In 2019, a team of Chinese technicians, engineers, and scientists sent pairs of photons from a single satellite called Micius to two ground stations in China separated by over 1,120 kilometers. The photons were prepared in such a way that they carried information that remained perfectly correlated in spite of the distance between them. In addition, the two receiving stations in China were able to ensure that the two receivers could not be disrupted or deceived by any third party. The experiment demonstrated the ability to share secret cryptographic keys between the two locations in China, with no known means for a third party to covertly observe or copy them. Although the rate of the key exchange was too low for practical use, the achievement represented a step toward secret communications guaranteed by the laws of physics.
Several countries have spent decades trying to find ways of moving data that are both cost-effective and secure by investing in quantum communication technology. The surge in China’s work in the field dates to 2013, when the release of classified information by Edward Snowden detailing U.S. intelligence capabilities caused deep concern in Beijing. “This incident has been so fundamental to Chinese motivations that Snowden has been characterized as one of two individuals with a primary role in the scientific ‘drama’ of China’s quantum advances, along with Pan Jianwei, the father of Chinese quantum information science,” the researchers Elsa Kania and John Costello concluded in a 2017 report.
The national-security implications of China’s interest in space-based quantum communications cuts several ways. The development of impenetrably secure communications links in China would be a loss for American intelligence organizations. On the other hand, China’s intensive efforts in using space for secure quantum-based communications may lead that nation to consider international agreements governing space activities as in their national interest. This strategic interest might be leveraged as part of a future U.S.-China agreement in managing competition in space. There are ample opportunities for collaboration in this field among the United States, Europe, Canada, Japan, Australia, and other democratic allies. China’s leading position in quantum data security suggests that U.S.-China collaboration—at least on basic science—would be a net benefit for the United States in understanding the state of the art.
Quantum computing and secure communications
Data transmitted between two parties over the internet is subject to unwanted interception. The value of the internet depends on the fact that data sent between the sender and receiver can be securely encrypted. Encryption methods are based on exchanging secret keys used to encode data in a way that reveals minimal information to someone lacking the key. Keys can be as simple as a long random string of 0’s and 1’s. Common methods for sharing secret keys over the insecure internet are based on numerical computations that are easy to make in one direction but very difficult to make in the reverse direction—on our current computers. For example, multiplication of two prime numbers is easy, but given a very large integer, determining which primes were multiplied together to yield that integer is a difficult problem, and it gets rapidly more difficult the larger the integer. This is true even on today’s most powerful conventional computers.
Fundamentally new types of computing architectures based on interactions of quantum systems were first proposed in the 1980s. Within a few years, Peter Shor and other theorists proved that quantum computer algorithms, running on sufficiently large quantum computers, could in principle solve the extremely time-consuming numerical problems like factoring large integers much more quickly than a classical computer algorithm could.
In short, working quantum computing systems threaten to make useless current methods of encryption that provide the basis of internet commerce and digital communication. Though such systems are generally thought to be unachievable before 2030, when such quantum computers are available, decrypting some communications streams may become feasible if nothing is done to protect those streams. What’s more, any encrypted data that has been intercepted and stored will be vulnerable to decryption. That means any country that attains a quantum computing system of sufficient power in the future will be able to decrypt stored data from the current era that would otherwise remain impossible to decode. And the data at risk goes beyond national-security information to include genomic, medical, and financial data.
These concerns have spurred efforts in the United States to develop new encryption algorithms that are more resistant to known quantum computing-based decryption methods. These post-quantum cryptography (PQC) methods are being designed and evaluated to be run on current classical computers. The National Institute for Standards and Technology (NIST) is leading an evaluation of PQC alternatives and has recently published its latest list of top contenders.
What is perfect security?
In discussions of cryptography, the sender and receiver of a message are usually referred to as Alice and Bob, respectively. They are assumed to have a public channel and an encrypted channel over which to send data. Proofs of security assume that an adversarial eavesdropper, called Eve, has access to both channels, as well as powerful computers at her disposal.
If Alice wants to transmit a message to Bob at some future time over a network on which Eve lurks, Bob can meet at Alice’s totally secure office. There they create two identical copies of a long string of completely random binary digits, called a key, and securely package one copy of the random key so that Bob can take it to his secure office. When Alice wants to send a message to Bob over the compromised channel, Alice converts her message to a string of bits using an agreed upon encoding scheme that does not need to be secret. She then chooses the first segment of the random key the same length as the binary form of her message, aligns the key bits with the message bits so that they are paired, and computes a bitwise exclusive “or” operation (XOR). A bitwise XOR operation of the two bits is a simple function that outputs a 0 if both inputs are 0, a 1 if one bit is 0 and the other is 1, and the “exclusive” part means that the output is 0 if both inputs are 1. The result is an encrypted string of bits that is equally likely to be any message. Alice sends this string of bits to Bob. Bob XORs the encrypted message with his copy of the key, and then he can convert the result back to text using the public encoding. Then they both discard the random key.
The procedure above provides no new information to Eve, even if she captures the entire string of encrypted bits. However, the requirements of this ideal scheme are immense: The random string of bits in the key must be truly random, a new key must be generated for each message since it is discarded after one use, the key must be as long as the message, and the key must be shared in perfect secrecy. This makes data exchange very inefficient. The requirement for perfect randomness cannot be met using readily-available computer random number generators: Only physical systems such as radioactive decay, or other quantum systems can generate truly random numbers. Encryption methods in use today make compromises to the idealized algorithm above in order to trade perfect security for efficiency.
Quantum key distribution may offer secrecy with fewer such compromises. Quantum key distribution methods transmit random keys by encoding these strings of 0’s and 1’s into sequences of photons whose quantum states obey the rules of quantum mechanics. For single photons, these rules allow for photons to exist in a combination of two quantum states until they are detected by a device that can measure the states. Once detected by a particular kind of device, the photon will take on a definite state that is in part determined by the device itself. This close relationship between the photon and the measurement device is at the heart of QKD methods. Other QKD methods use pairs of photons which are generated to have perfect correlation between their states, regardless of their separate travel paths. Common to all QKD methods is the fact that an eavesdropper that detects the photons will either gain no information about the keys, or will signal to Alice and Bob that they have successfully intercepted the data. This allows Alice and Bob to make adjustments in order to complete the key exchange. In any case, the eavesdropper can never copy the quantum information. In classical information exchange over the internet, an eavesdropper can detect, copy, retransmit the 0’s and 1’s without changing how this information is later observed by Alice and Bob, thereby remaining invisible.
The ability to replicate classical digital data without error is a key enabler of the current internet, as it allows the same information to travel to multiple places for use. Since the quantum states of photons cannot be copied, this creates special challenges for quantum networking. However, by compromising on the perfect security of quantum information exchange at a few, well-trusted sites, quantum networks have been built.
The guaranteed secrecy of QKD systems threatens to make it impossible to spy on communication channels use by adversary countries. Whether these are channels that are already tapped, or ones that would be useful to tap in the future, improvements in communication security can potentially cut off information that might be useful in statecraft or to gain advantage in a military crisis.
This gives rise to two important reasons for pursuing QKD research. First, by understanding the weaknesses of QKD devices, one can guard against attacks on the integrity or reliability of one’s own QKD system. Second, if one can deny an adversary the secure use of QKD, it may drive that adversary to use less secure communications means, which may then be exploited. Thus, the development of QKD systems between geopolitical rivals will take on a measure-countermeasure character, in much the same way as military communications and sensing measures must overcome sophisticated electronic warfare countermeasures.
National efforts at QKD and QKD networks
The United States, Japan, Canada, Singapore, and Europe initially led the efforts in quantum key distribution. Initial research involved point-to-point QKD, but networks of quantum-secured information exchange is the real goal of these efforts. The first QKD network was established in Boston by DARPA in 2003 and, by 2004, ran between Harvard University, Boston University, and the offices of the research firm Bolt, Beranek, and Newman. Between 2008 and 2009, the European FP6 project integrated several QKD systems into one QKD backbone in Vienna. In 2010, researchers in Tokyo demonstrated a QKD network with encryption for video.
Today, China has taken the lead in quantum key distribution: The largest demonstrated network is one that began operating in 2017 in China within the cities of Beijing, Jinan, Hefei, and Shanghai with a 1,200 mile quantum backbone network connecting them. In the United States, meanwhile, the U.S. firm Battelle, together with the Swiss company ID Quantique, is constructing a 400 mile link between Columbus, Ohio, and Washington, D.C..
QKD research and development continues today, as part of broader developments in quantum technologies in Canada, the European Union, South Korea, Japan, the United Kingdom, the United States, Russia, China and other countries. Over the past 20 years, emphasis within the overall field of quantum technology has shifted, with the United States and other Western countries tending to focus on quantum computing and China putting greater emphasis on QKD. Though there are efforts underway in China to build advanced quantum computers, this difference of emphasis reflects the deep concern about internet security at the highest levels of Chinese leadership, while in the United States, quantum computing advances have been driven by large companies. As China, the United States, and other countries build a larger workforce with the experience in designing and building quantum information systems, it may be that all countries converge to a more broad-based quantum information technology base.
Companies based in China dominate applications for patents in quantum cryptography in the most recent period when data is available, from 2012 to 2016. Companies based in the United States and Japan dominated quantum cryptography patent applications between 2002 and 2010, but have since slowed considerably. In the field of quantum computing on the other hand, the United States, Japan, and Canada have applied for the great majority of patents from the period 2001 to 2016 and far more than China.
As commercial QKD component offerings grow, benefits will likely accrue to companies that can innovate while meeting or establishing industry standards. South Korea Telecom and ID Quantique have worked through the International Telecommunications Union to establish standards for quantum communications tools. The competition to help set standards is perhaps as consequential in this field as is any particular technological development. Companies that can adapt to voluntary international standards for technical devices and data can establish a market advantage as other companies and countries around the world begin to integrate that technology into their own infrastructure. Industries cooperate in setting standards by consensus, and to the extent that Chinese companies can bring real expertise and experience in quantum technology to international standards organizations, they will have a better chance that their technical approaches will be integrated into the standards and that they will be competitive in the long run.
Finally, it is always useful to keep in mind throughout technical discussions of data security, that the weakest points in technological systems is often humans. Greed, fear, carelessness, lack of training or darker motives can open the most technically secure systems to risks. The methods of social engineering—manipulating the perceptions and behaviors of human users—that are core to cyberattack methods transfer directly to future quantum secure communications. Proper training and monitoring for insider threats will remain a key element of information security, regardless of any particular technology implementation.
The global quantum race
The need for varying levels of data security, up to and including near-perfect security, is driving countries around the world to invest in improvements in encryption based on both mathematics and on quantum physics. With quantum computers now in active production around the world, the risk to current internet encryption may arise a decade from now. This also raises immediate concerns about the long-term security of sensitive data that is already being intercepted. One possible future for information security is one that involves a hybrid of post-quantum cryptography based on mathematics and QKD based on physics, with the former providing security for authentication required over classical data channels.
As the United States increases its reliance on the secure flow of data, QKD will probably play a significant role. Therefore, it is important for the United States to develop a mix of technical infrastructures, such as satellites and fiber links. It also critical to understand the vulnerabilities of those QKD links. In cryptography, open analysis of methods has always led to better security, and the same is likely to be true for QKD. The United States would be best served through collaboration on quantum information among the national governments, business, and academic groups within the United States and between the US, Europe, South Korea, Australia, Japan, and other countries. This will minimize strategic surprise by maximizing the breadth and depth of U.S. understanding of quantum information science and engineering.
China has a demonstrated lead in demonstrations of several specific QKD technology areas, including space-based quantum key distribution using entangled photons launched from space. Since this method has some distinct advantages for very long-range secure information, China could become increasingly dependent on space-based QKD for securing data over long distances. This could provide the basis for a common interest in preserving the stability of satellite-based communications between the United States, China and other countries that are increasingly dependent on space.
The United States should also continue to engage in technical exchange and collaboration with China in the area of quantum information science for several reasons. First, China has a demonstrated lead in several QKD technology areas, including space-based QKD using entangled photons and large terrestrial quantum networks. The United States is likely to learn something about the engineering issues if not the physics. The second reason for collaboration has to do with the nature of QKD itself: It is provably secure. Unlike the codebreaking of WWII, which was so important to the Allies, certain QKD systems are impervious to eavesdropping. Understanding of the technology does not create a security vulnerability for either side. The final reason for collaboration is to maintain expert exchange between the two countries in the critical nexus of information technology, cybersecurity, and the uses of space. China could become increasingly dependent on space-based QKD for securing data over long distances. The United States has long been dependent on space for collecting and moving data. This convergence of needs could provide the basis for future agreements on activities in space that are mutually beneficial, such as limitations on disruptions of satellite communication systems.
Tom Stefanick is a visiting fellow at the Brookings Institution.