Did government scientists really create a secret quantum internet?

No, not really. But for two years, researchers at Los Alamos National Labs have been working on something they call network-centric quantum communications — and this could usher in the next generation of hyper-secure, scalable, and affordable quantum cryptographic techniques. We spoke to the lead researcher to find out more.

Earlier this week, MIT’s Technology Review published an article claiming that a “government lab” has been secretly operating a “quantum internet” for over two years. Several other outlets ran with the story, including Popular Science and Wired.

But this idea, that a government-sponsored lab was secretly hacking away at the the Holy Grail of internet security, seemed too good to be true. So we contacted the lead researcher, Richard Hughes, to learn more about the project.

'Not a phrase we used’

“The MIT article doesn’t accurately characterize what we’ve been doing,” he told io9. “We are not part of the Internet, and that phrase — a quantum internet — is not something we used in our paper."

Rather, Hughes’s team created a network test bed for doing quantum cryptography over an optical fiber network. They’ve been running it to test their protocols and its performance, with the hope of using it to protect critical infrastructure, such as the electrical grid.

“Really, there’s nothing unusual about what’s been going on here for the past two-plus years,” says Hughes. “It’s just that we don’t tend to write papers until we have something interesting to report.”

As for the accusations of secrecy, the Los Alamos National Labs team was delayed in making their work public because they were filing for multiple patent applications on the technology — of which there were 27 U.S. and foreign patents to secure.

Quantum crypto

So, while it may not be a true quantum internet, it’s a system that comes pretty damned close.

And indeed, UC Berkeley security expert Galina A. Schwartz told me that, while it’s not a true quantum internet, it's a breakthrough that shows we’re well on our way to getting there. “It is exciting,” she told io9, “and it is coming in the future, but not exactly tomorrow.” These devices, she says, are still some way from commercial reality.

By strict definition, a true quantum internet would allow for perfectly secure communications from any point in the network to another. Quantum cryptography would, in theory, make the network secure from wiretaps, eavesdropping, hacking — anything. So long as the one-time pad is kept a secret — a randomly generated and lengthy key that can only be used once — point-to-point communication is impenetrable. Once refined, cryptography of this strength could be used to secure critical infrastructure and protect the electric grid from malicious attacks.

One-time-pads are generated by a process called quantum key distribution (QKD), and it relies on the spooky power of the Heisenberg Uncertainty Principle to produce shared keys that are only known to two parties, and which are subsequently used to securely exchange messages.

And indeed, it’s this point-to-point limitation that has led some skeptics to believe that a quantum internet is impossible. Others contend that the intense costs and logistical requirements of having to overhaul the world’s IT infrastructure make it a non-starter.

But this is where Hughes and his team got clever. Knowing that a peer-to-peer quantum internet is impossible (at least by today’s level of comprehension), the Los Alamos lab created a quantum hub-and-spoke digital communications network. What’s more, the architecture is potentially Internet compatible; it runs off standard fiber optic cables that connect to off-the-shelf PCs running the Windows operating system.

“We see this attribute as a major innovation over what’s been done before in quantum cryptography networks — and it’s designed from the ground up to be something that’s reasonably evolved over top of what’s already deployed out there,” says Hughes. “We are consistent with conventional optical fiber network architectures and conventional cryptographic trust architectures.”

Network-centric quantum communications

The system is a bit clunky, and not peer-to-peer, but it exhibits some fascinating characteristics.

To make it work, the network has a core server computer at the center of it. Then, like the spokes jutting out from the center of a wheel, optical fibers are connected to node computers. These nodes are not connected to each other — but all they share the same hub at the center.

For communication to happen, each client node is equipped with a quantum smart card, or QKarD, that’s the size of a door key. The central hub has optical fiber connected into it, along with a small solid-state single photon detector that needs to be cooled below room temperature.

The QKarD allow the nodes to write quantum bits, but they can only read conventional bits. Only the hub is able to both read and write quantum bits. Data travels from each node to the hub along a secure one-time pad enabled connection. So, if node A wants to communicate with node B, node A sends a message to the central hub, which in turn routes the data to node B using secure classical connection enabled by a different one-time pad.

And yes, you guessed correctly: If the security of the hub is compromised, the entire thing falls apart.

“The way the testbed works today is that we have three client devices talking over optical fiber to a server node,” says Hughes.

By concentrating the more expensive and more technologically demanding components in the central server, the team was able to amortize that cost and complexity over all the nodes in the network. Other approaches, on the other hand, require detectors at every node, which is expensive and hard to deploy.

“This is something that’s far beyond what’s been done in the past with quantum cryptography,” Hughes told us. “But what we have is an experimental testbed — one that isn’t in any sense operational.” Last December, the team also demonstrated technology that can secure the control data and commands of the electrical grid against a potential attacker — but again, not in an operational environment.

’Quantum cryptography is bunk’

But not everyone is convinced that quantum cryptography represents the future of internet security — at least not immediately.

“Cyber-physical systems operating large scale critical infrastructures such as the electric grid are comprised of products from dozens — even hundreds — of manufacturers,” Schwartz told us. “Will they suddenly switch from non-quantum crypto-solutions to employing quantum cryptography in their products — especially given that malicious intruders focus on attacking the ‘weakest links’ of CPSs?”

In fact, existing security solutions based on conventional cryptography are not at all the ‘weakest link’ of CPS security.

“Manufacturers would rather invest in improving security of the weakest links of their products,” she says. “Many products are known to be notoriously insecure, but still remain in use: proprietary protocols still prevail in electric grid, despite the fact that they are more prone to design failures than public protocols.”

And as Schwartz reminded us, no system with human participants is ‘truly’ secure: “Social engineering will exist 'till humans are extinct.”

We also reached out to Ross Anderson, a professor at the University of Cambridge's Computer Laboratory, and author of the paper, “Why quantum computing is hard — and quantum cryptography is not provably secure.”

After we brought Hughes’s paper to his attention, he responded in an email:

The problem with protecting critical infrastructure isn't that crypto is hard. Crypto is easy; we have protocols like TLS, IPSEC, SSH and Kerberos that are available on pretty well all modern machines. The problem is that a typical power network has a huge diversity of equipment, much of it dating back decades, and it's prohibitively expensive to replace it all with new stuff. As a result, the only feasible way to protect the typical utility is reparameterization; ensuring that the control networks are separated from the Internet using robust firewalls. Cryptography is not the appropriate technology in most cases and even where it is we have cheap simple stuff that works. The authors' hope to sell expensive, flaky quantum crypto into critical infrastructure markets is bizarre. The words "snowflake" and "hell" spring to mind.

In a follow-up email, Anderson put it more succinctly: “No such thing. Quantum crypto is bunk.”

I let Hughes read Anderson’s email, and we talked about it.

“Yeah, I don’t agree with that — and I guess our Department of Energy sponsors don’t agree with that, either, seeing as they’re funding us to do this stuff,” he quipped. “Look, it’s certainly true that there’s a huge installed base of devices out there controlling the grid. And often these things are installed and expected to operate for 20 to 30 years. But they’ve been installed without security on them, so you have an issue of wanting to put in a retrofit to secure it.”

But it’s not true, argues Hughes, that the current state of cryptography can potentially meet the given requirements, many of which have been analyzed by multiple research groups from around the world.

“You just cannot meet the demands for the low latency that’s necessary to control theses things,” he says, “This is why the DOE is interested in funding us, because we can both meet the security and the latency requirements.”

Furthermore, he says, quantum cryptography has an attribute known as forward security — where, if a design weakness is found in the future, and in contrast to present day cryptography, it prevents anything previously done with the hardware from being retroactively vulnerable.

“And that’s absolutely not true with current day public key cryptography,” Hughes told us.

And as for the notion that this is always going to be expensive, and that these initiatives will require a revolution in the existing communications structure, Hughes says that’s just not correct.

“By harnessing these manufacturing techniques that are now being used in integrated photonics, we can get the cost of these transmitter devices down to the couple-of-hundred-dollar range by producing them in large quantities, thus making it reasonable in terms of affordability and deployability. And we can be applied as a retrofit on top of the existing fiber infrastructure — we can deploy on what’s already out there.”

In regards to the claim that everything can be done with pre-existing firewalls, Hughes admits that multiple approaches are warranted, but there are still problems. “There is an active research direction there, but it’s not clear if this is the absolute panacea that Anderson suggested.”

The future

Looking ahead, Hughes hopes to see his technology used in the critical infrastructure sector and for securing the electric grid. The potential for hackers to attack the grid, he says, is very real — one that could cripple the economy.

Hughes also sees the potential for securing commands and data, which have tight requirements for latency, often within a few milliseconds to prevent physical damage. It could also work in the financial sector and the burgeoning practice of high speed trading. And indeed, the amount of time it takes to apply cryptography is becoming a significant factor in how fast trades can be executed.

His team is also working on a next generation quantum transmitter QKarD, one that’s much smaller than what they’re currently using. Once miniaturized, these cards could fit inside a mobile phone or tablet device. He envisions a docking station for a handheld device that, in addition to charging the battery, would feed the device’s memory with cryptographic key material that can be shared with a central server in the enterprise. So, when a user undocks the device and carries it around, those secure keys could be used to communicate with friends or colleagues, or other parts of the same network. And it would have all the advantages of quantum security, though without an optical fiber cable.