SwissQuantum Project Completes Longest-Running Testbed of Quantum Crytography
Monday 2 May 2011
Geneva, Switzerland - ID Quantique SA announced the successful completion of the longest running project for testing Quantum Key Distribution (QKD) in a field environment. The main goal of the SwissQuantum network, installed in the Geneva metropolitan area in March 2009, was to validate the reliability and robustness of QKD in continuous operation over a long time period in a field environment. The quantum layer ran stably for nearly 2 years until the completion of the project in January 2011, confirming the viability of QKD as a commercial encryption technology.
Quantum Key Distribution (QKD), also known as Quantum Cryptography, exploits the laws of quantum physics to enhance the security of communications over modern optical networks. The quantum key servers exchange secret encryption keys encoded on photons over a network. The inherent laws of quantum physics (Heisenberg’s Uncertainty Principle) dictate that an eavesdropper can be detected, thereby resolving the security of the initial exchange of the symmetric keys - one of the main challenges and potential weak points of modern encryption solutions.
Twelve partners from academia and industry joined forces for the project which consisted of three nodes in a triangular configuration, located at CERN (European Organization for Nuclear Research), the University of Geneva (UniGE) and hepia of Geneva. The coordinator of project was UniGE and the implementation partners ID Quantique, CERN, IT Department of the Geneva Canton (CTI), University of Applied Sciences Western Switzerland (HES-SO), hepia Geneva (hepia) and the University of Applied Sciences Western Switzerland in Yverdon-les-Bains (HEIG-VD). The sponsors of the project were armasuisse, Banque Privée Edmond de Rothschild, EXFO, Hasler Stiftung, National Centre of Competence in Research in Quantum Photonics (NCCR-QP), Senetas and the Swiss National Science Foundation.
The testbed was designed to demonstrate the efficacy of QKD in modern enterprise network scenarios, namely:
Reliability of QKD networks: In a commercial environment QKD needs to work stably and reliably 24/7 all year round without active intervention. The project results confirmed the maturity of QKD in continuously generating quantum keys and detecting potential eavesdroppers, with no intrinsic failures. There were some external environmental factors which caused interruptions (such as a power failure in some of the locations) but the QKD system was able to resume operations immediately. Fluctuations due to environmental factors were also investigated in the course of the project.
Advanced Key Management Abilities: The SwissQuantum network implemented a Key Management Layer to provide advanced functionalities such as high-speed key generation, key routing and redundancy, efficient key distribution in multi-point networks and parallel key agreements, combining multiple key agreement techniques. This lays the foundation for future use of QKD in a multi-point environment.
Versatility of QKD networks: Swiss Quantum demonstrated the versatility and integration capabilities of QKD as a complement to different types of classical encryption technology. The following cryptographic services were enhanced by QKD on the Application Layer:
- Ultra High-Speed Ethernet Encryption (Layer 2) – High-speed encryption was performed on the 10G Ethernet link connecting CERN and the University of Geneva. This link is used to transfer data collected in the Large Hadron Collider (LHC) at CERN for treatment at the UniGE. High availability and full throughput were essential.
- Fiber Channel Encryption (Layer 2)
- IPsec Encryption (Layer 3 IP packets)
The SwissQuantum network consisted of three layers:
- The Quantum Layer performing Quantum Key Exchange.
- The Key Management Layer, managing the quantum keys in key servers and providing secure key storage, as well as advanced functions (key transfer and routing).
- The Application Layer, where various cryptographic services used the keys distributed to provide secure communications.