Why it’s time to implement a quantum safe network

Why it’s time to implement a quantum safe network

This article was originally posted on the Forbes website on 14/09/23

Like AI, quantum computing has been met with mixed feelings.

A quantum computer’s ability to exponentially speed up certain tasks and to solve problems that are mathematically challenging for classical computers means it could revolutionize the fields of materials science, pharmaceutical research, investment, supply chain management and even machine learning that rely upon calculation and simulation.

This computational power does, however, pose a fundamental threat to the public key infrastructure the world relies on for cybersecurity. Cracking the cryptographic systems in place today is difficult because the math is hard—problems that can be solved by a quantum computer in a matter of hours, minutes or seconds would take the most powerful of today’s classical computers hundreds, if not thousands, of years.

Act today to secure the future

Conventional wisdom states we are in the quantum decade . By the end of the 2020s, there will be commercially viable quantum computing resources widely available.

Much of the data that traverses today’s public and private network infrastructure is sensitive in nature—private citizen data, national security, financial records, healthcare data, intellectual property. This exposes it to “harvest now, decrypt later ” attacks. To secure today’s infrastructure for tomorrow, there are two separate—but complementary—solutions available:

? Post-quantum cryptography (PQC) is the use of next-generation crypto algorithms that are believed to be resistant to quantum cyberattacks

? Quantum key distribution (QKD) is a secure platform that provides guaranteed forward secrecy of encryption keys

Together, they address the core cryptographic principles of confidentiality, integrity, authenticity, non-repudiation and key management.

Post quantum cryptography

In the U.S., the National Institute of Standards and Technology (NIST) has been working to develop the first set of standardized post-quantum algorithms since 2016. The first Federal Information Processing Standard (FIPS) for PQC is expected in 2024 .

Theoretically, the migration from classical to post-quantum algorithms should be simple. However, the reality will likely be somewhat different. Some existing cryptographic systems lack the agility required to "hot swap" algorithms or to add plug-and-play PQC, which may require wholesale replacement. Other incumbent systems may struggle with the computing power and data rates associated with PQC.

Despite these potential limitations, some solutions on the market offer hybrid encryption, a mix of classical Advanced Encryption Standard- and NIST-shortlisted algorithms.

There are still some security concerns over these new algorithms. Some of the candidate algorithms have been compromised using classical computing methods . The longer-term security of PQC is also yet to be proven. We only know that quantum-resilient technology today is not vulnerable to currently known quantum algorithms. As quantum technology evolves, alternative algorithms will emerge.

Quantum key distribution

QKD provides additional security to network infrastructure, independent of computational power. Importantly, it offers a future-proof solution. QKD leverages the fundamental principles of quantum mechanics to guarantee forward secrecy of encryption keys.

QKD is a much more mature technology than PQC, with players from all around the world, including my company, ID Quantique, in Switzerland, as well as QuantumCTek in China, Qubitekk in the U.S., Toshiba in Japan and many new start-ups financed by record 2022 investments .

QKD is not a standalone technology. As a key exchange mechanism, it still requires authentication and is used in conjunction with VPNs or encryptors to provide quantum-safe security across network infrastructure at rates of up to 100Gbps.

Originally used to secure point-to-point networks, scalable QKD infrastructure is now in development, with trusted nodes and key management systems being employed to extend the range and topology of secure networks.

Criticism of the technology has centered around its effective range, but developers have successfully extended the transmission distance of QKD to over 800 kilometers across optical fibers in recent years, and the use of QKD in free space (using low orbit satellite relays ) as well as a mesh network setup is eliminating geographical barriers.

The best of both worlds

The next generation of secure networks will likely need to feature both PQC and QKD. The public key infrastructure we rely on to secure the internet will transition to incorporate newly standardized PQC algorithms. At first, these will operate in a hybrid mode, alongside today’s ECC and RSA algorithms, until the classical security of PQC is proven.

Where long-term confidentiality, high-assurance security and high-density data are needed, local and regional QKD infrastructure could be used to ensure data protection. The security of any system is only as good as its weakest link. In a hybrid infrastructure—where QKD sits at the core of the network and PQC extends security to the edge—the attack surface should be significantly reduced.

This enhances the overall security of the network and enables the introduction of zero-trust architecture. For cloud and telecommunications service providers, this provides a point of differentiation that will appeal to customers seeking “secure by design” solutions.

An evolving ecosystem

Quantum technologies are undergoing rapid expansion. Alongside the evolution of PQC and QKD technologies, progress in quantum memory and quantum repeaters is creating the foundation for a quantum internet.

Scalability, agility and availability of secure key exchange are facilitated through specific key management systems. Software plays a critical role in maintaining tomorrow’s end-to-end, quantum-safe infrastructure. It enables the extension of QKD networks beyond simple point-to-point architecture and acts as the catalyst that ensures long-distance key distribution throughout complex network topologies. Used in combination with PQC, it maintains a coherent security ecosystem.

A major contributor to the adoption of QKD is its current progress in standardization. Industry players must continue working together to define the standardization and certification wireframes. Every new step brings greater trust in quantum technologies. Standards play a central role in building trust, as the agreement of standards is a sign of the maturity of a technology and its supporting ecosystem.

Before the end of the decade, we should see quantum computing, communications and networking working hand in hand with classical technologies to deliver next-generation security, confidentiality, authenticity and integrity of data. The technology is already being implemented around the world to secure key networks requiring long-term security. It’s time to act now to reach this point of safety.

Grégoire Ribordy, Co-founder and CEO, ID Quantique

Brian Lenahan

Founder & Chair, Quantum Strategy Institute; Author of Quantum Boost & Quantum Excellence, +10K Followers

1 年

要查看或添加评论,请登录

社区洞察

其他会员也浏览了