Konstantin Vilk is a co-founder and CTO of QuSecure where he is driving innovation in quantum resilient cyber security.
Quantum computing is one of the most rapidly developing emerging technologies. As often as every few weeks, announcements of new discoveries and their commercial applications become apparent.
With quantum technologies, concepts that even months ago may have seemed impossible are becoming a reality. New quantum sensing technologies shed more clarity into the world around us, quantum memory allows us to store and synchronize quantum particles for improved secure communication, and quantum computers will enable us to tackle problems our current computers cannot solve. With all these positive attributes, the darker side of quantum computing is being understood more, too.
With new technology comes new threats. Brute force attacks, which require very powerful machines like supercomputers or GPU farms, have not been feasible until recently. With the development of quantum computers, brute force attacks have become much less challenging to those who have the technology. However, studies have demonstrated the mathematical and algorithmic models of how to leverage quantum computers to accomplish brute force attacks in short periods. This isn’t a new concept, however, as quantum computing largely bolsters the strength of encryption models.
Cryptography is used to secure messages exchanged between recipients to prevent them from being read by unauthorized users. It is based on the key length and the mathematical strength of the algorithm used to encrypt that message. Two main techniques of breaking cryptography by cryptanalysis are reverse-engineering the mathematical operations to look for mistakes in the code used to generate that key or brute force the key by running many “guess” operations.
The industry is responding with answers on how to deal with bad actors trying to break cryptography. There are efforts by NIST and ISO organizations to test and standardize post-quantum cryptography, mathematically designed to make quantum computers no better at breaking this new generation of cryptographic algorithms than classical machines. There are also devices in the market focused on quantum key distribution (QKD). Naturally, it isn’t easy to understand what the differences are between these encryption technologies — moreover, determine which is better.
MORE FOR YOU
When it comes to technology, it is critical to understand its uses and correct applications. Just because something fits into a category — cryptography, in this case — it is still essential to know where and how to apply it in real life. There are two schools of thought. One is for algorithmic applications like post-quantum cryptography and digital signatures; the other is QKD, key generation and distribution.
Although QKD is a big concept in quantum computing, it hasn’t been popular recently in the press. Because QKD is still developing, it is incredibly misunderstood. QKD is a photonic technology, but unlike other forms of quantum-resistant technology, it is best applied to a set of particular use cases where it plays a perfect role. It is based on the quantum physics principles of entanglement and perfect random number generations.
Also, unlike other post-quantum technologies, QKD is incredibly dependent on physical hardware. Because of this, its primary use cases are securing encryption keys during the key exchange and data over long-haul transmission. It is a perfect application for fiber ethernet, LiFi and laser communications. QKD can even sense when it is under attack due to those quantum physics properties.
Although those are the best applications, it does have limitations, as you cannot deploy it today on copper ethernet, Wi-Fi or other microwave-based technologies. Therefore, QKD will protect your data when transmitted between nodes but not when it’s not in use.
Whereas QKD is based on particles of light and their physical properties, post-quantum cryptography is based on software and algorithms. Using newly developed algorithms, post-quantum cryptography is mathematically different from the currently used classical algorithms. It is designed not to be reduced in strength by quantum and quantum-inspired algorithms. It can also be used today (assuming it is approved by NIST in 2022-2023) on our current computing devices like phones, laptops, IoT devices and industrial equipment.
Much like classical cryptography, post-quantum cryptography is still reliant on key exchange and key exchange protocols. When a message is encrypted to protect its content, the recipient must have a way of unlocking the message to read it. That is where key exchange plays a role. Because of this communication dependency, if the key is communicated over a compromised or a non-secure channel, the keys can be intercepted and used to decrypt the message, making the best of the algorithms largely ineffective. SSL and TLS are considered no longer secure with increasing technology because of these man-in-the-middle and downgrade-based attacks.
Ultimately, quantum has both good and bad attributes. However, the development of this technology will change the scope of cybersecurity forever.