Quantum Physics Protects Data From Cyberattack Over Standard Telecom Networks

Quantum Xchange, a company that uses a technique based on quantum physics to help encrypt information, says it has made a breakthrough that will make it easier for governments and businesses to use the technology to keep hackers from stealing vital secrets.

In the past, the technology the company sells, called quantum key distribution (QKD), could only be used in a fiber optic cable between two endpoints over a short distance—at most 60 miles.

But Quantum Xchange says the new method it has developed can protect data being transmitted to multiple endpoints, over any distance and across standard telecom networks.

“Keys can now be transmitted over unlimited distance,” John Prisco, Quantum Xchange’s CEO, says in an exclusive interview with Fortune.

The demand for more secure methods of transmitting encryption keys has been sparked by events, such as the Edward Snowden leaks and, more recently, U.S. concerns about Chinese interest in tampering with telecommunications hardware, that have raised public awareness of nation states’ abilities to tap fiber optic networks and suck in vast amounts of data.

Much of this data is encrypted. But if the encryption keys are stolen, the information can be decoded. What’s more, the looming prospect of quantum computers that may soon be powerful enough to crack most common forms of encryption has governments and companies scrambling to find better ways to secure the vital encryption keys.

QKD takes advantage of quantum mechanics, specifically the idea that light, which we mostly think about as being a wave, can also behave as a particle. It transmits an encryption key between two end-points using very weak pulses of light—close to a single photon being transmitted at a time. The small number of photons means an attacker cannot intercept the key without altering how it is received at the endpoint, immediately alerting a user that the key has been compromised.

But, because fiber optic cable itself absorbs some photons, the weak signal limits how far a QKD transmission can travel over a normal line. And while researchers keep stretching that limit, it remains too short to move a key securely from, say, Los Angeles to San Diego. (The same limitations don’t apply to QKD transmissions through the air and the technique has been used to transmit signals between satellites and the Earth.)

Quantum Xchange, a startup based in Bethesda, MD., operates a dedicated QKD transmission line between lower Manhattan and data centers in New Jersey where many big banks and Wall Street firms conduct back office operations and trading. Prisco says many Wall Street banks and hedge funds are already using this cable to transmit encryption keys and other vital data, such as trading algorithms, but he says he does not have permission to name these customers publicly.

The company also has plans to create a much longer QKD network carrying signals between New York and Washington, D.C., by using what are called “trusted nodes,” positioned every 60 miles or so, to boost the signal. But these nodes must be protected from physical tampering or computer hacking, making securing a longer transmission network more difficult and costly. And, even with trusted nodes, this kind of QKD cable only works for point-to-point transmissions, not transmissions that need to be distributed to multiple endpoints.

Quantum Xchange, which has received $10 million in venture capital funding to date, says it has cracked the problem by duplicating in software what has previously only been possible using dedicated hardware. A quantum key is still generated using a specialized quantum encryptor, such as those produced by Swiss company ID Quantique.

This quantum key is then used to seed the generation of another encryption key using conventional telecom equipment. Finally, this new key is transmitted between endpoints using a network pathway that is completely separate from the pathway used to transmit the actual encoded information.

“This creates triple the work for any hacker,” Prisco says. An attacker, he says, would have to identify and tap both the data transmission pathway and the key transmission pathway and figure out how to synchronize the timing of both transmissions in order to decode the data.

Not everyone is sold on the idea that QKD adds much to cybersecurity. The U.K. government’s signals intelligence branch, GCHQ, said in 2016 assessment that “QKD technology cannot replace the flexible authentication mechanisms provided by contemporary public key signatures.” It also said the technology only addressed the problem of securing data in transit, and did nothing to safeguard data when it was at rest, being stored on end devices or in the cloud. It noted that hybrid QKD solutions, such as the one from Quantum Xchange is now proposing, that incorporate conventional telecommunications equipment, were vulnerable if those conventional components were tampered with or hacked.

A hybrid system “introduces an array of new concerns about the security properties of the ancillary network devices,” the report said.

Security expert Bruce Schneier was even more blunt in his assessment. “It’s a clever idea, but basically useless in practice,” he said of QKD in a blog post in response to the GCHQ report.

That hasn’t stopped a host of companies, both big and small, from working on the technology. British telecom giant BT is working on QKD with a view to adding it to its network infrastructure in the near future. Fujitsu and Japanese telecom NEC have also been working to extend the distance QKD signals can travel. British startup KETS has been working on using QKD to transmit signals from the ground to a drone.

Prisco says his company’s new multi-point Phio TX system is currently being used by a large telecommunications company, which he declined to name, citing non-disclosure agreements, in 5G network installations.

He also says that Quantum Xchange has been working with major telecommunication equipment manufacturers, such as Ciena, Gemalto and Thales to ensure their standard encryption hardware will accept a quantum key.

This story has been updated to correct the spelling of ID Quantique.