SIEMENS

God does not play dice with the universe," said Albert Einstein once in criticism of quantum physics. But it was Einstein who had helped to launch the most successful physics theory of the 20th century, with a Nobel Prize-winning paper on light quanta (photons) back in 1905. Today we know that God does "play dice" in the sense that certain phenomena in quantum physics can't be predicted; instead they become real only at the moment in which they are measured. Einstein was also wrong about something else: The peculiar entanglement of light particles, which he dismissed as "spooky action at a distance" in 1935, is a real phenomenon. When specially prepared twin pairs of photons are created, one photon always knows the state of the other — without any delay in time and across any distance, even that of the entire universe.
This unusual behavior that so irritated Einstein is ideally suited for data encryption. Physicists working in this field exploit the entanglement of the twin photons and the fact that their state can only be determined at the moment they are measured. If such photons are sent through fiber-optic lines in order to exchange encryption keys, anyone "listening in" can still pick up the data, but the laws of physics ensure that their eavesdropping will not go unnoticed, and that action can then be taken. This is because if one of the photons is measured by an outside party, the transmitter and receiver will immediately see this in the state of the twin. They can then take measures to make the bits and bytes incomprehensible to the hacker.
Although commercial quantum cryptography systems have been in use for a number of years, their success has been held back by high costs and technical limitations — more specifically by the fact that they have, until recently, only allowed point-to-point connections between two parties. Because photons are lost as they pass through glass fiber lines, system range has also been limited to just a few kilometers. What has been missing here is a superordinate authority that passes the code on across several point-to-point connections and controls the quantum cryptography devices linked with the network.
In October 2008 partners in an EU project known as SECOQC (Secure Communication based on Quantum Cryptography) presented the first such network at a conference in Vienna. Consisting of seven participants, the network was able to pass a quantum key from node to node, and it can be expanded to include any number of connections. The project partners included the University of Vienna and Siemens IT Solutions and Services Austria, with the latter providing the network infrastructure. The project was managed by Austrian Research Centers (ARC) in Vienna.

Entangled Twins. The project's cryptographic network used commercially available devices whose operation is based on different quantum cryptography technologies. Their effectiveness is limited, however. Devices that use photon phase shifts as a quantum property, for example, are susceptible to inaccurate measurements. That's why the network relied for the first time on a system for generating entangled photons, which was developed by Anton Zeilinger, a professor at the University of Vienna who is considered a pioneer of research into new quantum phenomena (see article "A Quantum Computer in Your Cell Phone").
In fact, Zeilinger caused a sensation in the 1990s when he "beamed" specific properties from one photon to another.
For his cryptography approach, Zeilinger actually uses the "spooky action at a distance" that occurs between twin particles, which his team generates in a crystal by means of a laser, before sending the particles out via two fiber-optic lines. Their oscillation direction, known as "polarization," is initially uncertain. It's only when a photon has been measured that it possesses a specific polarization. At this point the information unit, the bit, takes on the value of either zero or one. As if it were telepathic, the second photon registers this and takes on exactly the same value.
If a hacker attempts to eavesdrop on either one of the glass fiber lines, the transmitter and receiver (designated "Alice" and "Bob" by cryptographers) notice this through a comparison of their measurements. The cryptographic device then repeatedly creates new keys until the hacker ("Eve") gives up and exits the line. The comparison of measurement data can take place on unsecured lines like the Internet or a phone line, and even the transmission of the data encoded using the quantum key can be intercepted without giving the eavesdropper any valuable information. Zeilinger's team proved this in 2004, when they transferred €3,000 from Bank Austria to Vienna City Hall, a distance of 1.5 km.
The great accomplishment of the SECOQC project is that it has scaled down this simple physical effect, which nevertheless used to require a lot of machinery, into a system that fits into the housing of a conventional PC. The housing contains the optical components for generating the photons using a laser, the detectors that determine polarization direction, and a cryptochip that uses light measurements to continually create new keys and exchange them via the fiber-optic line.
The same housing also holds the computer that uses the quantum keys to encode the actual data with cryptographic algorithms. The data then races in encrypted form through the Internet at a speed of several gigabits per second. The keys are usually 128 bits long. "That's secure enough and is doable with limited resources," says Dr. Johannes Wolkerstorfer of Graz University of Technology. The university is collaborating with ARC and Siemens to develop the cryptographic machine hardware and software, including an easy-to-use interface, as part of the Quantum Cryptography on Chip project. A length of 128 bits corresponds to 1038 different possibilities that a hacker would have to work through. That's the equivalent of searching through ten billion people for a specific, individual atom.

Quantum Keys. Still, even 128-bit encryption can eventually be broken with the help of statistical analysis of the encrypted data. That's why one and the same key should never be used to encrypt large amounts of data over an extended period of time; changing keys frequently enhances security. Ideally, a crypto-machine should generate a new key of the same length for every 128-bit data package, because it is impossible to crack such a "one-time pad" — even if one of the code keys is successfully broken, hackers would only have a snippet of data. What's more, it would take them months to break each key.
ARC's cryptochip moves cryptography into a new dimension in this regard. It generates a new quantum key five to ten times per second, and each key can be as long as 256 or 512 bits. Then, after sending out these keys, it immediately destroys its record of them. "We could also switch the keys more often by stockpiling them," says Christian Monyk of ARC, who coordinates the SECOQC project.
"We took part in the project in order to gain new knowledge about quantum cryptography applications," says Robert Jonas, head of Security Solutions at Siemens IT Solutions and Services in Vienna. As Jonas points out, Siemens sees itself as a systems provider that advises customers and creates solution packages encompassing hardware, software, and infrastructure. Development of quantum cryptography hardware was never part of this approach, however.
As a result, Siemens is interested not only in the hardware developed by ARC, Anton Zeilinger's research group, and Graz University of Technology; other components that are already commercially available, including those from idQuantique in Geneva and MagiQ in New York, are also suitable for such applications. So Jonas is optimistic. "Once the system attracts greater interest, and customers such as banks and military organizations begin asking for it, the cost of hardware components will fall and our commercial solutions will become more attractive. We're ready for that day," says Jonas.