Last October, leaked NSA documents confirmed a massive privacy violation: government spies were tapping into private networks run by Google and Yahoo which were running unencrypted between data centers. Both companies scrambled to protect their private networks, but the deeper problems remained. As long as data center links relied on traditional infrastructure, they'd be vulnerable to NSA intrusion. A truly secure network would have to be rebuilt from the ground up.
More than a year after the reveal, a number of groups seem to be doing just that. The research and development company Battelle is currently building out a nationwide quantum network that would stretch from Boston to Georgia, eventually reaching all the way to California. A similar project is already under way in China, spanning from Shanghai to Beijing. They're the first networks of their kind, using the essential qualities of light to protect messages in transit. But as the quantum-encrypted networks come to life, they're raising real questions about the future of cryptography.
The new networks are designed to solve one of cryptography’s most persistent problems: how to distribute encryption keys. A long enough key can provide mathematically unbreakable encryption (known as a one-time pad), but if the key is ever intercepted, the attacker will be able to access everything. As a result, most modern encryption tools have given up on secure distribution entirely, splitting the key into a public key for encoding and a non-distributed private key for decoding. That allows for easier encryption, but it also limits the length of the key, making the system more vulnerable to brute-force attacks.
Quantum networks take a different approach, using long keys that are distributed across the network as bursts of light. To establish a key, one party generates random signal and the other listens in: whatever comes out of the network is the new encryption key. But what if someone else is listening in? To protect against interception, the network relies on the observer effect — the principle that light can’t be intercepted without altering the signal itself. For cryptography purposes, that means that if you're using the right protocols, you can ensure no one else is on the line before you transmit the key. If everything goes right, it would mean a perfect encryption system, fueled by big, random keys that are impossible to intercept.
Those networks started out as small metropolitan links, including with a DARPA-funded link between Harvard, BBN and Boston University that went live in 2003. But quantum hardware companies like ID Quantique have taken the technology private, and post-Snowden interest in network security means a nationwide hookup may finally be within reach. So far, Battelle has started small, working on an R&D link between the company's offices in Columbus and a data center in nearby Dublin, OH. The company finished the link earlier this year, and is now expanding to reach the rich network of national security firms surrounding Washington, DC.
So far, the project’s most immediate challenge hasn't been the mind-bending physics but the meager state of US fiber networks. The bulk of the network has been built through renting exclusive bandwidth on fiber cables that have already been laid — but every endpoint needs a direct fiber link for the system to work. If there were any gap between the user and the network, an attacker could steal the keys as they travel over the gap. "Even when we get the backbone built out, you still have to get it from the telecom vault to the office," says Don Hayford, a senior research leader at Battelle. "There will be a lot of places as we build out that won't have fiber for the last mile."
That's less of a problem in China, where weaker property rights make it faster and cheaper to lay fiber. As a result, the country's engineers are building out a quantum backbone more than 1200 miles long, to be finished by 2016. That backbone would connect Beijing with Shanghai, with global hookups mapped in the decades to come. The project has been spurred on by rumors of NSA research into a quantum computer, which would allow the agency to break most forms of public-key encryption. But while many quantum computing projects have stalled, China’s network has grown at astonishing speed. "In practical terms, China’s way ahead," says Chip Elliott, a chief scientist at BBN.
The bigger problem, according to Elliott, is the demands of the hardware. Current quantum network technology requires relay points every 60 miles to refresh the signal, giving spies plenty of places to attack. ID Quantique says its devices are tamper-proof, wiping the signal as soon as one of the server blades is removed from its rack, but it remains to be seen how well the system would stand up to a sophisticated attacker like the NSA. "You have to absolutely trust those relays," says Elliott. "If you’re really paranoid, you start to think...how do I know that they’re doing what I think they’re doing?" For any key distribution taking place across more than 60 miles, that answer still has more to do with trust than hard mathematics.
Still, those doubts haven’t slowed down the spread of the networks. For Battelle, the extra level of security is worth paying for, particularly with similar networks already in production overseas. "It's a big effort," Hayford says. "You have to ask yourself why the Chinese want to do this."