By Martyn Williams
12 April 2017
North Korean scientists have developed a quantum encryption device—the basis for a communications system that is completely secure from hackers and eavesdroppers.
The technology, if it can be deployed successfully, could complicate signals surveillance on internal North Korean communications, so the development has potentially significant implications for fortifying its security. But unlike some other scientific or military breakthroughs, state media isn’t making much fuss about it.
To understand why it’s important, it is important to understand a bit about encryption.
The Importance of Keys
At the heart of any encryption system are digital keys, which are used with mathematical algorithms to scramble the data being transmitted and descramble it when it’s received. Once that data is scrambled it’s almost impossible to break.
Cryptographers will either look for weaknesses in the algorithm, a time consuming and possibly futile effort, or attempt a brute-force attack where every possible combination of keys is tried until the correct one is found.
In theory, every encryption system is vulnerable to this type of attack but modern systems use long keys so the number of computations needed makes it impractical. Even with a supercomputer, it would take tens or hundreds of millions of years to crack a 128-bit AES key (Advanced Encryption Standard).
Adversaries are left with trying to pilfer the underlying keys, either through spies or by hacking. For that reason, keeping the keys secret is of utmost importance. If they are leaked or stolen, the entire security of the system is compromised.
So, when a new computer is added to an encrypted network or when security is changed, keys are usually distributed and installed by hand. It’s a laborious task but beats the alternative: sending communications over as-yet-unsecured networks where a hacker might be lurking and waiting to steal them.
Quantum encryption systems change this by allowing the distribution of keys over unencrypted fiber optic networks.
The keys are encoded onto light photons as something called a quantum state. How that is done isn’t as important as understanding that in quantum mechanics, the act of measuring a quantum state affects the state itself.
That means that it’s impossible to read data without affecting it.
That lies at the heart of quantum key distribution because if an adversary somewhere along the fiber optic cable is listening in on communications and manages to intercept a key, the act of reading it irreversibly alters its state.
Therefore, the transmitter and receiver can detect if the key was intercepted and should be discarded. The sender can keep transmitting keys until one gets through without interception. Once that happens, each party knows the keys are secure and they can be used for encryption.
As a result, keys can be distributed over the network and, perhaps more importantly, that opens the door to changing them with rapid frequency—new keys can be used every month, or week, or day, or even for each message. Doing so means a key obtained by a hacker through another means, like a leak from an insider, has a much shorter useful life span.
How Far Have They Advanced?
North Korean media hasn’t provided much coverage of the development, which indicates it could still be in the research stage.
I’ve only been able to find two reports on the system. The first was in the Tongil Sinbo on February 27, 2016, and the second was on March 24, 2017, in the Naenara online magazine.
The reports say it was developed by a team at Kim Il Sung University.
The Naenara report mentions that the North Korean system is based on BB84, which was the first quantum key distribution protocol. It was originally developed by researchers at IBM and the Université de Montreal in 1984. And it mentions the error rate of the North Korean system is 3.5 percent against what it said was an international allowable error rate of 10 percent.
That all points to a working system in the lab, but putting it into real world use is very different and more complicated.
Crucially, the articles fail to mention over what distance the system is working, and distance is a major hurdle in current quantum key distribution systems.
As the entire system is based on photons traveling untouched from transmitter to receiver, engineers are restricted from using optical switches, routers and amplifiers. To do so would make it appear as if the key has been intercepted.
As a result, the maximum usable distance for such a system is restricted to the distance light can be reliably transmitted along an optical fiber without any help.
Although scientists have achieved up to 400 km in experiments, today’s best commercial systems operate within metro areas and not much further. A service offered by SK Telecom in South Korea, for example, can be used up to about 80 km. After that, it gets more and more difficult without using amplifiers.
Assuming the North Korean system can match SK Telecom’s performance—and there is no indication that it can—it would work from Pyongyang to places like Nampo. But it seems improbable that it can be used on a link between Pyongyang and key missile launching sites such as Wonsan, Tonghae or Sohae. This means the system is still not capable of completely securing a line from Kim Jong Un’s desk in Pyongyang to military units at launch sites.
This map shows Pyongyang with 50 km, 100 km and 150 km distance rings.
North Korea has had experience building fiber optic communications networks for years. The United Nations Development Programme (UNDP) funded a nationwide fiber-optic telecommunications network in the late 1990s and as part of that, the Pyongyang Optical Fiber Cable Factory was constructed. Therefore, producing the various parts of the fiber optic system shouldn’t be a problem.
There could be few reasons that North Korean scientists are developing a quantum key distribution system other than for its military uses.
In developed economies, the systems are being eyed by banks, major corporations and the government to ward off hackers. But North Korea’s tiny commercial sector doesn’t have the same attraction or warrant the same security measures.
Military command and communications systems are a totally different matter.
Radio communications can be surveilled by sensitive antennas at the border or on drones flying high above the country while wired communications are vulnerable to hacking and eavesdropping by spies.
A January 2015 report in the New York Times said agents from the US National Security Agency had managed “extensive penetration” of North Korean computer networks since before the Sony hack of December 2014, and a more recent New York Times report said North Korean missiles were failing in part due to US-led cyber attacks.
Whether those reports are true or not, they could have been enough to push Kim Jong Un to direct development of more secure fixed-line communications. For instance, the first New York Times report ran in January 2015 and reports of North Korea working to develop a quantum key distribution system first appeared in February 2016.
The most recent Naenara report might be on an updated version of the same system. There is no explanation for why the site decided to highlight news that had been previously reported a year earlier, except the article is accompanied by an image that apparently shows a quantum key distribution system transmitter and receiver.
The resolution makes it difficult to conclusively make out the names of the machines—either Ryongnam or Heungnam—but it is clear that they are labeled as second generation models.
If North Korea can get such a system up and running in the real world—and that appears to be only a matter of time—it would strengthen employment of encryption on governmental and military communications circuits, which would hinder eavesdropping. It could also make it more difficult for hackers to remotely compromise North Korean systems.
Quantum key encryption wouldn’t make hacking impossible, but it would place more reliance on spies who are able to supply details on North Korean communications and control systems. It might also hamper the ability of foreign intelligence agencies to monitor and affect North Korean systems in real time.