Encryption has been a wonderful thing, but today's encryption methods are rapidly nearing their expiration dates. Quantum computers, which are just starting to hit the market, promise to make existing encryption obsolete.
And a lot of work is underway today to create new, quantum-resistant encryption algorithms, John Prisco, president and CEO at Quantum Xchange, a Bethesda, Maryland-based quantum communication technology company.
Several candidates are currently being reviewed by the National Institute of Standards and Technology as possible standards, and according to him, it will take three to five years to sort out which ones are the most resistant to quantum computing.
But whatever researchers come up will not be exactly “quantum-proof,” he pointed out. "It would be better than our current keys, but there are no quantum-proof algorithms.”
The second approach, which can be used in conjunction with the new so-called quantum-resistant algorithms, is a technology called quantum key distribution.
No encryption in the world is going to help you if attackers get their hands on your encryption keys. With quantum communications, the key is sent, one bit at a time, one photon at a time, using special hardware that can detect instantly if the photon has been messed with.
If there's someone listening in to the transmission, the photon will change polarization or will be knocked off-course.
"It keeps people from eavesdropping on the pipe," Prisco said.
The China Challenge
The average hacker might not be able to get their hands on an encryption-breaking quantum computer – but state-sponsored actors could.
China in particular has been investing heavily in quantum computing and both satellite- and land-based quantum communication networks.
"The US needs to play catch-up," Prisco said.
This is now happening. In December, US Congress passed and President Donald Trump signed the National Quantum Initiative Act, which includes $1.2 billion for quantum research. Prisco said the new law was " a step in the right direction."
Another step is his company's recent deployment of the country's first commercial key distribution network. It connects companies on Wall Street with their data centers in New Jersey and will be the first leg of a planned nationwide quantum key distribution network. Quantum Xchange has partnered with a communications infrastructure provider to deploy the same technology along a 500-mile corridor stretching from Washington, D.C., to Boston.
About a dozen companies already have pilot projects in place to use the technology, Prisco said. "We expect to have them turned on as customers in the first quarter" of this year.
They're primarily using it to protect sensitive information like customer records. Most are in the financial services, but there are also some health care organizations protecting sensitive patient records.
Commercial quantum communication networks are popping up elsewhere around the world.
In the UK, KETS Quantum Security is already delivering secure quantum key distribution to the defense industry and telecommunications companies. The company announced a $2.5 million (£2 million) round of investment in December, which it said will help accelerate its pilot projects.
"This new suite of secure communications systems has proven robust against both conventional and quantum threats, and the KETS team aims to use these systems to boost security in defense, telecoms, and critical infrastructure, with end-users in finance, governments, and data centers," Caroline Clark, the company's director of operations, said in a statement.
And in June, Spanish telecommunications giant Telefónica announced the results of a field trial that uses quantum encryption to protect one of its commercial optical networks.
In China, a 1,200-mile network went live last year, connecting Beijing and Shanghai. Another 378 miles were later added to connecft the provincial capitals Hefei and Wuhan. The ground-based network also connects to a quantum communications satellite that was launched in 2016.
Opportunities for Colocation Providers
Installing quantum key infrastructure is not substantially different or more time consuming than installing other types of network connectivity in data centers, and quantum key encryption providers are a new potential type of customer for colocation data center companies.
Quantum Xchange, which makes quantum key encryption devices, is not a data center operator or a telecom. It rents data center space and bandwidth from Boulder, Colorado-based Zayo Group Holdings. Zayo is one of the largest providers of metro dark fiber in the world, with 51 data centers and 12 million miles of fiber.
It took about the same amount of time to bring Quantum Xchange on board as it takes for other types of networking customers, Derek Gillespie, Zayo's senior VP and global head of sales for financial and professional services, said.
If Zayo's other customers want the added layer of security that comes with quantum key encryption, Zayo can help make that happen as well – up to building new connections to cities that aren't currently part of the Quantum Xchange network.
For example, there's currently no quantum key route between Chicago and New York. "If you're a customer who wants that, we'd work with Quantum Xchange to add that route," Gillespie said.
Quantum key encryption is also a new service data center providers could offer to their customers through partners like Quantum Xchange.
Quantum key distribution isn't a cure-all solution for cybersecurity woes.
First, the distance over which the keys can be sent using quantum communication technology is limited. The keys start breaking down after traveling for more than a hundred miles, and it takes longer and longer to send each key. Researchers are working to extend those limits – last year they pushed them to about 250 miles.
Quantum Xchange sends keys in hops of about 60 miles each, Prisco said.
To solve this problem, quantum key distribution networks are set up with nodes at which the keys are received, repackaged, and sent out again.
"In that way, we're able to send it over basically an unlimited distance," he said.
Another problem is that quantum key distribution goes from one sender to one recipient. If you want multiple senders and multiple recipients, each will need to set up its own quantum key pipe. That's a lot of pipes. Kind of like in the old days of telephone communications, where operators would physically connect one line with another.
Modern communication networks solve this problem by using nodes that redirect messages. Using nodes solves both the multiple-recipient problems and the distance problem, and Quantum Exchange’s network borrows this approach. Customers buy special quantum transmitters and receivers – about $100,000 a pop – which connect them to the nearest node of its network.
The prices are in line with high-speed fiber optical communications equipment, Prisco said, adding that the costs are likely to drop as the technology improves and more companies hit the market.
Still, the costs will remain a barrier to more widespread use, Dmitry Sklyarov, head of reverse engineering at Positive Technologies, said.
"Such networks are likely to be in demand for government communications and military forces," he said. "They most likely will not work for end users or corporations with thousands and thousands of users – at least not in the foreseeable future."
In addition, each node is also a potential point of weakness, security experts say.
Even today, messages are rarely compromised in transit, while encrypted – they're snagged in the beginning, at the end of the transmission, or at a midpoint, via a “man-in-the-middle” attack.
"Compromising either end of a conversation has long been a far easier approach to eavesdropping," Ryan Permeh, chief scientist and co-founder at Cylance, a security firm based in Irvine, California, said.
The hardware itself may also be compromised, he added. For example, much of the underlying technology is made by Chinese companies, such as Huawei, which US officials have accused of helping the government penetrate foreign customers’ networks.
"There is little to no certainty that the hardware that controls the encryption is safe," he said.
Permeh said that he's skeptical of the encryption market in general.
"Encryption strength was basically never the weak part of a cryptographic system," he said. "Key management, storage, and distribution are all fundamentally broken at scale. This is why we don't have end-to-end encryption as a general rule."