British Telecom and Toshiba have launched a trial of what they say is the world's first commercial quantum secured metro network (QSMN) that aims to securely encrypt valuable data and information over standard fibre optic links using quantum key distribution (QKD). The companies will operate the network for an initial period of up to three years.During this part of the trial, BT and Toshiba are augmenting the existing public key-based, cryptography-based solution for distributing keys with a quantum-based one, which is then future-proof against quantum computers, said Andrew Lord, senior manager of optical research at BT. Courtesy of British TelecomAndrew Lord, senior manager of optical research, British TelecomQKD does not transmit data \u2013 it allows the sharing of encryption keys using quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. Quantum computers \u2013 which are so far only in development \u2013 could quickly crack current public-key cryptography, leaving today\u2019s networks incredibly vulnerable to attacks.EY, one of the Big Four global accounting firms, is the network's first customer to connect quantum secure data transmission between two of its London offices, one at Canary Wharf in London's Docklands and the other near London Bridge.BT and Toshiba first pitched their commitment to creating a trial network in October 2021. But in a statement at that time, the companies said: \u201cThe brand-new network will connect sites in London\u2019s Docklands, the City and the M4 corridor, and will provide data services secured using QKD and post-quantum cryptography (PQC).\u201dAlthough PQC is not yet being used, it will be implemented as part of the trial in the next year or so, Lord said.QKD and PQC for the FutureAlexander Ling, director, quantum engineering program at the National University of Singapore, explained how QKD and PQC would work together.One of the major concerns that has developed in recent years is that bad actors are using\u00a0store-now-decrypt-later techniques to collect data in transit and then\u00a0working at leisure to decrypt the data stream, he said.This concern has only\u00a0grown with the advances in quantum computing technology, where it is\u00a0well understood that a sufficiently powerful quantum computer can enable\u00a0rapid decryption of the most commonly used encryption techniques.To defend against this vulnerability, the quantum communications community is proposing that data connections be equipped with quantum-safe technologies, such as QKD and PQC, Ling said. These two approaches are\u00a0complementary \u2013 QKD works on the physical layer, while PQC is\u00a0software-based, he said.Using a blend of these techniques will allow the data\u00a0connections to be stronger than existing protection methods and enable\u00a0networks that are \u201cquantum-safe\u201d \u2013 that is, safe from quantum computer attacks, Ling said.One of the issues, though, is understanding how to build this hybrid\u00a0quantum-safe network that uses both QKD and PQC, according to Ling. QKD is mostly useful only for fixed nodes, while PQC can be used for mobile devices. The\u00a0drawback is that PQC cannot provide the long-term guarantees of QKD.\u201cSo,\u00a0an open question is how to build this hybrid network,\u201d he said. \u201cTherefore,\u00a0commercial pilots, such as the one in the UK, are important steps forward.\u201dQKD LimitationsImperfect implementations of QKD could compromise security, Ling said."This can be a problem," he said. "But it is important to\u00a0understand the nature of the problem. It is not a software-type problem,\u00a0which allows the usual software hacking cases that we usually hear\u00a0about. Instead, the attacker requires the ability to access physical\u00a0infrastructure, to physically probe the QKD appliances. This barrier to\u00a0entry dramatically reduces the attack surface on the technology."Lord agreed that QKD had to be implemented in a secure way.Quantum technology has been \u201cprovably secure,\u201d Lord said. And while the information is theoretically secure in principle, it has to be implemented securely at every step of the way.\u201cWe need to make sure that the implementation (that in our case Toshiba has designed, in conjunction with ourselves in terms of the integration of that with the wider network), that all of those bits are secure as well because a secure network is only as good as its weakest parts," Lord said. "A lot of the behind-the-scenes work that we're doing with Toshiba and internally with the BT security teams is making sure that all those end bits are just as secure as the bit in the middle."Research and development into QKD continues to be an\u00a0active area and will only grow in tandem with increasing\u00a0adoption by the commercial sector, according to Ling.However, one of the main limitations to widespread adoption of QKD is distance \u2013 QKD has some limits on its transmission due to the physics involved, said Mark Carney, a security researcher focused on quantum studies. Some systems have a maximum distance of 14 kilometres for their key exchanges, while some Chinese teams have demonstrated more than 800 kilometers.\u201cTo overcome this, you can use repeaters, but there is a big issue around how to trust these intermediary devices,\u201d he said. \u201cHow do you maintain that these have not been compromised? That's a major additional problem.\u201dMan-in-the-middle attacksBut the use of those repeaters could lead to man-in-the-middle (MITM) attacks, according to Mark Horvath, senior research director at Gartner Inc.\u201cIn regular optical networks, to get it to go any distance you have to boost the signal, you have to add energy into the line and that helps you cover a lot of distance,\u201d he said. But that doesn't work for quantum key distribution. Courtesy of Gartner Inc.Mark Horvath, senior researcher at Gartner Inc."You only go so far, maybe 60 kilometres, on a good day maybe a 100 kilometres, and the signal fades,\u201d Horvath said. \u201cYou can't boost it because boosting it is the same thing as touching it, and if you touch it, it breaks while it's in that channel.\u201dThe answer for companies is to enhance the distance of the transmissions with repeaters.\u201cTo do this over a 1,000 kilometres, for every 100 kilometres, you basically have to read the data and then upload it to the next segment and you move it down the network that way,\u201d Horvath said. \u201cBut anytime you do that, that spot right there where you download and upload is susceptible to a man-in-the middle-attack, just like everything else in the universe.\u201dHowever, researchers are working on this, especially through projects such as the European Quantum Internet project, Carney said. The project aims to build an EU-wide quantum network where ideas can be developed for improving range, managing interference (both natural and malicious), as well as needing to address ideas of quantum trust.In a white paper published in March 2020, the National Cyber Security Centre said it didn't endorse the use of QKD, saying in part that it was susceptible to MITM attacks because QKD did not have adequate authentication protocols in place.Lord, however, said that BT and Toshiba\u2019s network is protected from MITM attacks through quantum-safe classical cryptography authentication.\u201cThe way we are authenticating our endpoints, our boxes, we're still using classical techniques,\u201d he said. \u201cYou can use post-quantum algorithms to improve the authentication, and that's what we're doing. We're not using quantum to authenticate. That's not something that exists yet, although that's coming later. All we're claiming is that once we have an authenticated network, that we're then using quantum key distribution to generate large numbers of secure keys.\u201dIn the trial phase, the companies are expecting to learn what customers will do with the technology, not whether the technology works.\u201cWe already know that [the technology] works. This is not a physics trial. We've done that before,\u201d Lord said. \u201cThe point of this is to go much further. It's one thing to say, 'Yeah, we've got quantum-secured links,' but how does that turn into something that can be productized, sold, and consumed by customers?\u201dFirst Commercial Customer: EYEY, which is working with BT and Toshiba, said quantum computing is a fundamentally different way of computing with many transformational applications, including the potential to disrupt the current standard means of securing data and communications.Even if it takes longer than anticipated for the technology to reach maturity, the risk to the security of data and communications from \u201charvest-now decrypt-later\u201d attacks means that organisations can\u2019t afford to wait and see what might happen \u2013 they really need to act now, according to email responses from the EY team provided by spokesman Adam Holden.\u201cThis is one of the principal reasons we are working with BT and Toshiba on the quantum-secure metro network, which uses quantum key distribution to protect data in transit,\u201d EY said.The security of clients data is a strategic priority for EY and the business case for participation in the QSMN was strengthened by the significant support and partnership provided by BT.It also helps that the trial is using a standalone network and leverages mainly existing infrastructure, with the QKD units housed in standard server rooms and information sent using primarily existing commercial network infrastructure.\u201cWe believe that now is the time to be engaging with and understanding quantum technologies,\u201d the EY team said.Transformational opportunitiesOutside of security, for example, EY said that quantum presents an opportunity for enterprises to reimagine their business models and the technology has shown potential to transform the approach to solving some of the world\u2019s most complex challenges, such as:Developing new battery materials.Finding new treatments for disease.Planning and optimising energy grids and delivery routes.Across broad fields such as artificial intelligence, digital twins, and communications security.\u201cWe are looking at a broad set of quantum use cases, including security, and starting experiments to test the opportunities and challenges posed by quantum technology,\u201d according to EY.While no employee or client data will run through the network at this stage, EY said that the sorts of data it may transmit using the quantum network in the future could include:Confidential mergers and acquisition calls and data.Provisioning virtual data rooms.Transactions data.Intellectual property.EY said that it is aware of the potential limitations of both QKD and other approaches to protecting data.\u201cFor EY, the network runs on a fully physically and logically separate link using only test data,\u201d EY said.Even with test data, this is encryptable at a binary level using existing cryptographic schemes, such as the Advance Encryption Standard, EY noted. But it also gives EY and its clients the opportunity to explore future post-quantum cryptography solutions and take advantage of upcoming guidance from bodies such as the National Institute of Standards and Technology in the U.S.\u201cCybersecurity threats continue to evolve at pace and this trial is just one of a number of investments we have planned over the coming months and years to help our clients secure their data and their future in the quantum age,\u201d EY said.