David C. Walsh -- Warrior Maven Expert Cyber Writer
Last July and August witnessed more developments bearing on the uncertain state of cyber readiness, including where the spooky arts of quantum computing and encryption (Quantum Cryptography/Quantum Key Distribution, or QC/QKD) intersect.
The most significant may be the Peoples’ Republic of China (PRC) dramatically upping the QC/QKD ante, teleporting a photon from the ground to a satellite some 300 miles from Earth. There, the sub-atomic particle was quantum mechanically “entangled” with others - theoretically enabling unbreakable communications.
The claimed world record puts China well ahead in the distance-benchmark stakes. (The previous, terrestrial record, using relay nodes and fiber-optic cable, was about 100 miles.)
While not unexpected here, the accomplishment seems bound to quicken activities in a field often dismissed as needless, impractical, too costly, and too slow to mature. For it occurred as chinks in the nation’s digital armor keep appearing -- or widening.
Entities tasked with finding the chinks and laboring to “repair or replace” are many, including a couple of standouts: the U.S. Los Alamos National Lab (LANL) and DOD/Army cyber components.
LANL is a lightning rod for all things quantum. In 2013, it demonstrated for the first time QC/QKDs ability to safeguard vital “smart” electricity grid control data. Speeds were blistering—just 120 microseconds for information to traverse about 15 miles of optical fiber linking send-receive nodes.
The data were secured via a pocket-sized transmitter. Interfacing with “a trusted authority,” the “QKarD” or Quantum Card Distributor generated random cryptographic keys for the encoding and decoding.
The device, lab developers asserted, could be a “super-secure” alternative to flawed tools that led to crippling data breaches. (Los Alamos went on to patent the “quantum random number generator” [QRNG] tool, now licensing it for manufacture and commercial sale.)
A senior lab scientist, Jane Nordholt acknowledged criticisms that despite photons’ appeal as an encryption modality, they typically weaken at distances over about 125 miles through fiber or air, requiring intermediate stations to “hopscotch” signals via repeater nodes.
“Sending a quantum key between Los Alamos and Washington, D.C., we'd need a lot [of relays],” she told this reporter. “And each photon in each relay is a vulnerability gateway; security would be very expensive and technically challenging.”
So, Nordholt and colleagues worked with future weapons agency DARPA on “long-haul” transmission over greater distances.
By 2015 the physicists’ strides were lengthening. Los Alamos bought D-Wave Systems Inc.’s brand-new 2X quantum research system -- the first to a U.S. national agency. The machine boasts a 2000-quantum bit (aka “qubit”) processing capacity, phenomenally more capable than the usual “bits” of classical, computational cryptography.
In July, 2017 Dr. Ray Newell explained, “The majority of our DOE-funded research since 2013 has focused on developing a system which will bring [additional] quantum-enabled security benefits to the national electric grid”-- notably its critical transmission and distribution system.
The task of cyber-safeguarding the gigantic, nation-spanning network with its countless interconnections, he told Defense Systems, is “difficult … but very important” – particularly now. The grid on which the American military and civil sectors are heavily reliant is dangerously vulnerable. The Defense Science Board has bluntly termed it “fragile.”
Prospects for cyber and even physical assaults on installations loom large. Worse, such attack vectors as electro-magnetic pulse (EMP) and particle- beam weapons now are part of cyber defenders’ portfolios.
DARPA, with historically close ties to the Los Alamos lab, in late August acknowledged the multiplying threat environments. It requested “revolutionary” proposals for early-warning solutions to “persistent cyber attack” and its effects. Some likely involve quantum technologies.
Newell pointed out that the “very valuable” D-Wave apparatus enables the lab’s quantum security efforts, and has aided stakeholders in related quantum science fields of communications, computing and information processing.
Multiple lessons are being learned, and some important ones shared with DOD. “We ... certainly have many [Pentagon] colleagues and interests in common,” said Newell. As well, LANL works to educate potential DOD customers “about what this work is and its [possible relevance] to their needs.”
Of China’s leap-ahead in July, Newell remarked that while the United States has held the global academic research leadership role in photon-teleportation, the Chinese government is “the first … to fund the construction of a [quantum] satellite and a national infrastructure that employs that work [as such.]”
The U.S. could do likewise, he contends, since the science and engineering community are “certainly” capable of it. Instead, over the past decade scientists stateside watched the Chinese effort grow and progress, leading up to this Summer’s “noteworthy achievement.”
The experiment involved generating “entangled” pairs of photons aboard the satellite nick-named Micius, which sent one pair to a ground telescope, the other to an identical but distant ground telescope.
“And due to the quantum properties of this entanglement,” Newell explained, “this entangled state shared between the two photons, those two ground stations shared the property of being connected quantum mechanically. The photon entanglement increases the bandwidth of the [encryption] channel users have created.”
Micius’ all-quantum payload comprised a key communicator, an entangled transmitter, an entangled photon source and control processor.
Newell said China, Japan and other nations are planning to leverage this success by using “many, many of entangled photons.”
Photons, he said, were the preferred medium for much quantum development including aspects of cryptology and communications. “It’s just light, and light goes really far and really fast and photons are cheap.” Moreover, he added, “To transmit a quantum state from one place to another it’s important that it not be disturbed by other things in the world.”
It’s very hard, conversely, to send a single electron across a room “and not have it collide or interact with an atom – because electrons are electronically charged.”
Although he would not address military deployment of QC/QKD, Newell touched on security gains via the Lab’s QRNG tool. In information security and information technology security, he stressed, there are many examples of “adversaries attacking [and] exploiting weak random number generators.” This tactic allows access to “additional information on what the secrets are; what the keys are.”
Attackers in this case, he continued, “cannot break encryption -- but if you can show up with the key you can just plain old decrypt; and that’s been done.”
Such generators are “a tremendous weakness which has gone largely unaddressed in the literature.” LANL’s, as “the only truly unpredictable q-number generator,” basically solves that vulnerability and is “a very effective countermeasure against that kind of an attack.”
As to conventional non-quantum cryptography, sometimes called PKI for “Public Key Infrastructure” encryption (1s and 0s-based key-exchange algorithms), Newell acknowledges their utility. But he takes issue with go-slow-with-quantum advocates who assert traditional protocols are safe enough, outweighing quantum’s strengths.
One is Bruce Schneier, “Applied Cryptography” author and indefatigable blogger. He sees QC/QKD as too expensive, impractical and needless. Newell counters that while expensive, “quantum” is sometimes worth spending the money on; and other times quite practical. It’s all “use-case dependent. “
At the same time he noted the technological “sea-change” inherent in moving to QC/QKD, and the related reticence to embrace the technology as an important piece of future full-bore quantum computing. An overarching worry is that quantum computers “of sufficient size and power capability” will eclipse and render obsolete extant cryptosystems.
He observed, in fact, the uncertainties surrounding “different estimates of how long that will take.” Preparations are ongoing everywhere for “post-quantum” and “quantum-resistant” cryptography.
Master Sergeant Jeffrey Morris is an Army Senior Cyber Operations NCO, former Sergeant Major at West Point’s famed Army Cyber Institute, and plays a key role at Fort Gordon, GA’s Cyber Center of Excellence.
He said the QKD piece is especially important, because “Creating a secret key in the presence of eavesdroppers makes … [quantum] key distribution much easier and allows encryption systems to change keys every hour – or [even faster.]
“If the key to an encryption system takes one-to-five million years of computing time to break, changing the key every two minutes would create an impossible situation for an intruder.”
Another advantage is QKD systems’ plug and play nature, their meshability with military and contractor systems -- including fiber-optic telecomm systems. Although, Morris pointed out, that could mean shortened send-receive distances. He related they generally work better on “dark” fiber - a line where only the quantum signal is sent.
While QKD is not universally applicable, Morris stated that it’s being employed to secure critical connections; for example, communications satellite links, and command and control ties “between important installations such as the Pentagon and the White House.”
As to the q-number generators that enable quantum security and key distribution, the Army cyber specialist thinks it likely they’re being integrated into DOD systems.
Outside the U.S., The Swiss and Chinese private banking and government election systems have been using QKD systems for several years.
Implemented correctly, Morris said, “QKD systems are information-secure, meaning they can generate a provably secret key. The issue comes in building the system so hackers can’t attack (its other components): the hardware, the classical communication equipment, the encryption system being used.”
Unbreakable keys and proper implementation makes attacking the system supremely difficult. “Any threat would have to find a side-channel to get in, as the traditional effort to decrypt intercepted communications would be useless,” according to Morris. In theoretical QKD, this would be impossible, and current QKD systems make it very hard.”
QKD, he cautioned, is about “generating secret keys, not about encrypting the data.”
“As the operable distance for QKD links increases,” he has written, “many more communication circuits could be secured by such systems. The unconditionally secure nature of QKD-generated key material makes it attractive for high security requirements often found in the military domain.”
While such deployment hasn’t been attained, the speeds and other qualities of quantum science are mind-bogglingly impressive. In his “Implications of Quantum Information Processing On Military Operations (West Point, 2015) Morris compared classical to quantum computer capabilities. In one example, factoring 193 digits using a 2.2Ghz machine takes 30 years of computing time; for the same task with an equivalent quantum computer using the same processor it is 0.1 second.
For now, Morris believes Quantum Information Science, specifically quantum computing, may aid Army operations in two areas. One is “massive parallel processing” (quantum mechanics lets a single quantum computer do the work of dozens or even hundreds of classical computers). The other area is secure key distribution.
By itself, he concludes, quantum computers’ ability to search giant data lists “may allow any system using databases or data storage (the cloud, etc.) to decrease response time and efficiently evaluate greater amounts of data.”
Certainly, the prospective ability of quantum computing to break widely-used, present encryption systems in near real-time is alluring to an extreme.
But, Morris emphasized, the implications are immensely challenging. The wholesale game-changing would force allies and enemies alike to “invest in … quantum computing-resistant encryption protocols.” LANL’s Newell agrees.
This may require “fielding a new generation of cryptographic hardware and systems throughout the Army” and beyond.
Certainly, moving to a new cyber paradigm is fraught with untold obstacles technical, fiscal, logistic and institutional. Attaining broad-based QC/QKD deployment may or may not require a “quantum leap.” But the technology is, insists cyber expert Kevin Manson, former U.S. Secret Service and homeland security department official, “here to stay. Widespread usage is only a matter of time.”
David C. Walsh -- Warrior Maven Expert Cyber Writer