Quantum Cryptography to the Rescue

Cryptographic systems can be cracked. And people make mistakes. Take those two factors out of the equation, and you have quantum cryptography and a new way to protect your data.

It's important to realize that the MagiQ system is not a pure solution: The keys generated using the quantum physics are used, in turn, to drive a conventional encryption system based on the advanced encryption standard (AES). But many mathematicians feel more comfortable with the security that's provided by AES, which is a symmetric cipher, than by the security that's offered by public-key algorithms like RSA. Besides, conventional VPN systems use AES as well. The real beauty of the MagiQ system is that you don't need RSA.

The problem with RSA is that these systems typically need some kind of public-key infrastructure (PKI) for key management, and doing key management in a secure manner is really difficult. In order to be secure, the private keys in a PKI must be kept secret. But that's tricky, because keys also need to be used frequently. For example, Web servers typically keep their private keys in a file; if somebody breaks into the Web server and steals that file, then all of the encrypted information that the Web server sent over the Internet can now be decrypted. If an attacker manages to steal the key from your organization's certificate server, he can now impersonate anyone within your entire organization.

QKD eliminates these vulnerabilities by eliminating the long-lived private keys. Here's how it works. In the MagiQ system, Alice and Bob are actually a pair of 40-pound "4u" boxes that fit in standard 19-inch racks connected by a strand of single-mode "dark fiber." Alice encodes each photon with a 1 or a 0 and sends them, one at a time, over the fiber to Bob. At the other end of the fiber, Bob is waiting with a special optical package that can detect a single photon and read back the bit. Most of the time, Bob is unable to make out the message that Alice has sent, but on perhaps one out of every 1,000 photons, Bob figures it out. Over another wavelength, Bob tells Alice which photons he got, and then the two systems use the 1s and 0s that were encoded on those photons as their cryptographic key.

The security of this system comes from the Heisenberg Uncertainty Principle, which says it is impossible to measure fundamental properties of single particles without affecting those particles at the same time. Because each bit is sent on a single photon, if someone is sniffing the network to intercept those photons, the photons will be changed in the processand Bob won't get the message that Alice was trying to send.