While quantum computing makes its way haphazardly towards practical realty, quantum key distribution (QKD) is moving quickly towards greater commercial use. Today, AWS reported running a successful QKD trial in Singapore with collaborators.
AWS researchers Juan Moreno and Cyrus Proctor report in their blog, “AWS is engaged in multiple efforts to ensure quantum computers bring only opportunities to customers, minimizing any risks. One capability that we are exploring is Quantum Key Distribution (QKD), which offers an additional physical protection in the transmission of quantum states between remote parties so they can establish verifiably secure encryption keys.
“To test this idea in practice, we implemented a point-to-point quantum-secured network in Singapore, setting up a link that connected two sites using a production-grade optical fibre network. In collaboration with the National Quantum-Safe Network (NQSN) at the Centre for Quantum Technologies (CQT), Horizon Quantum Computing (Horizon), and Fortinet, we successfully connected two QKD devices across buildings spread three kilometers apart (mapping to approximately 16 km of fibre cable), and set up a VPN tunnel that used both QKD technology and AWS Edge Compute hardware.”
QKD isn’t new and recently there’s been an uptick in development and commercialization efforts. The idea is straightforward. Use un-hackable quantum networks to create and distribute encryption/decryption keys between parties. Broadly, “QKD is a secure communication method that implements a cryptographic protocol involving components of quantum mechanics. It enables two parties to produce a shared random secret key known only to them, which then can be used to encrypt and decrypt messages. An important and unique property of quantum key distribution is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key.”[i]
The implementation of a QKD network on a metropolitan wide scale is significant. Shown below is a schematic of the POC project with a description from the blog below:
“We set up two mirrored network stacks, divided into management and service segments via a device provided by Fortinet, a partner of the NQSN. This device (FortiGate 100F Next Gen Firewall) has the enhanced capability to create an encrypted IPsec tunnel capable of consuming quantum-generated encryption keys. On the management network (highlighted in yellow in the figure), we use a QKD device pair that secures key exchange over fibres with a maximum loss of 12 dB (typically up to 50 km), making it a good fit for metropolitan coverage of an area of the size of Singapore (50 km east to west). This device also integrates a Key Management System (KMS) that handles key requests and key transfers between QKD optical systems and the FortiGate Next Gen Firewall. The service network (highlighted in blue) terminates at paired compute nodes.
“As shown in the figure, one of the nodes is located at the CQT. This computing endpoint is an Amazon Elastic Compute Cloud (EC2) instance encapsulated inside an AWS Snowball Edge Compute Optimized device. AWS Hybrid-Edge services extend AWS infrastructure and services into the edge, helping to run and securely operate applications in locations that lack consistent network connectivity to AWS. At the other end of the connection, Horizon uses an on-premises Intel-based server as an endpoint. Both sides communicate securely via an IPsec tunnel, with the endpoints consuming the locally produced QKD keys. This effectively sets a quantum-safe link that Horizon will be using to build use cases.”
AWS jumped squarely into the quantum networking game with creation of a center for quantum networking (CQN) last June in the Boston area, and subsequently ramping up a collaboration with Harvard. The latest POC effort was conducted in Singapore.
“This point-to-point quantum network implementation was an important step towards exploring ways in which commercial-off-the-shelf quantum technology performs in a real-world setting, demonstrating to our customers how it can be used in combination with AWS services. At the AWS CQN we continue to explore the art of the possible and that includes not only QKD, but also advanced networks involving the development of a quantum repeater for long-distance communications,” wrote Moreno and Proctor.
Link to blog, https://aws.amazon.com/blogs/quantum-computing/implementing-a-quantum-secured-network-in-a-metropolitan-area/