In a recent interview with ITU News, ID Quantique’s Matthieu Legré explains the reasons why ITU standardisation work on security aspects of quantum technologies is accelerating.
During the interview, Matthieu explains why quantum computing is a threat to security, explains why protective action must be taken now and elaborates on the importance of ITU standardisation work and how it will evolve over the coming years.
Seven companies and two universities have become ITU members to influence the development of ITU standards on security aspects of quantum technologies.
These new ITU members are preparing for the impending arrival of quantum computing – new computing architectures based on the properties of quantum physics. Quantum technologies will be capable of solving problems beyond the reach of classical computers. And although these technologies are certain to bolster security defences, experts warn that they will also bring greater strength to attacks.
ITU News spoke with Matthieu Legré, who is in charge of standardisation for quantum technologies at ID Quantique – the first quantum-specialised company to join ITU – to learn more about the importance of accelerating ITU standardisation work in this arena, particularly in relation to security.
Why does quantum computing pose such a threat to security?
The advent of a universal quantum computer – which performs selected complicated computations in exponentially less steps than a classical computer – will fundamentally change the cryptographic paradigms on which today’s cryptography is based.
Quantum algorithms – such as Shor’s algorithm and Grover’s algorithm – attack the foundations of today’s cryptography. Quantum algorithms already exist and are just waiting for the arrival of a universal quantum computer powerful enough to run them, an arrival commonly predicted by quantum computing specialists to be within the next 10 years or so.
ITU standardisation work in this arena is accelerating fast, supported by a range of new members. Could you explain the urgency?
The threat posed by future quantum computers also affects today’s data – the ‘download now, decrypt later’ attack vector means that (encrypted) sensitive data can be downloaded today and analysed offline when a quantum computer appears. This means that quantum-safe solutions need to be considered today for their integration into network solutions being deployed or about to be deployed.
5G and IoT [Internet of Things] networks are good examples of new types of networks facing the quantum computing threat. Quantum technologies as Quantum Key Distribution (QKD) or Quantum Random Number Generator (QRNG) have proven themselves quantum-safe and their level of technology readiness is high enough for large-scale deployment. However, the use of these quantum technologies within 5G or IoT networks will not be possible without standards supporting the proper implementation of quantum devices and their interoperability with other network systems and components.
Standardisation is relatively new to the quantum technology community, both in industry and academia. We did not fully anticipate the need for standards to support large-scale deployment of technologies such as QKD or QRNG. Having now recognized this need, we have fast built an ecosystem of quantum specialists within ITU and we are learning ITU’s procedures as we work together to draft a first set of ITU standards on quantum-safe security. These initial standardisation activities benefit from the guidance of experts including Dong-Hi Sim [Q4/17 Associate Rapporteur] from SK Telecom, ID Quantique’s key partner for quantum technology deployment.
What are the specifics of this work? Please tell us more about the motivations behind some of the draft ITU standards under development.
QRNG technology generates random numbers that can be used for cryptographic tasks such as the creation of a new key. QKD enables the exchange of secret symmetric keys between two remote nodes. These keys can be used for encryption or authentication in data networks.
Cryptography relies on sequences of random numbers. But the unpredictability of a bit sequence generated with classical physics cannot be proven. Quantum physics, on the other hand, is random by essence. Numbers generated by QRNG cannot be predicted – QRNG is provably unpredictable. Concerning QRNG standardisation, our intent is quite simple – we aim to define a general model for a quantum entropy source. We want to make a clear distinction between entropy sources based on classical physics and ones based on quantum physics. If we know the quantum entropy source perfectly, we can prove the unpredictability of its output.
Our forecasted standardisation activities on QKD technologies are much broader. We are contributing to draft ITU standards for QKD networks – networks of QKD devices and an overlay network – to enable the integration of QKD technology in most existing data networks.
ITU first launched the development of a Technical Report describing the security framework for QKD networks, a document which will include a description of QKD systems and QKD networks as well as a ‘gap analysis’ of related standards efforts in ETSI and ITU. ITU has since launched the development of a family of ITU standards on the security of QKD networks, the first to provide an overview of security requirements for QKD networks; the second to focus on the security requirements of key management, a specific function of QKD networks; and the third to make recommendations on the use of cryptographic functions on a key provided by a QKD network.
How will the resultant standards benefit industry? What would be your definition of success?
If approved, the QRNG standard will give the ICT industry and potentially also OTTs a random number generator with proven unpredictability. Success for this standard would be its adoption by most or all QRNG vendors as well as some national security agencies. An even greater success would be that the standard helps QRNG to become a recommended technology for IoT networks.
The QKD standards under development will provide security recommendations for QKD networks, helping us to achieve well-defined levels of security with a broad ensemble of requirements to be met by QKD network implementations. A key metric of success will be greater trust in quantum technologies. Standards will play a central role in building this trust, as the agreement of standards is a sign of the maturity of a technology and its supporting ecosystem.
Once the main QKD vendors have agreed a common set of best practices for QKD network implementations, the next step for standardisation would be the development of recommendations providing for the interoperability of equipment produced by different vendors. Interoperability will be fundamental to the successful integration of quantum technologies in large-scale networks like 5G. Achieving this interoperability will demand an ecosystem of quantum specialists collaborating in the interests of the growth and sustainability of the QKD market. This ecosystem is under construction in ITU.
How might we see this ecosystem evolve? Have you started thinking about potential future standards projects?
We are working to increase the total of quantum-specialised ITU members to around 15. In our opinion, success in ITU standardisation for quantum technologies will be determined by three main factors. ITU’s ecosystem of quantum specialists will need to grow to the critical mass required to ensure the credibility of ITU standards for quantum communications. The players in this ecosystem will need to collaborate with the efficiency necessary to deliver high-quality ITU standards. And, following a foundational phase of around two years, we will need to establish a framework for this ecosystem to deliver one or two new ITU standards each year.
View the original article here.
Stay one step ahead
Subscribe to our newsletters to receive breaking news, educational materials and product updates.