Seeing things like this happen makes me sad about the security industry:
Massive Quantum Network Unveiled
I could devote an entire blog just to debunking Quantum Cryptography. Back in 2005 I worked with a team to evaluate if Quantum Cryptography was a technology that was worth investing in. My recommendation was a resounding no. Since then I have to say that my answer hasn't changed.
First some background. To get a general understanding of Quantum crypto, you need to know that it works on the idea of probability. If Bob sends a message to Alice she will only be able to receive 50% of that message. If Mallory is sitting in the middle and intercepts the message, he also only gets 50% of the message, but due to the fact that Bob is sending photons instead of 1's and 0's Mallory can not resend the entire message to Alice. So the best Mallory can do is send 50% of the message on, and then fill in the other 50% with random gibberish. This means that Alice will only be able to get around 25% of the actual message from Bob, (50% of 50%). If Alice sees her error rate go up, she knows that someone is tapping the line. How does this work? Magic. Honestly, it really doesn't matter due to all the problems with the fundamentals of Quantum Crypto.
First, let's assume that this link is totally unbreakable. That's not true....
Laser cracks 'unbreakable' quantum communications
But still, I'm not ready to argue quantum mechanics with a physics major so I'll give them that. The problem is that quantum crypto also relies on an out of band channel that at best uses traditional crypto to communicate which bits were received on the quantum channel. That channel is still subject to normal attacks. In fact, since the companies making quantum crypto devices are so focused on the "Gee Whiz we're using photons", they have been badly neglecting this side channel, making their implementations much weaker than traditional VPNs
Quantum Cryptography: Researchers Break 'Unbreakable' Crypto
That being said, even if Quantum Crypto was "unbreakable" the costs of it are huge. The boxes themselves are not the problem, but running dedicated fiber lines between the different sites is horribly expensive. A much cheaper solution would be to hire a trusted person to take a stack of Cd's, (or heck spluge on BlueRay), filled with AES keys to the different sites, and just cycle through a new key a minute. I guess what I'm trying to say is traditional crypto has been banged away at for a long time by some really smart people and been found to be secure if used correctly, (admittedly a big if). Quantum crypto has not. Just because it sounds like magic does not mean you should trust it.
As a side note, it annoys me when people say that Quantum Crypto was developed as a response to Quantum Computers. A marketing response yes, but it is not a technology response. Quantum Computers have the potential to break certain algorithms like RSA faster than traditional computers. People realized that, and as Quantum Computers become more mature, you might not want to rely on RSA. Algorithms like AES on the other hand are no more vulnerable to Quantum computing than traditional computing. Quantum Computers, while nice for certain tasks, will not be a win button for crypto breaking.
Friday Squid Blogging: Build a Squid
2 hours ago