Implementing a quantum-secured network in a metropolitan area
The AWS Center for Quantum Networking (CQN) has completed its first trial of quantum-secured communication in a customer environment. With a mission to address the fundamental scientific and engineering challenges to build quantum networks, we work with customers to evaluate the current state of the technology and its fit for cloud infrastructure.
We’ve heard from customers that they want to prepare now for a future world in which quantum computers can break current asymmetric cryptography. AWS is engaged in multiple efforts to ensure quantum computers bring only opportunities to customers, minimizing any risks. One capability that we are exploring is Quantum Key Distribution (QKD), which offers an additional physical protection in the transmission of quantum states between remote parties so they can establish verifiably secure encryption keys.
To test this idea in practice, we implemented a point-to-point quantum-secured network in Singapore, setting up a link that connected two sites using a production-grade optical fibre network. In collaboration with the National Quantum-Safe Network (NQSN) at the Centre for Quantum Technologies (CQT), Horizon Quantum Computing (Horizon), and Fortinet, we successfully connected two QKD devices across buildings spread three kilometers apart (mapping to approximately 16 km of fibre cable), and set up a VPN tunnel that used both QKD technology and AWS Edge Compute hardware.
The NQSN is a field-deployed testbed aiming to demonstrate the integration of quantum-safe applications. “NQSN is here to support the testing of concepts and use-cases relevant to Singapore. We’re happy to be able to support this joint effort between AWS and Horizon,” said Associate Professor Alexander Ling, lead Principal Investigator for the NQSN, from the CQT at the National University of Singapore (NUS).
We set up two mirrored network stacks, divided into management and service segments via a device provided by Fortinet, a partner of the NQSN. This device (FortiGate 100F Next Gen Firewall) has the enhanced capability to create an encrypted IPsec tunnel capable of consuming quantum-generated encryption keys. On the management network (highlighted in yellow in the figure that follows), we use a QKD device pair that secures key exchange over fibres with a maximum loss of 12 dB (typically up to 50 km), making it a good fit for metropolitan coverage of an area of the size of Singapore (50 km east to west). This device also integrates a Key Management System (KMS) that handles key requests and key transfers between QKD optical systems and the FortiGate Next Gen Firewall. The service network (highlighted in blue) terminates at paired compute nodes.
As shown in the figure, one of the nodes is located at the CQT. This computing endpoint is an Amazon Elastic Compute Cloud (EC2) instance encapsulated inside an AWS Snowball Edge Compute Optimized device. AWS Hybrid-Edge services extend AWS infrastructure and services into the edge, helping to run and securely operate applications in locations that lack consistent network connectivity to AWS. At the other end of the connection, Horizon uses an on-premises Intel-based server as an endpoint. Both sides communicate securely via an IPsec tunnel, with the endpoints consuming the locally produced QKD keys. This effectively sets a quantum-safe link that Horizon will be using to build use cases:
“At Horizon, we are focused on making quantum computing accessible for businesses, not only through programming but also via deployment that is compatible with industry requirements, including ensuring the confidentiality and integrity of delegated computation,” explains the company’s CEO Dr. Joe Fitzsimons, who presented this collaboration in his talk at Q2B 2022 Silicon Valley. “We were delighted to partner with AWS for the installation of the National Quantum-Safe Network node in our office. It is the first step in building a secure infrastructure for the safe deployment of quantum applications.”
All components were monitored by AWS Snowcone computing devices, allowing to store performance metrics, configure applications, and visualize technical parameters remotely, like QKD key rates and synchronization status.
This point-to-point quantum network implementation was an important step towards exploring ways in which commercial-off-the-shelf quantum technology performs in a real-world setting, demonstrating to our customers how it can be used in combination with AWS services. At the AWS CQN we continue to explore the art of the possible and that includes not only QKD, but also advanced networks involving the development of a quantum repeater for long-distance communications. You can read an illustrated introduction to quantum networks and quantum repeaters, learn more about AWS for the Edge, and watch this space for more research and commercial updates in quantum networks.