(CambridgeQuantumComputing) Quantum cybersecurity is plagued with similar-sounding acronyms, such as QKD, PQC, and QRNGs. Each represents a technology that solves a different problem. As we look to the near future, CISOs need to understand these concepts and know which ones to apply to their organisations.
In this article, we’ll briefly explain the three technologies and suggest which ones you should adopt to secure your sensitive data.
Quantum Key Distribution (QKD)
To share information securely across the Internet, data must be encrypted with an encryption key. For the recipient to read the encrypted data, they also need a copy of this encryption key so they can decrypt the data they receive.
Today, this is accomplished using public-key cryptography. The recipient shares their public key with the sender before the encrypted data is sent. The sender encrypts the encryption key with the recipient’s public key and sends it along with the encrypted data. This ensures only the sender and the receiver know what the encryption key is.
Quantum key distribution (QKD) is an alternative approach for sharing encryption keys that uses quantum mechanics. QKD relies on a physical connection between the sender and the receiver; typically a dedicated fibre optic cable. The sender prepares qubits in particular states, then sends them to the recipient, who measures them. Because you can only measure a qubit once, this approach ensures any eavesdroppers are detected.
Although QKD offers some incremental security enhancements, the requirement to have dedicated fibre links has slowed its adoption. Currently, keys can only be sent a few hundred kilometres, which limits practical use cases. In the next few years, we’ll discover if QKD has a place in the cybersecurity landscape.
Post-Quantum Cryptography (PQC)
According to Google’s CEO, quantum computers will break the encryption systems we use today during the next 5-10 years. This is because quantum computers can easily solve the hard problems that underpin the cryptographic algorithms we rely upon today. For instance, the popular RSA algorithm only works because classical computers cannot factor large numbers. Unfortunately, quantum computers will be able to do that very quickly.
Fortunately, there is a field of study called post-quantum cryptography (PQC), which studies algorithms that are not susceptible to attack from quantum computers. These algorithms, such as those being studied in the NIST post-quantum cryptography competition, rely on mathematical problems that are equally hard for classical and quantum computers to solve.
Because of the impending risk of quantum computers, all companies will need to migrate towards PQC algorithms in the next few years. Otherwise, they risk having their data decrypted by attackers.
Quantum Random Number Generators (QRNGs)
Encrypted data is only as secure as the key that encrypts it. And the key is only as secure as the randomness that generated it. For this reason, lots of effort has been spent on improving sources of randomness over the years. Recently, this has led to the development of quantum random number generators (QRNGs) – devices that use quantum mechanics to generate random data.
Quantum mechanics has randomness at its heart. We can prepare qubits that are exactly 50% “1” and 50% “0”. Measuring those qubits will give an answer of 1 with exactly 50% likelihood, or 0 otherwise. This perfection is unique to quantum mechanics – all other physical approaches to generating randomness are less exact, and thus less secure.
QRNGs use the perfect randomness of quantum mechanics to generate cryptographic keys. Just like with QKD, QRNGs have struggled to find adoption, due to the unclear nature of their security benefits. The UK government, for example, spoke out against the use of QRNGs as recently as last year.
However, recent enhancements from Cambridge Quantum Computing mean we can now generate provably perfect cryptographic keys using quantum devices. We no longer have to trust that QRNG devices are generating perfect keys; we can prove it. The question marks over the security are thereby resolved, which paves the way for QRNGs to be the de-facto choice for key generation in the future.
Making the Right Choice For Your Company
Given all these options (QKD, PQC and QRNGs), what is the right choice for your company when it comes to securing data?
It’s fair to say QKD remains a distant option because it’s hindered by technical challenges. Most companies should be watching the QKD space and some may wish to invest in proof-of-concepts. But until the restrictions around dedicated point-to-point links are solved (by implementing the elusive “quantum repeaters”), the usefulness of QKD is limited.
PQC, on the other hand, is the clear route forward for all companies. The aforementioned NIST competition will be announcing winning algorithms in the next year or two. All companies should be investing in this technology, now, so they are ready for when that transition moment occurs.
Finally, the latest generation of QRNGs (currently only available from Cambridge Quantum Computing) is now able to generate the strongest possible cryptographic keys, for both today’s algorithms and the future. This leap forward in security should trigger a wholesale shift towards QRNGs for key generation. All companies should be exploring this technology and moving high-value use cases towards keys generated in this manner.
Learn More About Quantum Security Technology
Cambridge Quantum Computing will be speaking on this topic at IQT NY (May 17-20). Check out the Integrated Approaches to Quantum Safe Technology panel on May 17th at 1:35pm EST.
To get in touch to learn more about IronBridge – our key generation platform based on perfect quantum randomness – please head to cambridgequantum.com