Engineers from QuTech (a collaboration between TU Delft and TNO) can use measuring device independent (MDI) quantum key distribution (QKD) to ensure untappable communication, which is scalable in cost for multiple users. A side effect is that the untappable communication, over the same fiber optic connection, can take place in addition to conventional internet traffic. Thanks to KPN and Cisco, a test set-up could be made that put this into practice. MDI-QKD is an important step toward a quantum internet that is accessible to everyone.

Currently, secure communication is based on the principle that breaking cryptography with conventional computers takes a lot of time. Such cryptography is used, for example, in communication between data centers, intergovernmental communication or critical infrastructure such as banks, energy companies and airports. Certain lines of communication require confidentiality on legal grounds or from the user's point of view. An attacker could intercept these messages and decipher them later with a lot of time and computing power. Computers are accelerating — especially with the impending introduction of quantum computers — and that poses a risk to sending encrypted information.

Alice & Bob can use quantum keys to communicate and send files securely using an MDI-QKD key. Source: QuTech (Vincent de Mees, Slim Plot)

Joshua Slater, team leader of the MDI-QKD project, said: "Important, conventional cryptographic methods rely on, for example, a public and a private key. These two keys are actually two large numbers that belong together. Security is based on the fact that the private key is difficult and slow to calculate with only knowledge of the public key. With the advent of very powerful computers (such as quantum computers), calculating the private key is trivial and then encryption becomes meaningless."

One solution against eavesdropping — now and in the future — is the use of QKD. In the world of quantum, eavesdropping on a message disrupts the transmission of the quantum key. Slater: "If the quantum key is disturbed, the users know not to use that key for their secret line of communication. Once the quantum key has been successfully shared with the intended receiver, the rest of the secure communication is assured of the so-called 'forward secrecy': the certainty that the key distribution, now and in the future, cannot be cracked."

"Unfortunately, the current commercially available QKD systems are complicated to scale up," Slater explains. "To solve all these problems, we have built a measuring device independent (MDI) QKD system, where multiple users are connected via a central node, which operates like a classic telephone exchange operator. Additionally, the central node does not need to be trusted. The entire system is designed in such a way that hacking attacks against the central node cannot break the security of the protocol.

"A big advantage of our system, compared to other QKD systems, is the cost scalability to a large number of users. This is possible because our MDI-QKD can be used in a physical star-shaped network. Researchers at QuTech had already carried out the first pilot demonstration of MDI-QKD, the first demonstration on deployed fibers, and the first demonstration with cost-effective, off-the-shelf hardware.

"Another big advantage that we're demonstrating here for the first time is that our quantum signals are sent over the same fiber as conventional internet traffic," Slater said. "Using standard equipment, which our partner Cisco has provided to us and configured with us, we have set up two multiple networks between locations, via the same fiber optic connection. The presence of these two networks does not affect the performance of our quantum system. In doing so, we have shown that they coexist in parallel."

"This is an important development to ensure the security of internet traffic in the future", said Babak Fouladi, chief digital and technology officer and member of the board of directors at KPN. "I am pleased that we can contribute with the Netherlands network to make this insight practically applicable. Solutions such as MDI-QKD, should not only protect users today, but also make secure digital communication as future-proof as possible."

The current setup consists of three standard telco racks, each in a different city in the Netherlands. The first 'user' connected to the demo setup is codenamed Alice and is located in Delft. The second user, named Bob, is in a KPN building in The Hague. The central Charlie junction is in between. Each user is connected to the central node via a standard fiber optic cable. In addition, users and the central node can communicate via the normal internet, either directly via the (same) fiber optic connection or indirectly via any internet connection.

The introduction of MDI-QKD is an important step toward the future quantum internet. The network is designed future-proof. That is, users like Alice and Bob can modernize their functionality (e.g. with quantum processors, quantum repeaters, quantum entanglement, quantum memory or quantum computers) while the central node and the rest of the network remain the same. The network is ready for the future and can be upgraded for the quantum future.

"This is a great milestone, and an important basis for the roll-out of a national quantum network infrastructure in the Netherlands, which is one of the main goals of the Dutch National Quantum Technology Agenda carried out by Quantum Delta NL," said Jesse Robbers, director of Quantum Delta NL.