Quantum Key Distribution and Quantum-Safe Cryptography: two (complementary) approaches to becoming quantum-ready

By Martin Laforest, PhD, Senior Business Development Manager & Quantum Technology Expert, ISARA Corporation

Published on November 29, 2018

Every advancement in quantum computing brings us closer to the positive and negative disruptions this revolutionary technology promises. Though a large-scale quantum computer is not here yet, its future arrival already puts many aspects of information security at risk today because of “harvest-and-decrypt” attacks, for example, where adversaries collect and store encrypted data with the intention of decrypting it in the future.

Now, business leaders recognize that they need to start preparing and are asking how they can become ‘quantum-ready.’

For security leaders, protecting your organization’s critical assets, products and confidential data using a quantum-safe method is essential. We will discuss two such approaches: quantum-safe cryptography and quantum key distribution.

In this blog post, we will help you to:

  1. Differentiate between quantum-safe cryptography (QSC) and quantum key distribution (QKD)
  2. Understand the complementary nature of the two approaches
  3. Establish which of these technologies are best suited for your organization’s security needs

 

A quick overview of the goals of information security

Before we dive in, it’s important to note that cryptography consists of building blocks that form the four goals of information security: confidentiality, data integrity, authenticity and non-repudiation.

Authenticity can be achieved using digital signatures and message authentication, and confidentiality can be achieved using key establishment and encryption.

While quantum-safe cryptography achieves all four goals of information security, QKD only addresses the challenge of key establishment for confidentiality.

Moreover, current methods of data encryption, like AES or other symmetric key encryption algorithms, are considered computationally quantum secure given they use a shared secret key that is long enough. Therefore, the vulnerability to quantum-enabled harvest-and-decrypt attacks lies at the key establishment level which is why QKD provides a compelling solution for quantum-safe confidentiality.

What is Quantum Key Distribution, or “the physics approach”?

Quantum key distribution (QKD) is what is often called the “physics approach” to quantum-safe key establishment. It involves using new, specially designed hardware devices that send, receive and measure quantum states of light between two parties – let’s call them Alice and Bob – wishing to establish a shared secret encryption key.

The quantum states are sent over a dedicated fiber optic or free-space channel linking Alice and Bob. QKD offers unconditional security because anyone who tries to listen to or intercept the key exchange will disturb the quantum states, alerting Alice and Bob that an eavesdropper is present. If the key was tampered with, Alice and Bob would get rid of the compromised key and not move forward with their communication. On the other hand, if Alice and Bob do not detect any disturbance in the key exchange, they can be confident that their shared private key is secret and will use it to encrypt and share their sensitive data.

This eavesdropper detection is unique to QKD and is unparalleled using any other technique. It is made possible by a fundamental characteristic of quantum mechanics called the uncertainty principle, which says that the act of measuring a quantum system will disturb it.

What is Quantum-Safe Cryptography, or “the math approach”?

Quantum-safe cryptography is similar to current public key cryptographic techniques, such as Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC) or Diffie-Hellman (DH) key establishment. However, it relies on different underlying hard math problems that are considered to be unsolvable, even by a quantum computer-enabled adversary. Learn more here.

QSC & QKD: complementary approaches for enhanced secure communications

While QKD provides unparalleled key exchange security in theory, in practice there still needs to be an authenticated classical communication channel to implement the protocol. Moreover, a classical authenticated channel is also needed to communicate the encrypted data. Since QKD is strictly used to exchange the key, and cannot provide authentication, a math-based authentication protocol must be used for this purpose.

Since authentication is not vulnerable to a harvest and decrypt attack, QKD can still be implemented today using traditional authentication method, but it would be highly recommended to use quantum-safe authentication from inception to remain future-proof.

Which use cases and needs are best suited for QKD and QSC?

Organizations protecting highly confidential information that requires secrecy beyond ten years, and are willing to trade speed and money for advanced security, could benefit from implementing QKD.

Quantum key distribution is also especially useful for organizations who own endpoints that are connected by a trusted fiber optic and free-space network, such as a bank with multiple branches, government data centres or healthcare centres with multiple locations. This is because 1) QKD does not have a way of ensuring the integrity of the quantum channels between nodes and 2) QKD currently has a severe distance constraint and can only exchange keys between locations separated by less than 200km.

Therefore, the organization must own or trust all the nodes of the network to ensure end-points are properly connected. However, to establish a key over a long-distance relaying nodes are required. Currently, this constraint is due to hardware limitations and could be resolved with the arrival of practical quantum-repeaters and high-bandwidth satellite-based QKD, which are still years away. Therefore, QKD requires a significant investment in new and often expensive hardware, which is slow and possibly vulnerable to implementation issues that would affect security.

If you’re securing connected devices, communicating across open-networks where you do not own or trust both endpoints and the nodes in between, or where speed is essential, quantum-safe cryptography is a practical and highly secure option. For example, connected cars, deployed military devices, e-commerce, web browsing, secure email and banking applications would all benefit from the security and practicality quantum-safe cryptography provides.

This is because one of the main benefits of quantum-safe cryptography is that it is a software solution and can be used now via a hybrid approach with today’s public key algorithms. They can also be deployed on existing infrastructure and in some cases, offer improved speed and performance over current algorithms.

Table 1: SUMMARY OF DIFFERENCES BETWEEN QKD and QSC

PROPERTY QKD QSC
Unconditionally secure key exchange x  
Unconditionally secure one-time pad encryption x  
Computational secure encryption x x
Uses existing hardware and infrastructure   x
Can satisfy all four information security goals (confidentiality, data integrity, authentication, non-repudiation)   x
Distance limitations Currently limited to 200 km per trusted nodes None, able to connect globally
Communication speed (key exchange) Slow Fast
Cost to implement Can be expensive, requires new hardware devices and physical networks Cost-effective, software-based, use existing systems and infrastructure

  

While QKD provides unconditional eavesdropper detection capabilities, there are limitations. When combined with QSC, an unparalleled security solution for governments, banking, healthcare and financial institutions is possible.

However you begin your organization’s migration to quantum-safe security, you should start today. We can help.