Why quantum cryptography is the future
We currently find ourselves in the midst of the second quantum revolution, a transformative era driven by a profound understanding of quantum mechanics. The development of a wide range of technologies fuelled by the principles of quantum physics has evolved from a vision into a reality. Given the unique differences between quantum and classical physics, quantum holds immense promise and will propel humanity towards uncharted technological advances.
However, as the market for quantum technologies develops, it is entering a "Quantum Hype" or bubble. With it, a crowded landscape of terminologies, technologies, and solutions becomes increasingly apparent, leading to some potential confusion, particularly within the quantum communications sector. Urgent measures are needed to provide clarification and empower individuals and organizations to make informed decisions, enabling them to choose wisely, select suitable partners, and fully embrace the transformative potential of quantum communications.
The potential and threats of Quantum Computing
Within this quantum revolution, three prominent pillars of quantum technology have emerged: quantum computing, quantum cryptography, and quantum sensing and metrology. Of particular significance are current efforts to refine quantum computers. These remarkable machines possess the capability to solve extraordinarily intricate problems at an exponential rate, far surpassing the capabilities of classical computers, and offering an unprecedented opportunity for new discoveries.
As the world strives to harness the potential of quantum computers and as with any form of new technology, it is crucial to be aware of the potential downsides. The implications of such levels of computational power pose a serious threat to our current cryptographic systems, and therefore, to the security of the most sensitive data in the world across a range of critical sectors.
Current cryptographic systems like Rivest–Shamir–Adleman (RSA) and Elliptic-curve cryptography (ECC) rely on the extreme difficulty of solving their mathematical equations using classical computers, which would take thousands of years to achieve. In 1994, Peter Shor developed Shor's Algorithm, which enables quantum computers to factor large integers much faster than any known classical computer algorithm. As a result, the emergence of powerful quantum computers poses a significant threat to the security of our existing cryptographic systems due to their speed in being able to solve mathematical calculations.
There are ways to build cryptographic systems capable of withstanding potential attacks from quantum computers. One method, particularly endorsed by the National Institute of Standards and Technology, is known as post-quantum cryptography (PQC). This alternative is sometimes referred to as "Quantum-Safe Cryptography" and it employs highly intricate mathematical techniques that theoretically present immense challenges for even a sufficiently developed quantum computer to solve. While the mathematics-based approach of PQC offers significant practicality and interoperability benefits, it raises an important consideration: its security relies on the absence of a known decryption method. Therefore, since the method is founded on mathematics rather than quantum mechanics, the possibility of decryption cannot be entirely ruled out.
Quantum Cryptography to secure against Quantum Attacks
An alternative cryptographic approach grounded in the principles of quantum physics has garnered substantial interest and gained notable attention from governments, defence organisations, financial institutions, and various entities worldwide in recent years. Quantum cryptography or quantum key distribution (QKD) is a cryptographic method that establishes a symmetric key generation protocol based on the fundamental laws of quantum mechanics. Consequently, as it is not reliant on any mathematical approach, the keys generated cannot be decrypted even by the most advanced quantum computer.
Theoretically introduced back in the 1980s, QKD relies on establishing an end-to-end connection over an optical fibre, through which quantum information is transmitted to generate symmetric encryption keys. During the key generation process, information necessary for generating the encryption keys is encoded into quantum states of light, leveraging the unique properties of quantum physics. These properties enable QKD to generate secure keys, detect any attempted interception or eavesdropping on the signal, and stop communication right away.
The current state of the QKD market: An overview
As the maturity of quantum computers has continued to increase, the belief that they will eventually reach the required performance to run Shor’s Algorithm has started to become more real, boosting research and interest in quantum technologies, including cryptography. Last year alone, it is estimated that more than $2.35 billion was invested in quantum technology start-ups.
The result has been a bloom of QKD manufacturers during the last few years. The market has grown from commercially available QKD in 2006 with 2-3 manufacturers worldwide in the early 2000s to almost 20 manufacturers that are now part of the newly established quantum cryptography market. Interestingly, over 75% of those companies were founded in 2016 and beyond, and 40% since 2019, responding to the increasing threat that the advent of quantum computation poses to global communications security.
The quantum communication market is experiencing a surge in attention and investment, creating an increasingly crowded landscape. As a result, there are many companies, events, and sectors incorporating the term "quantum" in their communications to capture a share of this market. However, it is essential to recognize that not all companies claiming involvement with "quantum" are genuinely working with quantum technologies.
It is crucial to distinguish between companies directly engaged in quantum technologies and those providing vital and indispensable services that contribute to the development and maturation of the quantum infrastructure. For example, key management system providers, integrators, and other related software providers that are vital pieces of a QKD infrastructure will naturally use quantum jargon, although they are not using quantum technology.
The time to act is now, but wisely
Any security professional or chief security officer (CSO) aiming to explore quantum cryptography should take some time to understand the market and its terminology. Quantum cryptography refers exclusively to QKD and its variants (CV-QKD and DV-QKD) and must not be confused with the broader category of quantum computing or PQC. Quantum key distribution is the only cryptographic approach that utilises a quantum-based methodology, thus making it immune to quantum attacks. PQC is a valid alternative for adding an additional layer of security against future quantum attacks that can be implemented alone or in combination with QKD, but it is not a quantum technology.
To build a clear and comprehensible sector, industry players also must contribute towards a better understanding of quantum technologies. Transparent communication should be prioritised, ensuring that technical terms are explained, and their significance is effectively conveyed to both technical and non-technical audiences. Collaboration between industry players will be essential to create a cohesive and well-defined landscape, through the sharing of knowledge and insights and in fostering a broader awareness of the potential applications and benefits of quantum technologies to build the future of quantum security.