Today, we are on the edge of a quantum revolution. The advent of quantum computers in the coming years will give mankind access to unparalleled processing power with all the advantages that this brings. However, this tremendous opportunity comes with a corresponding threat. The very same power of the quantum computer will render much of today’s cybersecurity useless. The aim of this short piece is to answer the questions: how can we address this threat and achieve quantum-safe security; and how can Quantum Key Distribution (QKD) help?
Quantum cryptography is a technology that relies on quantum physics to secure the distribution of symmetric encryption keys. A more accurate name for it is quantum key distribution (QKD). It works by sending photons, which are “quantum particles” of light, across optical links. Today, these links are based on optical fibers, with a corresponding distance limitation caused by loss. Work is also underway to leverage trusted quantum satellites to enable end-to-end global coverage.
The principles of quantum physics stipulate that observation of a quantum state causes perturbation. The various QKD protocols are designed to ensure that any attempt by an eavesdropper to observe the transmitted photons will indeed perturb the transmission. This perturbation will lead to transmission errors, which can be detected by the legitimate users. This is used to verify the security of the distributed keys.
QKD implementation therefore requires interactions between the legitimate users. These interactions need to be authenticated. This can be achieved through various cryptographic means.
The end-result is that QKD can utilize an authenticated communication channel and transform it into a confidential communication channel.
Note that, in classical information theory, a provably secure (also known as Information Theoretically Secure or ITS) authenticated channel only requires a short secret key, regardless of the amount of data, while a provably secure confidential channel requires a secret key that is as long as the transmitted data. QKD, which precisely provides a provably secure confidential channel with a short initial secret key, is therefore a first example of a quantum advantage, which cannot be achieved classically.
In order to achieve ITS, QKD should be combined with One-Time Pad (OTP) encryption. However, an OTP requires keys, which are as long as the data to be encrypted and can be used only once.
This would impose strong limitations on the available bandwidth because the key distribution rate of QKD is typically 1’000 to 10’000 times slower than conventional optical communications.
Therefore, in practical implementations, QKD is often combined with conventional symmetric encryption, such as AES, and used to frequently refresh short encryption keys. This is sufficient to provide quantum-safe security.
Our cybersecurity infrastructure requires two different functions: authentication and confidentiality. Authentication allows distant users to trust their counterpart and validate the content of their exchanges. It is mostly implemented by public-key signature schemes. Confidentiality is required for any exchange of private information. It is often performed in a two-step process. First the users have to exchange a common secret key. This relies on another public-key protocol, the key exchange mechanism. The secret key is then used in a symmetric key encryption scheme. Both functions therefore depend on similar cryptographic techniques, known as asymmetric or public-key cryptography.
Cybersecurity is much more than the underlying cryptography. Current hacks and security failures do not come from weak cryptography, but rather from faulty implementation, social engineering etc. Today, we trust the cryptography, and fight to get the implementation right. Unfortunately, this is about to change. The point of cryptographic vulnerability today is public-key cryptography, based on algorithms such as RSA or Elliptic Curve, which are used both to authenticate data and to securely exchange data encryption keys.
The very processing power of the quantum computer can solve the mathematical problems underlying these algorithms exponentially faster than classical computers and break public-key cryptography. The advent of a quantum computer powerful enough to process the current public keys algorithms will destroy our cybersecurity infrastructure.
This is often referred to as the Y2Q (Year to Quantum) by reference to the famous Y2K bug. Today, Y2Q is widely expected within a short decade. Unfortunately, even before Y2Q, the currently used public-key cryptosystems are not appropriate to secure data that require long-term confidentiality. Malicious actors can use the “hack now, decrypt later” attack vector, record encrypted data now and wait until a quantum computer is available to decrypt it, by attacking the public keys. Considering the shelf life of critical data in most industries, the quantum computer already poses a very real threat now.
This attack clearly demonstrates that we need quantum-safe cryptography today.
Read more about the cybersecurity implications of Quantum Computing.
The greatest threat is to public cryptography (or asymmetric algorithms) used for digital signatures and key exchange. There are already quantum algorithms, such as the famous Shor algorithm, which can break RSA and Elliptic Curve algorithms, once a universal quantum computer is available.
Another famous quantum algorithm, the Grover algorithm, attacks symmetric cryptography. Fortunately, Grover can be countered by a simple expansion of the key size. For example, AES symmetric encryption scheme with 256-bit keys is considered as quantum-safe.
Countering the quantum computer threat will rely on two pillars. One is the development of new classical algorithms, which should resist the quantum computer. These are known as Post-Quantum or Quantum-Resistant algorithms.
We already encountered the example of AES above for encryption. We can also mention some signature schemes (LMS and XMSS), based on so-called hash functions. Many other algorithms, for both signature and key exchange are being developed in the framework of the NIST process. In July 2022, NIST announced the first set of algorithms that will form the final standards for post-quantum cryptography. Much work is still needed to transform the choice of algorithms into practical implementations, including the choice of all suitable parameters for various security levels.
These aspects are still in development, but implementable standards should be available by 2024.However, the increased scrutiny on these new algorithms has resulted in a flurry of new results in their cryptoanalysis. Most have seen their security level weakened, requiring for example longer keys. Some have even been entirely broken. Therefore, data requiring long-term confidentiality may require a different approach.
The second pillar, which is available today, is Quantum Key Distribution (QKD), which provide quantum-safe key exchange, based on very different principles. QKD, which does not depend on computational security, could provide the long-term confidentiality required by many applications.
Most QKD solutions currently consist of key distribution appliances combined with link encryptors. The QKD appliances distribute the secret keys to the link encryptors. These keys are mixed with the original keys provided by the link encryptor through public key cryptography. The link encryptors use the keys to encrypt large amounts of data, typically up to 100 Gb/s thus offering quantum-safe security added to the existing infrastructure.
In the simplest case, two QKD appliances are connected through an optical fiber and continuously distribute key material, which they store at each end-point, until it is requested by the encryptors.
These solutions work up to an optical attenuation in the fiber of 24 to 30 dB, which corresponds to a range of about 120km, depending on the quality of the optical network. Subsequently, these systems are typically deployed in Local Area Networks or Metropolitan Area Networks, such as corporate campuses or datacentre interconnects.
These applications have been extended to much longer distances, through the use of so-called Trusted Nodes. These trusted Nodes perform key hopping, whereby keys are generated at a starting node and transferred securely from node to node until the end node.
Instead of relying on the security of the whole transmission channel, security has to be provided at each node only. Using a similar technology, it is also possible to build various types of QKD networks, such as ring networks and star networks.
This requires more complex Key Management Schemes, which distribute the keys from and to any node in the network. For global reach, the Trusted Nodes can be implemented in satellites, with free-space QKD.
Thanks to the rapid development of QKD solutions, many encryptor manufacturers now offer “quantum enabled” devices, which accept keys from QKD appliances. These encryptors are compatible with Ethernet and Fiber Channel with link bandwidth up to 10Gbps and aggregated bandwidth up to 100Gbps.
In addition, a standard QKD interface has been developed by the ETSI (European Telecommunication Standards Institute). This will facilitate the introduction of QKD for OTN vendors.
IDQ has deployed QKD systems commercially since 2007. One of the first QKD implementations was to secure elections in Geneva in 2007, and this installation has been working reliably since its installation.
Since then, IDQ has deployed QKD networks and testbeds on all continents to secure data for banks and financial institutions, governments, communications networks, critical infrastructure, and medical organizations.
Access our use cases in the Quantum-Safe Security resources.
Quantum cryptography, or more correctly QKD, is now a well-established commercial solution. Between 2021 and 2022, IDQ has released its 4th generation QKD solutions: the XG Series, made for commercial deployments, and the XGR Series, made for academia, research institutes, and innovation labs. Both Series include a Cerberis product, with a standard key transmission rate and for medium range interconnection, and a Clavis product, with a high key transmission rate and for extended range interconnection. This represents the first comprehensive range of Quantum Key Distribution solutions.
Standardization work on QKD is also taking place at an increasing pace. In addition to the ETSI mentioned above, the ITU, ISO and IEEE organizations have made good progress on quantum communication and QKD. Industry is getting organized for full-scale deployment of this technology.
Originally, QKD was used in a simple point-to-point configuration, which restricts use cases and market adoption. Today, we are not limited anymore: ID Quantique’s technology enables multiple QKD links to be combined into a single QKD Network. This network can be managed with standard communication network technologies, such as Software Defined Networking (SDN).
On top of the QKD point-to-point links, the Key Management System (KMS) layer’s role is to provide QKD keys to Secure Application Entities (Key Provider). Its second important role is that it allows to extend below point-to-point configuration. The KMS acts as the glue of the QKD network and ensures long-distance reach of the QKD keys through the QKD network.
However, the KMS can’t configure itself. An additional layer is needed: the QKD Network Management layer using IDQ’s Quantum Management System (QMS). The QMS configures and manages KMSs and QKDs on a graphical user interface. It helps you to always keep a comprehensive understanding of your QKD network operation, even in the most complex cases.
The tool offers an intuitive logical or geographical topology network view to facilitate configuration changes, as well as a monitoring dashboard to help you ensure the network remains healthy.
The QMS enable user autonomy with minimal training, helping you reduce the time and effort managing complex networks.
Users located at any node of the network can ask it to build end-to-end secure keys. This can be the basis of new QKD-as-a-Service and Security-as-a-Service offerings, where a user without owning the system can request keys from different location in the network.
Today, QKD implementations are seamless and easy to manage. QKD is a highly reliable technology that can be simply added on top of your existing infrastructure, acting as an upgrade with the additional benefit of end-to-end secure key distribution and postquantum secure data communication. In addition, it is easy to integrate with most encryption vendors.
IDQ’s QKD solutions are turnkey, user-friendly, interoperable, compatible with existing infrastructure and encryption.
Generally speaking, there are two conditions for a system to be secure:
The security of QKD is based on the laws of quantum physics and can be rigorously proven.
This having been said, it is then important to make sure that the practical embodiment of a QKD system also fulfils the second criterion and does not have any implementation flaws.
IDQ actively participates in quantum hacking projects with well-respected academic partners, with the goal of understanding quantum-specific side channel attacks and of improving implementation security of QKD devices.
All the announcements about QKD having been hacked actually dealt with implementation flaws. These flaws are important but are inherent to any technological system.
Moreover, such quantum hacking projects use open QKD systems, designed for R&D research. The quantum hacks which have been discovered to date are not viable attacks on commercial QKD systems with anti-tamper proofing and other standard security features.
In summary, the security of QKD is based on sound principles and, if properly implemented, it guarantees absolute security for key distribution.
Quantum Technologies are creating a world of opportunities across almost every aspect of modern life. IDQ helps you build a trusted future by preparing your organization now. Data security is a never-ending marathon.
Adding quantum gives you a step ahead in this race. Getting prepared must be considered as a journey where every step completed adds a layer of trust and preparedness.
Join us to create a stronger cybersecurity ecosystem: contact us today.