Canadian company touts testing of its quantum key distribution solution

An Ottawa security company says it has successfully tested its technology for delivering quantum keys over long distances over the Internet in preparation for commercial product launches later this year.

Quantropi Inc. said it has safely sent huge volumes of random numbers called quantum entropy over conventional and high-speed internet networks as far as Singapore with what it believes to be unprecedented speeds.

If deemed useful by customers, the test will pave the way for the company to launch its quantum entropy-as-a-service service in the fall.

In short, the company said it sent just under 400,000 32-bit encryption keys per second from Ottawa to Edmonton over the CANARIE high-speed research network at speeds of up to 100 Mbps in some cases.

In a test over the public Internet from Ottawa to Singapore – a distance of 15,000 km – it sent 55,000 keys per second at speeds not less than 14 Mbps.

In comparison, the company said, lab tests of conventional quantum key distribution (QKD) technologies saw data speeds of just 10 Mbps (about 39,000 keys per second) over a distance of 20 km.

The reason this matters, said Quantropi CTO Michael Redding, is the possible advent of practical quantum computers five years from now. Ultra-fast quantum computers could break existing public-key data encryption, which is why experts have been saying for some time that governments and businesses need to be ready with quantum-resistant solutions first.

Strong entropy – quantum-resistant random numbers – is needed to safely encrypt and decrypt data, Redding said.

Finally, Quantropi will launch a platform it calls QiSpace, a quantum security service offering a quantum resistance solution that works on top of existing AES encryption.

“Today’s test was to demonstrate that we can take these random numbers and move them quantum safely across the network at high data rates over any distance,” Redding said.

“To show how robust our technology is, we have deposited it on public websites in New York, San Francisco, London, Frankfurt and Singapore and have shown that we can distribute these quantum keys anywhere in the world. .

“So the demonstration was meant to show that this was universally applicable and available on today’s internet, making it an instant benefit for any business that wants to upgrade their security. “

The company will then have a closed beta of its quantum entropy as a Sequr service with selected partners to validate the technology and develop use cases. In the fall, he plans to have an open beta and launch Sequr for commercial availability. Subscribers would also have access to its Qeep symmetric crypto library. Early next year, its asymmetric encryption product Masq for PKI (public key) encryption will be released. Along with Sequr, Queep and Masq, Quantropi will offer a secure fully quantum crypto platform, Redding said.

It wouldn’t say how the Sequr service will be priced, other than that would be per endpoint or user like other crypto libraries built into the software.

However, it is not yet clear whether the public or private sector wants entropy as a service.

Expert feedback

News of the protest did not impress cybersecurity Bruce Schneier, lecturer in public policy at the Kennedy School at Harvard University and chief security architecture at Inrupt, Inc. “Insignificant,” said he stated in an e-mail after consulting the press release from Quantropi. “What problem does he solve? What is he doing that cannot be done before?

“The normal key exchange is working fine. No one needs a quantum key swap for anything.

“We cryptographers have all the math we need for key generation and distribution, as well as symmetric and asymmetric cryptography – and much of it resists any theoretical quantum computation. There is nothing added to quantum key distribution – except dedicated hardware – that makes it impossible to use in anything other than specialized applications. I love physics, but QKD doesn’t solve any problems that I actually have.

He noted that in 2020, the UK’s National Cyber ​​Security Center released a white paper on quantum key distribution which pointed out that, because QKD protocols do not provide authentication, they are vulnerable to attacks. man-in-the-middle physical attacks.

“For this reason, QKD protocols must be deployed alongside cryptographic mechanisms that provide authentication,” the document says. “These cryptographic mechanisms must also be secure against the quantum threat. “

QKD isn’t the only quantum computer threat mitigation measure, adds the white paper. “Work to standardize quantum-safe cryptographic algorithms is underway at international standards bodies such as the National Institute of Standards in Technology (NIST) in the United States. These algorithms can be implemented on today’s conventional computers and, unlike QKD solutions, do not require dedicated or specialized hardware. Quantum-secure cryptographic algorithms allow two remote parties to agree on a shared secret key with authentication, therefore without the risk of man-in-the-middle attacks.

In response, Redding said Quantropi agrees that QKD has significant issues and imitations. “It is precisely because we do not believe in the viability of QKD that Quantropi has developed an alternative approach to safely distribute quantum entropy on a large scale and at high speed.

“The point is, there is a strong and growing demand for strong entropy / true random numbers at all points of modern digital networks / applications. A substantial body of academic research indicates that high entropy (formatted in cryptographic keys) improves the performance of existing cryptographic algorithms over running threats (not to mention future quantum threats envisaged). Important additional work shows the weakness of many random number generators of the “local” system. We have demonstrated that it is possible to generate and distribute high entropy (with real randomness measurably “better” than what can be created on standard local random number generators) over any typical network (public or private) at the point of need – without requiring the exotic amenities associated with QKD.

“So by showing that our platform can run what could be functionally called ‘digital QKD’ (to give it context to current industry themes), we’re actually illustrating the ability to deliver the key material. to volumes that modern systems and applications want in a hardware-based way QKD (so far) cannot – as Bruce rightly points out.