A New York-based startup on Monday announced that it has a working prototype of a device capable of employing quantum cryptography to encode keys on existing high-speed networks. However, cryptographers say the system likely holds little value for enterprises.
MagiQ Technologies Inc. is among the first companies to announce its intention to sell a commercial solution based on the concept of quantum cryptography. Code-named Navajo, the system comprises an appliance at either end of the communications link, capable of generating keys and encoding them one photon at a time.
Quantum cryptography relies on the properties of photons and the laws of quantum mechanics, which dictate that an eavesdropper wouldnt be able to read or even observe a photon without changing its state. That would alert the receiver that the message had been intercepted and was no longer secure.
Because of these properties, quantum cryptography long has been considered the Holy Grail of cryptography. There has been quite a bit of hype and misinformation surrounding research in this field, and the companies that attempt to commercialize the technology will face a lot of scrutiny from both security experts and crackers. MagiQ officials acknowledge this and say theyre taking all due caution to ensure that they dont make any mistakes.
"Were going to take our time on this because we need to get this right," said Andrew Hammond, vice president of MagiQ. "We have a working prototype now and well start the beta in the first quarter."
But, some cryptography experts say theres no practical security reason for enterprises to move to quantum cryptography if and when it hits the market.
"Think back to all the computer-security vulnerabilities and break-ins and hacks and disasters. Can you think of any that can be traced to a key-generation problem?" said Bruce Schneier, a well-known cryptographer and CTO of Counterpane Internet Security Inc. in Cupertino, Calif. "This device doesnt solve a problem that people have. Its like weve put a stake in the ground to block an oncoming army, and were arguing whether the stake should be a mile tall, or a mile-and-a-half tall. Honestly, the army will just go around the stake."
Navajo is due for release in the latter part of 2003.
The appliances have some built-in security features designed to prevent anyone from compromising one of the keys. For example, if the appliance is moved or if its case is cracked open, the key in use is automatically zeroed out.
Hammond said MagiQ initially will target government agencies, financial services companies and other enterprises with a lot of intellectual property to protect. And the fact that the solution will work on existing networks should make it all the more appealing.
"Were not asking customers to dig new fiber or change their operating practices to leverage quantum cryptography," Hammond said.