Startup MagiQ Technologies thinks it's got a sure way to keep data from prying eyes, using Heisenberg's Uncertainty Principle
With security on the Internet, there's always some nagging doubt. Can you ever be absolutely certain, for example, that the e-mail you're sending with some confidential business information attached isn't going to be intercepted and read as it travels the digital highways and byways?
Using the Internet for anything sensitive requires some faith that everything in place to ensure the security of the information you're working with—all the encryption, passwords, and security policies—will, in fact, work. But as with most things in life, nothing is certain except uncertainty itself.
But uncertainty can be useful. For years, security researchers have been experimenting with harnessing one of the underlying rules of quantum physics, known as the Uncertainty Principle, which states that at the quantum level, where objects are infinitely small, it's impossible to measure electrons and photons and other similarly tiny particles without affecting them.
How does quantum physics apply to the world of security? The idea is to harness this inherent uncertainty to create a data-encryption scheme that's essentially unbreakable. It's called quantum cryptography, and already some governments and private companies are using it to build absolutely secure lines for data and voice communications.
One Step Beyond
Today, companies and governments encrypt their ultra-sensitive secrets by using mathematical formulas to make the info look like gibberish to anyone who may be intercepting it. Currently, most data are encrypted using the Advanced Encryption Standard, a method first approved for government use by the National Institute of Standards & Technology in 2002 and then widely adopted in the private sector. So far, AES is serving its purpose. It's hard to break—at least for now. But that may not always be the case.
The next step in security is quantum cryptography, and a few companies are developing encryption products using it. New York-based MagiQ Technologies is one of them. It builds boxes that harness the properties of quantum physics to create encryption keys it claims can't be broken.
Why is MagiQ so confident? Uncertainty. MagiQ's gear generates particles of light called photons, which are so small, the conventional rules of physics don't apply to them. In 1927 a German physicist named Werner Heisenberg found that merely observing a particle as small as a photon alters it. Once you look at it, it's never the same again.
This is known as Heisenberg's Uncertainty Principle, and it turns out that if you use the state of a photon to generate an encryption key—essentially a secret set of random numbers—it's easy to determine whether anyone else has looked at it while trying to get a copy of the key you used.
"Uncertainty is the principle we exploit," says Mike LaGasse, MagiQ's vice-president for engineering. "It's fundamentally impossible to observe the key, because the photon can be measured once and only once. An eavesdropper can't measure it, and so can't get the key."
Magic combines a computer, a finely tuned laser, a photon detector, and a fiber-optic line. The laser inside the MagiQ QPN box is adjusted to produce single photons, which are then sent over the fiber-optic cable to a second QPN box, which detects them and notes precisely their time of arrival.
The two boxes then compare how the photon appeared when it left the first box to how it appears when it arrived at the second. If they match, the photon is used to generate a key, which is used to encrypt the data. If they don't match, the photon is ignored. The obvservations of each good photon are saved and used as needed to generate keys. This process repeats itself hundreds of times a second.
Once the key is generated, it's a relatively simple matter to encrypt the data you want to send, whether it's a voice conversation or corporate strategic plan. But since the keys are impregnable, the data that's encrypted are too. Further complicating the problem for eavesdroppers is the fact that keys are generated hundreds of times a second, so the chance of getting enough information about the key to generate a copy and thus break the encryption is essentially zero.
Secure as it is, Quantum Crypto is only being slowly adopted by governments and industry. MagiQ CEO Bob Gelfond, who founded the company in 1999, says it launched its first quantum key distribution device, the MagiQ QPN, with Verizon Communications (VZ).
The test results, announced in March, showed that MagiQ had succeeded in beating one of the problems with quantum crypto: distance. Keys are exchanged between two points and have to be connected by a fiber-optic line. And optical networks need repeaters between each span of cable—typically 80 kilometers (49 miles) long—to keep the signal going. Those repeaters present a fundamental problem, because like the eavesdropper, they have to observe the key in order to pass it down the line.
Using Verizon's optical network, MagiQ showed that it could successfully keep the key intact over a distance of 140 KM (about 87 miles). "We can gain additional distance by daisy-chaining our devices back-to-back," Gelfond says. "In North America the hops in the telco networks are less than that distance. You'd be able to cover the entire East Coast of the U.S., because all the hops you would need would be within that 140-kilometer limitation."
Bezos on Board
That has given Gelfond hope that MagiQ can sell its gear to telco providers. He says the company has both private and government customers, but he won't identify them, nor even say how much he has sold: "We're selling worldwide. And while the numbers aren't huge at this point, we think the customer interest that we have now will lead to more deployments in the future." He says the company isn't profitable yet.
Gelfond, a former hedge-fund trader on Wall Street, was also an early investor in Amazon.com (AMZN), whose founder Jeff Bezos has returned the favor—he's one of MagiQ's angel investors. Its corporate advisers include executives from RSA Security, a unit of EMC (EMC), and computer security concern McAfee (MCAF).
The plan, over the long term, Gelfond says, is to develop MagiQ's patent portfolio around quantum crypto, and also to build the technology into a small blade-style card (similar to the cards that computer makers use in blade servers) that can be inserted into telco-grade routers and switches.
For now, the commercial appeal is limited, says Greg Young, a Gartner analyst based in Ottowa, Ont. "There's not going to be much demand for it in the short term," he says. "But once we see conventional crypto systems start to break down, and that's not likely for some time, the demand could increase."
Breaking conventional crypto, Young says, is essentially a mathematical problem that involves factoring very large prime numbers. "It's a difficult problem that has no shortcuts," he says. "But quantum crypto would be a logical step forward if there's ever a major break in conventional crypto systems."
MagiQ already has competitors, including ID Quantique, a Swiss outfit, and Smart Quantum, a company in France. And Japanese companies including Toshiba (TOSBF), NEC (NIPNY), Fujitsu, and Nippon Telegraph & Telephone (NTT) are all said to be conducting their own research on the technology.
For all its promise, quantum crypto doesn't help if you're sloppy in handling the data on either end. "You don't want a titanium pipe with cardboard boxes on either end," says LaGasse. "This is really suited to organizations that have strong security policies and practices." Apparently it pays to be paranoid.