|
China has built one of
the world's largest hack-proof computer networks in a bid to protect state
secrets from prying eyes. An advanced communications system will secure
government, financial, military and other information from eavesdroppers. (Stock
image)
|
The project in Jinan is aimed at protecting
state secrets from prying eyes. Data sent down fibre optic cables will be
protected using quantum encryption. Around 200 users can send messages across a
125 mile long (200km) network. Particles of light are distorted or destroyed if
anyone tries to tamper with them. This means that the network is secure and
will alert users to any attacks
China has
built one of the world's largest hack-proof computer networks in a
bid to protect state secrets from prying eyes. An advanced communications system will
secure government, financial, military and other information from
eavesdroppers.
Information sent down fibre optic cables will be
safeguarded using quantum encryption so advanced that it cannot be broken by
current technology. Such breakthroughs could soon lead to a global
quantum web that is 100 per cent secure from hackers.
The upcoming launch of the project in Jinan, in
China's eastern Shandong province, was first announced by state media earlier
this month after testing of the system was successfully completed.
The network uses a technique called quantum key
distribution to send data securely.
Before a message is sent, a special key is
transmitted that is needed to decode the information. Both the key and the data are sent in particles
of light, which are distorted or completely destroyed if anyone attempts to
tamper with them.
It will also alert both the sender and receiver
to the attack.
This will allow around 200 government workers in
the city to transmit messages, across a 125 mile long (200km) network, safe in
the knowledge that they cannot be successfully intercepted. A larger 1,250 mile (2,000km) long fibre-optic
link from Beijing to Shanghai is planned for completion later this year.
The network has been built by QuantumCTek, based
in Hefei in eastern China.
Speaking to The Register (Next Story), CEO Yong Zhao, said: 'We
think our tech is secure right now. 'Why do we wait until quantum computers can break
classical cryptography? We know there's no backdoor,' he added of the
new network.
The technology represents a leap forward in
encryption techniques and anticipates the limitations of current methods. Hackers are increasingly able to circumvent
protection efforts, thanks in part to increases in computing power.
|
Keys are embedded into
photons which are stored as ones or zeroes depending on the polarization of the
sub atomic particles. The system has one cable for sharing photons and another
for data transfer (Stock image)
|
Current technology relies on mathematical
equations, that are too complex for most computers to crack, to protect our
data. But, as processing power continues to grow, these
equations have to be made increasingly complex to keep up. And there are fears that the next generation of
quantum computers, which will be able to perform vastly more complex tasks,
will make this method of protection obsolete.
The Chinese project sidesteps this issue by using
a totally different mechanism.
Keys are embedded into photons which are stored
as ones or zeroes depending on the polarization of the sub atomic particles.
The system has one cable for sharing photons and
another for data transfer.
This is not the first time China has experimented
with quantum technology. In recent weeks, physicists revealed the details
on a ground-breaking experiment to achieve ‘ultra-long-distance quantum
teleportation,’ which could help to pave the way for a global quantum internet.
In a major breakthrough, the team established the
first ground-to-satellite quantum network, which allowed them to transmit a
photon from an entangled pair up to 870 miles (1,400 kilometres). Entangled photons theoretically maintain their
link across any distance, and have potential to revolutionize secure
communications, but scientists have previously only managed to maintain the
bond for about 62 miles (100 km).
Pairs of entangled photons fired to ground
stations can form a ‘secret key’ and, theoretically, any attempts to breach
this type of communication would be easily detectable.
In quantum physics, entangled particles remain
connected so that actions performed by one affects the behaviour of the other,
even if they are separated by huge distances.
So, if someone were to attempt to listen in on
one end, the disruption would be detectable on the other.
|
In a major breakthrough,
the team established the first ground-to-satellite quantum network, which
allowed them to transmit a photon from an entangled pair up to 870 miles (1,400
kilometers). An artist's impression of the Micius 'quantum' satellite is
pictured
|
China's
'Future-Proof' Crypto: We Talk To Firm Behind Crazy Quantum Key Distribution
Network
Should we believe the hype? And why drop so much
$$?
Two hundred local government employees across the
capital of China's eastern Shandong province will soon be encrypting messages
with keys that are "impossible" to crack.
QuantumCTek, headquartered in the humid,
subtropical city of Hefei in eastern China, will next month launch a commercial
network for creating and sharing secure "quantum keys" across 200km2 of
Jinan, China. It'll be the first such citywide system in the country, and
outside scientists tell us it's likely one of the largest in scale (at least,
that isn't top secret) in the world.
The classical encryption we enjoy today in our
apps, sites and services has a tiny flaw: it's based on the principles of
mathematics. If a computer were able to make an unlimited number of guesses,
then it could theoretically discern any key.
Many security professionals call existing
government-grade cryptosystems – such as 128-bit or 256-bit AES keys – secure
enough for practical purposes. It would take today's computers an infeasible
amount of time to find the correct key and then crack private messages open
(it's publicly known that the US's National Security Agency can today crack
80-bit encryption, but scientists believe that AES-256, which could require a
computer to make up to 2256 guesses, might take 100 years to be feasible
to crack.)
QuantumCTek CEO Yong Zhao is worried about the
future possibility: quantum computers, which can exploit the mysterious
principles of quantum mechanics to perform computations much faster than a classical
computer, finding values for keys much more quickly. With one quantum computing
algorithm, for example, 256-bit keys could be discerned in 2128 steps or
less.
Distributing RSA over a public communication
channel might not be secure if RSA could be cracked, Zhao says.
QuantumCTek's new quantum key distribution
network, as first reported by China's state news agencies earlier this month, has
six "control centres" spread throughout Jinan that facilitate sharing
keys hidden inside the states of photons. Like quantum computers, these special
keys exploit the principles of quantum mechanics.
In this case, the aim is make them physically
unguessable, thus future-proofing encryption done by these keys to possible
attack.
"We know there's no backdoor," Zhao
told The Register.
|
(Stock image) |
How it works
In the quantum key distribution network, the
control centres generate and stores random keys at 10kbps, 24 hours a day. The
bits of these keys get stored as 0 or 1 inside the polarization states of
photons. By the principles of quantum mechanics, once you measure a photon's
state, you can't measure it again without changing the state – so good luck
guessing it after it's used!
The system has one fibre for sharing photons and
one fibre for data transfer.
For our classic crypto couple Alice and Bob to
communicate, they first must receive a secret random number, N, that will be
used to help authenticate their interaction via any one of the control centres.
Then, they each generate their own separate
sequence of random bits, A1 for Alice and B1 for Bob. Alice and Bob send their
respective bits – stored as photon states – to that control centre.
Using four semiconductor photodetectors (about the
size "of a small box" – Zhao declined to clarify their size or
provide further technical details) – the control centre measures their
polarization state and creates new bit sequences, C1 for Alice and C2 for Bob.
After doing some postprocessing (C1 and C2 are shorter than the original bits
because of fibre losses, channel noise and measurement error) for length and
security, the control centre creates a K1 for Alice and K2 for Bob, which it
shares with Alice and Bob inside photons.
Next, the control centre encrypts K1 by adding
its bits to K2 (called a "one-time pad") and sends K1 to Bob via
photons. Now, Bob has K2, so he can decrypt K1 to get it. Hence Bob can use K1
to decrypt any future messages from Alice.
The control centre also shares a third key, K3,
with Alice and Bob that will be used in addition to their secret random number
for authentication, created the same way.
Alice then encrypts a message with K1, typically
by using AES or SM4 (a Chinese encryption standard) or, in cases where extreme
security is necessary, using a one-time pad. Alice creates a checksum of this
message using the random number, encrypting it with K3.
Alice then sends the K1-encrypted message and
K3-encrypted checksum to Bob. Bob uses K1 to decrypt the message, and verifies
it came from Alice by decrypting the checksum with K3 and recomputing it using
the random number N they'd shared previously.
They send 40 million photons per second, and in
the end they get, on average (after processing) a data transfer rate of
4,000bps sent. The longest transfer is about 50km to 60km. Zhao says the system
photon loss is about .2 or .3dB per kilometer.
The frequency of key updating depends on the
wishes of the users, he says.
From theory to practice
The CEO said the most difficult part of
engineering was making the system commercial – to deal with the reality of
working in a real environment. The team created a test bed network in 2013,
which evolved into the commercial network this year – with 100 test users.
Testing finally finished just under three weeks ago, on 30 June.
Zhao said researchers independent from
QuantumCTek had evaluated the security of the network (to check for any
loopholes) and are preparing a paper on the results of the test bed network.
For documentation, he referred The Register to papers on the backend
technology published before the testbed network was constructed (see here, here, here and here).
By the end of next month, he says 200 employees
in the local Jinan government (which owns the network) will use it for sending
text, photos and videos.
He says many researchers are working on using
satellites to aid with quantum key distribution or quantum encryption, and he
says that "I think we need both" a ground network as well as
satellites because of technical difficulties during ground-to-satellite communication
(you'd need a satellite for communicating from China to the United Kingdom, for
example, because of losses at great distances).
"We think our tech is secure right
now," he says. "Why do we wait until quantum computers can break
classical cryptography?"
Companies such as NEC and Toshiba are also
testing quantum key distribution, while companies such as ID Quantique in
Geneva have been offering hardware for quantum key distribution for years. Many
research groups are also developing their own quantum communication networks.
|
(Source: AFP/WIRES/DAILY MAIL) |
Originally published (STORY1) on AFP/WIRES/DAILY MAIL and (STORY 2) on THE REGISTER