the right moment to trap a single photon moving at the speed of light (an unlikely prospect), any attempt by the third party to observe or measure the encoded photon would alert the sender because it would also affect the correlated photon that is still in the sender’s possession. And because the third party can’t surreptitiously copy the key and hold onto it for later, the user doesn’t have to worry about some future supercomputer breaking the code at a later date.
That all sounds a bit complex — and even sci-fi — but the science is readily understood. Its application has grown increasingly practical in recent years, and the technologies necessary to encode and entangle photons have improved and become somewhat less costly. But drawbacks remain, Hayford says; single photons tend to lose their coherence beyond a range of 60 to 120 miles, depending on the quality of the fiber network. And while it’s easy to send a photon from point A to point B, it can be relatively difficult to share keys over networks that require many senders and receivers (like a regional bank with 300 branches that all need to share data with each other, for instance.)
For a country as large as the U.S., those limitations present a problem, but that isn’t stopping Battelle and ID Quantique from pressing on. Battelle plans to extend its Ohio network into a ring around Columbus linking the multiple buildings that make up its headquarters. Along with ID Quantique it is developing so-called quantum repeaters that will mitigate the range limitation by periodically receiving and re-transmitting photons as they make their journey across the network, like signal boosters on a standard optical network.
Those quantum repeaters should be ready by 2015, when Battelle plans to link its Ohio HQ to its facilities in Washington, D.C. across a secure quantum network stretching more than 400 miles. That long-distance quantum network will be the first step in making QKD truly feasible across the larger U.S., Hayford says, and could mark the nascent beginnings of a nationwide rollout of truly secure network technology.
“I don’t know that everyone will [adopt QKD], but I do think that companies and organizations that have very high-value data will,” Hayford says. “If it’s short-term data or low-value data, then who cares? But if it’s data that you want to protect for years, this makes a lot sense. I think you’ll see this distributed across the country to protect that high-value, long-duration data. We think this is the future.