Is Quantum Encryption Practical?

5 Minutes

Is quantum encryption practical?

As Introspective Networks has progressed, creating a new way of protecting network data, one technology keeps coming up: Quantum Encryption. It is based on Quantum Key Distribution (QKD) and is another solution to the Key Exchange Problem. Without getting too deep into how this works, suffice to say Photons in a beam of light are set to convey information (encryption keys). If someone tries to interfere with the photon or read its information as it travels through the fiber optic or air, the receiver can detect that the data has been tampered with.

When we first pivoted to focus on our Cybersecurity IP in 2015, we were told Quantum Encryption could be an issue and competing technology. We found, at that time, that there were physical limitations to this technology that made it inappropriate for our modern networks. We recently were delivered the same competing technology message, so we went back to take another look. We found the issues we saw in 2015 had still not been solved. In fact, this technology is decades old and these issues are still not addressed. These issues are glaringly obvious problems: 1) The message the photon carries degrades beyond about 50 miles (the best is about 250 miles at low bandwidth), 2) Any regeneration of the light source will alter the the photon/data leaving it unusable, 3) data rates are slow (kbps range) and 4) any tampering stops the ability to transmit the QKD hence the data stream. It is great to know someone has tampered with or read the QKD but what do you do about? To that, we have yet to find an answer. It seems like Quantum Encryption is very susceptible to a Denial of Service attack by simply reading or disrupting photons on a fiber bundle. Another issue with QKD is it will not go end to end but only point to point. This is seriously problematic in our modern networks that have N to N or many to many connections. In short, this will not work in the TCP/IP networks of today.

This has not stopped the research though. Companies like NTT have been researching this technology for decades with no real breakthroughs that would make this technology universally useful. Recently there have been distance breakthroughs but at the price of much slower throughput. Why, now, do people believe the laws of physics are suddenly going to change? This is why we firmly believe that this technology is only practical for machine to machine security in a ring style network where machines are less than 50 miles apart (a distance where throughput is still somewhat reasonable). This is a very limited case for the world of today. This would only work for a factory, campus or set of buildings in relatively close proximity.

This entire field is based on a false premise: that a key cannot be distributed securely in a conventional network. Professors and academics repeat this without any real understanding of what they are saying. In my university studies, they would always profess this and in each instance, I challenged it – why? It sounded like a flat Earth type theory. It made no sense that we would not find a relatively conventional way to transmit a key from one location to another in a secure manner. Moreover, I firmly believed that we could do this in an N to N or many to many networks.

At Introspective Networks, we have not just challenged this, we have proven it incorrect. Our physics are simpler but the technology utilizes the basics nonetheless hiding data in Time and Space to protect the information and the key from being captured.  When we explain this to cyber experts, the response is universal – “..there is no practical way to defeat that.” Furthermore, our technique removes network attack vectors. This is actually part of the magic. Many of those attack vectors are the things that make the data easy to discover and record. If you need data protection over time, you really have to consider current encryption obsolete. This is because data can be recorded now – very easy to do – and simply decrypted later when significantly more computing power is widely available, likely through Quantum Computers. This is a Quantum technology that does work and appears to be practical.

Finally, Quantum Encryption cannot be embedded in an application. Why is that important? There is a point where the information will be decrypted so it can then be processed by the application. It is at this point in the data transmission, when the data is decrypted and sent to the application for processing, that data can be intercepted. With Introspective’s Streaming Transmission One-time-pad Protocol (STOP), encryption can be embedded in the application removing exposure to any collection of decrypted data. For critical usage like banking transactions, embedding STOP in applications makes sense.

In summary, Quantum Encryption is not practical except for limited cases. It is point to point, distance limited, slow and is susceptible to Denial of Service attacks. Many papers on Quantum Key Distribution start with something like this, “Keys cannot be delivered securely by conventional means and Quantum Key Distribution is the only solution to the key distribution problem.” There are two absolutes in that statement that should make any good, open-minded scientist cringe. When one can get past the dogma, take a look at STOP. It’s not bound by distance, works in the networks we have today, is dynamic and actually can run at real network speed – that’s any speed. Did we also mention it does not incur any noticeable latency over unencrypted data transmission? We offer free trials, so reach out to us if you want to “kick the tires”. If you are worried about network security (and everyone should be), we have your solution.

Trusted partners throughout the industry.