If quantum is the answer, what is the question?
Quantum technologies are no longer the stuff of science fiction or restricted to theoretical applications in physics laboratories. In fact, quantum security solutions are becoming increasingly mainstream in their applications and could be the answer to many of today’s (and tomorrow’s) cybersecurity challenges.
The battle between cybercriminals and cybersecurity professionals rages on. The volume and variety of attacks launched every day means defenders are frequently playing a game of catch up; struggling to adapt to a rapidly evolving threat landscape.
The modern world has become almost entirely dependent upon high-speed data networks. As infrastructure continues to evolve, with 5G cellular technologies and 400Gbps Ethernet networks set to become the new normal, the need for data security, authenticity and integrity has never been greater.
If you were wondering what the future of network security looks like, how to secure data in a 5G world, how to guarantee the integrity of your data, or simply how to avoid security obsolescence in the quantum computing era, the answer is likely to lie in the use of quantum technologies.
The security of data, and the infrastructure across which it travels, is in no small part down to the use of cryptography. The security of these cryptographic systems is, in turn, determined by the encryption algorithms in place and the encryption keys they generate. Today, all high-speed encryption systems rely on symmetric cryptography, where users apply the same key to encrypt and later decrypt. These keys have to be random, unique and securely exchanged between the users. The stronger the keys, the stronger the encryption.
Encryption is not just about scrambling your data to make it indecipherable to unauthorised users. It’s also about ensuring the authenticity of the data you receive – making sure nobody has changed, or added to, your data while in transit. Quantum technologies have an important role to play in both of these areas – in both the generation and distribution of encryption keys.
Secure key exchange is one of the foundations of modern network security and will remain so in the next generation of ultra-fast cellular and wired networks. How do you know if someone has been trying to intercept your keys? How do you guarantee that the confidentiality of the keys remains for a long time? The answer lies in one of the principles of quantum mechanics – observation causes perturbation.
Quantum Key Distribution
Quantum key Distribution (QKD) is arguably the most mature of the quantum technologies in use today. First commercialized by IDQ in 2007, QKD has subsequently been deployed across a wide range of public and private network infrastructure, by organizations as diverse as financial institutions, cloud service providers, healthcare providers, critical national infrastructure, government and defence departments.
The greatest threat to cybersecurity today is linked to public key cryptography – the technology that secures the internet. Public key cryptography is used to exchange the symmetric keys, which will be applied in encryption and decryption. Unfortunately, current public key cryptography is threatened by the quantum computer. When you use public key cryptography to exchange new keys today, you take the risk that these keys will be known by an attacker, maybe not now, but definitely in a few years. With QKD, the act of eavesdropping (observation) disrupts the transmission (perturbation), which is easily detected by the recipient. Keys exchanged though QKD will remain secure, even in the quantum computing era.
In a digital world, users need to be able to trust the systems they rely upon – trust that the healthcare provider will keep their personal medical files secure, trust that nobody is listening in on their phone conversations, or trust that the data being provided by IoT sensors is accurate. Data is the lifeblood of the digital economy and quantum technologies are playing their part in ensuring its confidentiality and authenticity.
Quantum technologies are also great providers of randomness. While this may sound a bit far from reality, in fact random numbers are everywhere in our lives. Yes, they are used in the creation of encryption keys that secure the internet, but they also play a role in applications as diverse as statistical analysis, scenario planning, gaming, art and, of course, the national lottery.
Today, all good random number generators (RNG) are, well, random. The strings of bits, which come out of the generators, cannot be distinguished from a string of random bits. However, for some applications, and especially for cryptographic applications, this is not enough. To generate cryptographic random numbers, an RNG must not be vulnerable to prediction. For example, in the case of software RNG, also known as Pseudo RNG (for a good reason!) the string of bits depends on the value of a short seed. If you know the seed, you know the string, which will be generated. You would use this Pseudo RNG as a source of randomness at your own risk! Indeed, people have increasingly turned to physical RNG as a source of entropy (randomness).
Even physical sources of randomness can be predictable over time – at least in the case of classical physics. This is due to the fact that classical physics is deterministic at its core. If you want truly random numbers, which cannot be predicted in any way, you want a Quantum RNG (QRNG). Why? Because quantum physics is fundamentally indeterministic. Even if you know all the details about a system, you cannot predict the result of a measurement on this system. This is something that proved to be a constant source of frustration for some scientists, especially for Einstein, but which was demonstrated beyond any doubt by the fathers of quantum physics, Bohr, Heisenberg, and Schrodinger… When you are looking for a cryptographic RNG, quantum is the answer.