Quantum-Safe Communication Migration Webinar Replay and Q&A Session

In November 2023, Dr Bruno Huttner delivered a presentation entitled Developing Your Quantum-Safe Communication Migration Expertise. In the presentation, Dr Huttner started by putting some context behind quantum computers and the threat posed by the advent of the Qubit, via the principles of coherent superposition, interference, and entanglement.

Having identified the problem, Dr Huttner went on to describe the state of the art of quantum safe cryptography, including the five basic tools available to help protect IT and communications infrastructure from quantum threats:

Key generation using quantum random numbers.
Quantum key distribution for secure key exchange.
Symmetric key cryptography
Hash-based functions for authentication
Post-quantum algorithms

Historically, there has been some dispute between mathematics and physics in terms of the best way to provide long-term data security. Today, we acknowledge that the best solution will involve elements of both.

Following an overview of the toolset, Dr Huttner dives deeper into the principles of Quantum Key Distribution and introduces attendees to the XG Series, IDQ’s fourth generation of QKD systems.

Following the presentation, the floor was open to questions. For those that couldn’t attend the live session, here is a summary of the Q&A.

Do QKD systems usually also handle the key generation, or is there a different device for that?

While the processes of key generation and distribution are different, they can be combined into a single solution. IDQ’s QKD systems, for example, integrate a quantum random number generation chip as a source of entropy for generating truly random encryption keys and to provide randomness for all related crypto functions.

Can quantum key distribution get corrupted?

No, keys cannot be corrupted during distribution. The security of QKD is based on the fundamental laws of quantum physics, which can be rigorously proven. If implemented properly, QKD guarantees absolute security for key distribution. Of course, keys could become corrupted at a later stage; during storage for example. However, quantum networks, which would keep the keys in a quantum state, would maintain security until the keys had been used.

Is QKD resistant to attacks from quantum computers?

Yes. By its very nature, QKD will be resistant over time to quantum computing attacks.

Are there computers currently operational that can carry out attacks or decryption of encrypted banking telecommunications for example?

The best way to put it is “not yet”. There are currently no known quantum computers that are powerful enough to crack existing cryptography. However, we know it will happen eventually: it’s just a matter of time. We also know that malicious actors are probably already harvesting today’s encrypted data to decrypt it once a cryptographically relevant quantum computer becomes available. So, the threat to current transactions is very real.

Could you elaborate on when it’s better to use Math or Quantum for Authentication?

Authentication is best done with math for the moment as QKD does not technically solve the authentication problem. Another alternative is Physically Unclonable Functions or PUF. These little chips are like a kind of unclonable tag that you put in your PC for example. This chip can then be used to authenticate any data coming from the PC. There have been proposals to use quantum for authentication, but this is still a work in progress.

When you say the security of PQC is “believed” does that mean the complexity involved in breaking it is just conjecture? If this is the case, how do we quantify the difficulty of breaking RSA versus some PQC algorithm? Is there a mathematical metric to do that?

Indeed, there is no proof that any PQC algorithm is secure, either from a classical computer or a quantum computer. In computer science, complexity theory is attempting to group problems into classes, which will provide a possible metric.

If successful, you will be able to determine if one problem is harder or easier than another problem, but there are few absolutes. RSA can be broken by a quantum computer using Shor’s algorithm. PQC algorithms are resilient against Shor, but that doesn’t mean there aren’t other algorithms out there that could break them.

Is there any standardization for QKD implementation, or quantum resistant crypto?

For PQC, standardization is well advanced. We should see the first published standards coming out of NIST early next year. For QKD, there is no final standardization yet. However, we are working on it. ETSI, for example, has been making significant progress in this area.

Given that the quantum channel is not a regular network connection what are the physical requirements to establish one to connect two data centers?

A quantum channel isn’t that complicated. It could be a free-space optical link or a standard single-mode optical fiber, but it should not have any active component or transceiver. It has some limitation in distance though. Today, with commercial systems, you can’t go much farther than 100 km (in academia, they can go up to 300-400 km). Apart from this, any standard optical link can be used. In addition, you need a discussion channel between Alice and Bob, which is not confidential, but must be authenticated.

Are QKD networks in different countries compatible with one another?

Ultimately, yes. Look at the EuroQCI, for example. It starts as a series of national networks, built by individual nations, then they become connected to form the EuroQCI. A lot of individual countries within Europe are building their own QKD networks currently. When the EuroQCI is formed you will need a single management system, but each national network could still have its own type of QKD.

Is there any way to address the distance limitations of QKD devices?

Yes, there are three alternatives. The first is to build a QKD network that distributes end-to-end secret keys (under the assumption that intermediate nodes, known as trusted nodes, are secure). The second is to go to space. If you use satellites and exchange keys through space the loss is significantly less than with fiber, so you can achieve much greater distances. With satellites, it will be possible to have worldwide key exchanges.

The final option would be to use quantum repeaters, which are a way to transfer qubits from one point to another endlessly. We don’t have them yet, but the technology involved is very similar to that required for a functioning quantum computer. The hope is that whilst developing the right tools for quantum computers we will get the quantum repeater “free or charge”.

What are your thoughts on QKD in space versus terrestrial solutions?

QKD in space is a great way of overcoming the current physical limitations of terrestrial solutions. The key distribution takes place between orbiting satellites and ground stations, with significantly less signal degradation through free space that over fiber. There are several projects in advanced stages of development that IDQ is participating in, including the Eagle 1 project in Europe.

Although QKD in space provides long-distance key exchange it will likely come with key rate restrictions. Terrestrial solutions, while limited in terms of distance, will provide many more keys. It’s likely that solutions will feature elements of both. The EuroQCI is one example.

Does blockchain have a role in QKD networks?

Not currently. Though if you want to build a quantum-safe blockchain (one that will not be destroyed by a quantum computer), you might use QKD. One solution we have proposed – the Quantum Vault – could be used to secure private keys used in the blockchain.

About the presenter

Dr. Bruno Huttner is the Director of Strategic Quantum Initiatives, and a Quantum Key Distribution Expert at ID Quantique. He is also the co-chair of the Quantum-Safe Security Working Group organized by the Cloud Security Alliance.

Bruno is an engineer (Ecole Centrale Paris), a physicist (PhD from the Technion, Israel Institute of Technology), and undoubtedly one of the pioneers of quantum information science.

You can contact Bruno directly: bruno.huttner@idquantique.com

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
datatranscw-woocommerce-context-id	session	Description is currently not available.
datatranscw-woocommerce-context-key	session	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.
wp11868	1 year	Marketing automation. Automatically sets cookie tracking when visitors engage through form submissions, clickthrough’s in email messages, and web pages containing the Act-On Beacon Tracker.

Quantum-Safe Communication Migration Webinar Replay and Q&A Session

Stay one step ahead