Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Quantum Key Distribution for a Post-Quantum World
New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.
The emergence of quantum computing and its ability to solve computations with incredible speed by harnessing the fundamental properties of quantum mechanics could revolutionize our world. But what does this quantum future mean for data security?
As quantum computing evolves from the test lab to the real world, this unprecedented new form of computing power has massive implications for current forms of encryption and public-key cryptography (PKC), such as Rivest–Shamir–Aleman (RSA) and elliptic curve cryptography (ECC). Against the processing capabilities of quantum computing, which can analyze vast sets of data orders of magnitude faster than current digital computers, these forms of encryption will essentially become vulnerable to bad actors.
In the coming post-quantum future, cryptography solutions built on the rules of quantum physics are essential to ensure that sensitive digital information is distributed safely and securely across the forthcoming quantum Internet. One of the pillars of this more secure quantum computing future is called quantum key distribution (QKD), which uses basic properties of physics to derive encryption keys for secure encryption between two locations simultaneously.
Tapping the Power of Photons
At the physical level, the data bits sent during key exchanges for today's common encryption techniques, such as RSA and ECC, are encoded using large pulses of photons or changes in voltages. With QKD, everything is encoded on a single photon, relying on quantum mechanical properties that allow detection and prevent successful eavesdropping. Quantum objects exist in a state of superposition where the value for a property of the object can be described as a set of probabilities for different values.
The transmission of the encoded photons occurs over what's known as the quantum channel. A separate channel, referred to as the classical channel, established between the two endpoints handles clock synchronization, key sifting, or other data exchange; this channel could be any conventional data communication channel.
Multiple Varieties of QKD
A number of implementations and protocols for QKD are emerging as the technology evolves. For example, discrete variable QKD (DV-QKD) is used in many commercial QKD systems today. A DV-QKD system consists of two endpoints: a sender and a receiver. The quantum connection between these endpoints could be free space or dark fiber. In this case, the sender encodes a bit value, 0 or 1, on a single photon by controlling the phase or polarization of the photon. A separate data connection between the two endpoints is used to communicate information about the quantum measurements and timing.
While initial QKD implementations consisted of separate dedicated fibers for the quantum and data channels, new versions can use separate wavelengths for each channel on the same fiber, leading to more cost-effective deployments and efficiencies.
Other implementations include continuous variable QKD (CV-QKD) and entanglement. With CV-QKD, the sender applies a random source of data to modulate the position and momentum quantum states of the transmission. Entanglement QKD, meanwhile, leverages quantum phenomena where two quantum particles are generated in a way in which they share quantum properties; no matter how far apart they may later separate, a measurement of a property on each will result in the same values.
Challenges Ahead for QKD
Distance remains a constraint on implementing QKD over fiber because the individual photons being transmitted will be absorbed over distance. The laser strength is attenuated to create the individual photons, and standard telecom equipment cannot be used to repeat or strengthen the signal. In general, between 60 miles and 90 miles is the practical limit.
Methods to extend the distance include trusted exchange, twin field QKD, and quantum repeaters.
Trusted exchanges act as a repeater — receiving the optical signals, converting them to digital, and then converting them back to optical. Trusted exchanges must be secured to prevent an intruder from reading the transmission while it is in digital form.
Twin field QKD adds a midpoint node that receives signals from both endpoint nodes, increasing the distance between endpoints to potentially hundreds of miles.
Quantum repeaters could eventually break the distance barriers of QKD over fiber, providing a function similar to repeaters in telecommunications today: to amplify or regenerate data signals so they can be transferred from one terminal to another.
Advancements in single photon sources and low-noise detectors will further improve the viable distances for QKD.
What's Next for QKD
QKD has significant value in a quantum world due to its ability to enable symmetric key sharing between endpoints and identify when eavesdropping on the quantum channel is occurring. Before it can be broadly implemented by carriers, however, QKD must be supportable in a carrier environment, providing the availability and reliability their customers expect.
For example, disruption of the quantum channel can result in the loss of real-time key material; however, having a secure key storage associated with QKD allows key material to continue to be distributed while investigation of quantum channel outage is occurring. This also means that approaches and capabilities to troubleshoot and manage QKD equipment and services must be developed.
Since QKD relies on quantum mechanics, the observing state will impact the quantum system, and this in itself poses challenges to troubleshooting and management. As the technology continues to evolve and improve, QKD implementations on smaller mobile devices such as drones may eventually become possible. No matter how QKD evolves, it looks to be a promising solution for securing communications on the quantum Internet.
About the Authors
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024