For data security experts, the threat that quantum computing poses to longstanding encryption methods is all too real. Most expect that within a few short years, public-key cryptosystems like RSA will be obsolete – done in by the unique problem-solving capabilities of quantum computers.
But in the vein of “fighting fire with fire,” quantum technology can also be used to strengthen data protection to create quantum-safe communications. However, the industry must move quickly to put these new technologies in place before the increasingly sophisticated digital underworld has a chance to fully leverage the quantum tools already available.
QKD on tap
While true quantum encryption may still be a few years away, applying the technology to the equally important task of key management is happening right now. While techniques like quantum key distribution (QKD) have been available for some time, it is only recently that several key obstacles have been overcome, says tech consultant David Shaw. For one thing, most early solutions required dedicated optical fiber and trusted repeater nodes to make up for a lack of range. This not only drove up costs but required the use of weak pulses to approximate single photon states, which actually introduced security vulnerabilities into the system.
Modern solutions have overcome the range issue and are compatible with existing telecom infrastructure. British Telecom, for instance, recently launched a 120km quantum link in the UK, using commercial solutions like ADVA’s FSP 3000 to place both the keys and the encrypted data on the same fiber. Meanwhile, chip-scale packages are starting to reduce costs and satellite nodes are being employed as bridges for large-scale terrestrial networks.
The next step in this evolution is the OPENQKD project backed by the European Commission. The goal is to accelerate the commercial adoption of QKD technology through an interoperable ecosystem of solutions developed by 38 vendors, academic institutions and others. ADVA’s role in the project is to provide advanced Layer 1 and Layer 2 encryption capabilities using the ConnectGuard™ platform. By enabling the optical and Ethernet encryptors, plus the open line systems for multiple testbeds, ADVA allows decryption keys to be distributed in quantum states, which not only affords greater protection, even from hackers using quantum attack methods, but increases the detection rate of successful hacks so network operators can be alerted more quickly to minimize the damage.
These and other projects are likely to propel the QKD market to nearly $1 trillion as early as 2024, according to Inside Quantum Technology, and this is before we even get into the longer-term need to encrypt actual quantum data. The priority for today’s networks, says IBM Research’s Michael Osborne, is to make sure current measures are “quantum secure” to protect ID, signature and encrypted data over an entire lifecycle. This will ensure that point-to-point connections are not vulnerable to “man-in-the-middle” attacks.
But what about the internet? Is it possible to create a quantum-safe communications infrastructure for the masses? Ben-Gurion University’s Shlomi Dolev thinks so, but it will take a combination of overlay security techniques, blockchain, advanced cryptography and others tools to make it practical and inexpensive. A key requirement will be the development of quantum-safe signatures, most likely building off of today’s Lamport one-time signature method and the multiple-key approach used in Merkle trees.
Quantum-safe communications marks the next evolution in data security, but it will take a coordinated effort between vendors, network providers, the enterprise and governmental regulatory authorities to see it through. This means not only deploying the technology onto commercial networks but actively monitoring and improving systems to ensure data is secure as it can be.
The digital underworld will never stop upping its game, so the worst thing we can do in a quantum-secure world is grow complacent.