Debunking Myths about Quantum Cryptography

Written by

Quantum computing has long captured the imagination of the technology industry, and last year’s news of Google reaching a “quantum supremacy” milestone planted a real stake in the ground.

It’s clear that quantum computing will vastly change what we can do with computers. It will bring unprecedented speed and capabilities that will lead to fast scientific and medical advances, better diagnosis of illness, faster production of drugs and improved modelling of climate change forecasts, among many other things that will greatly impact society. It also will break the encryption we use to protect data and computer systems today. Given how much data is stolen from U.S. industry and government, this is a huge problem. 
 
While the cybersecurity industry understands the implications of quantum computing on security, less is known about how to protect against the quantum threat to data security. NIST is leading efforts to create algorithms strong enough to protect against quantum attacks, but this is several years away and updating current mathematical algorithms will extend protections only for a limited time, until advances in quantum computers make it easy to crack.

Quantum cryptography solves this problem by exploiting the properties of quantum mechanics to securely transmit cryptographic keys using laser-generated photons of light. The best known example of quantum cryptography is Quantum Key Distribution (QKD). Because QKD is rooted in the laws of physics, not mathematical computations like traditional encryption, the system is theoretically unbreakable. 
 
Despite its promise for ultra-secure transmissions of sensitive information, there are a number of misconceptions about QKD. Given that QKD offers protection today for the quantum threats that are around the corner, addressing the myths of QKD is essential for ensuring that our encrypted data stays secret and out of the hands of hackers and foreign governments.
 
Myth #1: It only works for short distances  
Historically, the use of QKD has been very limited due to the limitations of current networking infrastructure. Fiber optic cables can only carry photons a short distance, about 100 km or 62 miles, before the photons break down. This isn’t useful for most companies today, which have offices, partners and suppliers located across the globe. New technologies have eliminated those distance limitations: The University of Geneva and Corning Inc. collaborated to develop a system that can carry a photon more than 300 km or 186 miles.
 
Myth #2: It will slow down data transfer
In the past there were concerns that the quantum cryptographic process would increase the latency associated with data transmission, something that would be a deal breaker for industries such as financial services where trades are done in milliseconds. Yet quantum key distribution solves this problem by separating the encryption keys from the message content: it creates two separate data flows and uses a single key to decode many messages, which means it has no effect whatsoever on the speed of the data transfer. In fact, Toshiba and the University of Cambridge have demonstrated the ability to exchange secure keys at 1 Mbit per second over 20 km of optical fiber.
 
Myth #3: The quantum threat is far off 
Until recently, quantum computing was considered a threat that was on the distant horizon because of the challenges in developing such an advanced technology. Even though it’s clear that once it comes it will instantly render current encryption obsolete, there hasn’t been the urgency because everyone is waiting for quantum computing to be deployed before they worry about the crypto threat it poses.

However, China is stealing and stockpiling sensitive data from U.S. databases, compromising data like intelligence officer contact information and employment records from the Office of Personnel Management and Lockheed Martin’s F-35 development plans. Even if the data is encrypted, the minute China has quantum computing capable of cracking the encryption all the secrets will be spilled.

Recent announcements show that we are nearer to quantum computing than we previously thought. Google announced it had built a quantum computer last year that could shave 10,000 years off the computational time of the fastest classical computers, and Amazon soon followed with an announcement of its own. Given how heated the race to develop Quantum Computing is; the estimate of 5-10 years is looking increasingly conservative.  
 
Myth #4: It’s theoretical
QKD isn’t science fiction; it’s here today and already being deployed, with projects in China, Canada, Austria, South Korea, the UK, Switzerland and the U.S. China likely leads the way in QKD development, with a number of projects. This includes a QKD system developed by Peking University and Beijing University of Posts and Telecommunications - and the world’s first space-ground quantum network that is expected to send transmissions using up to 10 satellites for global coverage by 2030.

In Europe, the Institute for Quantum Optics and Quantum Information in Vienna developed a quantum channel that enabled the first intercontinental quantum video call. QKD has been securing elections in Switzerland for a decade, protecting voting data sent between the central ballot-counting station in downtown Geneva and government data centers in the suburbs.
 
Myth #5: Fiber is hard to come by and too expensive
Fiber optics is a critical component for 5G infrastructure and is readily available and affordable. It’s being deployed at record levels with more than 400,000 fiber routes deployed in the last year alone, according to the Fiber Broadband Association.

In addition to that, cities are sitting on top of tons of unused fiber optic cable — called “dark fiber” — that was laid underground during the rush to build out the internet in the late 1990s and early 2000s. Costs to light it are a fraction of what they were then with little to no labor costs because it’s already in the ground.

Also, there are technologies, such as Phio TX, that support QKD without the need for dedicated fiber. QKD requires a fiber link between two QKD boxes to generate the unique photon-based keys but they can be sitting right next to each other. Once the key is generated it can be transmitted over any transport (WAN, fiber, copper, wireless, free-space optical) to its destination.
 
Conclusion
When it comes to ensuring data security in the quantum era, an ounce of prevention is worth a pound of cure -- and notwithstanding the above misconceptions, QKD is a more affordable and practical solution than ever before. Ultimately, our data security, intellectual property and even our national security depends on debunking these persistent myths for good.

What’s Hot on Infosecurity Magazine?