Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC) are two major approaches to quantum-safe data protection that are currently under active development. Although both technologies intend to protect against quantum threats, they’re drastically different in their technical implementation and ideal use cases. They also have some serious limitations that governments and businesses should keep in mind when considering quantum-safe security solutions.
In this blog post, you’ll learn more about the benefits, disadvantages, and applications of QKD and PQC. We’ll also be stacking QKD and PQC up against Quantropi’s TrUE quantum-secure product families available through QiSpace™.
What is Quantum Key Distribution?
Quantum key distribution, or QKD, is a method of secure transmission of cryptographic keys. QKD exploits quantum mechanics to allow communicating parties to securely exchange cryptographic keys.
QKD can replicate true random numbers, which are used as cryptographic keys between two points (and currently two points only) across a dedicated communication channel. A typical QKD communication channel consists of lasers and optical fiber cables. QKD encodes quantum states which are passed across the fiber cables in the form of entangled photons between the end point devices. Once transmitted, matching cryptographic keys are derived (using classically-based error correction methods) from the photons that can then be used in quantum-safe and classical encryption algorithms.
The reliance of QKD on quantum mechanics implies a few rather interesting benefits for the technology. At the same time, QKD has several serious limitations that will hinder its widespread adoption.
The Benefits of QKD
QKD is Impervious to Hackers (in Theory)
In quantum physics, the no-cloning theorem states that it’s impossible to create a copy of an unknown quantum state. In practical terms, this means that a hacker wouldn’t be able to intercept and store the photon states exchanged with QKD. It’s believed that this property of quantum mechanics makes QKD impenetrable, but only in theory; the specific devices used to construct a QKD link might still be vulnerable to attacks (e.g. A side-channel attack on the QKD devices themselves rather than on the transmission).
QKD is Intrinsically Sensitive to Eavesdropping
Even if an adversary tried to steal your keys despite the no-cloning theorem, they would need to somehow measure the quantum states passing over a QKD link. Any measuring attempt causes the quantum entanglement to collapse and is therefore immediately noticeable by the communicating parties because transmission ceases.
QKD is Resistant to Advancements in Quantum Computing Hardware (in Theory)
Unlike classical methods of key exchange, QKD doesn’t rely on mathematical complexity – it exploits the laws of physics. This means that QKD, in theory, is resistant to advancements in Quantum hardware and technology. So no matter how powerful quantum computers get with time, QKD is thought to be capable of maintaining its security attributes indefinitely.
The Limitations of QKD
While QKD seems promising, it has a few serious limitations that researchers must overcome to make the technology practical for widespread use.
Government cybersecurity agencies, like the Central Security Service of the US National Security Agency (NSA) or the UK National Cyber Security Centre (NCSC), currently advise against using QKD in government or military applications.
Why do government agencies view QKD in a negative light? Let’s take a look at some of the reasons below:
QKD has Limited Range
Limited range is one of the bigger practical challenges for QKD – so much so that increasing its operational distance has been a primary research goal in recent years.
In standard optical fiber – the one commonly used in classical computer networks – most photons are scattered and absorbed before reaching the receiver. Just 10% of the photons can travel more than 50 kilometers in a standard fiber, and only 0.01% make it past 200 kilometers. This issue is worse because we can’t use standard network repeaters to extend the communication range because of the no-cloning theorem.
Optical fiber with ultralow losses and noise reduction techniques have allowed researchers to extend the range of QKD to as much as 509 kilometers. However, experimental solutions like this one might take time to become widespread and can be prohibitively expensive for most businesses.
QKD Requires Special-purpose Hardware
QKD requires dedicated fiber connections and lasers to send and receive the photons with the keys. These hardware requirements imply huge deployment costs and the need for major infrastructure changes for businesses that rely on cost-effective Ethernet cabling for internal communications.
The fact that standard fiber cables don’t work well for long-range QKD exacerbates the issue, as discussed in the previous point. With all that in mind, switching to QKD can be a gargantuan task in terms of scale and cost.
QKD Cannot Authenticate the Source of a Transmission
QKD doesn’t perform entity authentication. In other words, QKD cannot ensure that the transmission comes from the intended entity. This implies that QKD might be vulnerable to man-in-the-middle attacks where a hacker communicates with parties without their knowledge. With that in mind, QKD protocols must be complemented by classic cryptographic measures that can authenticate the transmission source.
QKD is susceptible to Denial-of-Service Attacks
QKD’s intrinsic sensitivity to eavesdropping can also become a liability. Even if an attacker cannot extract or interpret the photons being exchanged, merely tapping the line means the security has been compromised so the sender / receiver can no longer trust what was shared. Even inadvertent and environmental perturbations of the signal (e.g. vibration from a passing vehicle) may be interpreted as or indistinguishable from an actual attack.
The Use Cases of QKD
Quantum key distribution is thought to be suitable for secure key exchange in critical industries like financial services, core telecommunications networks, and Defense applications.
However, the limitations we listed earlier can significantly limit its practicality in any industry.
QKD is expensive, difficult to implement, and needs to be done right to uncover its full potential. With these points in mind, if you absolutely needed to use a technology like QKD, you would want to limit it to very high-value areas where its benefits outweigh the implementation costs. Even then, you would want to consider other, more efficient means of securing cryptographic keys.
What is Post-Quantum Cryptography?
Post-quantum cryptography, or PQC, is cryptographic algorithms that are believed to be secure against quantum threats. In current common parlance, PQC is only used to refer to post-quantum asymmetric encryption algorithms.
Like QKD, PQC’s primary use case therefore is the secure exchange of cryptographic keys. But unlike QKD, which exploits the properties of quantum mechanics, PQC relies on algorithms (complex math puzzles) that are too complex for quantum computers to crack.
Classical cryptographic algorithms rely on integer factorization, discrete logarithms, and elliptic curves to encrypt data. While classical computers cannot crack these mathematical problems in any reasonable time frame, a sufficiently powerful quantum computer would be able to do so in a time frame short enough to make an attack practical.
To protect against quantum threats, PQC algorithms rely on more complex mathematical problems that are thought to be secure against quantum attacks. These problems include finding short or close vectors in lattices (lattice-based cryptography) or inverting hash functions (hash-based cryptography).
PQC is still in active development, and it’s currently undergoing standardization by NIST. Draft standards are expected to become available in 2022/2024. Government agencies like the UK NCSC or the US NSA support the development of PQC as well because of its advantages over QKD. PQC isn’t perfect, however, as we’ll explain below.
The Benefits of PQC
PQC Can Authenticate Transmissions
PQC can be used to generate digital signatures or certificates to authenticate the source of a transmission. This simplifies the implementation of PQC because it can be used without any “out of band” or extra identity authentication tools.
PQC is Cost-effective and Easy to Deploy
Because PQC leverages complex mathematical functions that can be expressed in today’s computer programming languages, it can operate on classical computers without specialized hardware. PQC can be delivered to devices via software updates, which considerably simplifies its deployment. Perhaps even more important, PQC isn’t as costly to deploy because it doesn’t require dedicated fiber connections or lasers to send and receive data.
PQC Has a Wide Range of Use Cases
Rather than provide point-to-point security like QKD, PQC can work in a wider range of environments and applications. Thanks to its independence of hardware, PQC can work over cable connections and wireless networks. This makes it more mobile and thus expandable to essentially any device in a corporate network.
The Limitations of PQC
PQC Relies on Large Keys
The majority of promising PQC algorithms rely on keys that are much larger than those in classical algorithms. These large keys consume more storage space and increase the time required to encrypt, decrypt, and verify messages.
With that in mind, the transition to PQC may force you to upgrade your IT infrastructure so that it can keep operating at acceptable performance levels. Additionally, PQC might not be able to operate on resource-constrained devices like cell phones or IoT devices.
PQC has Poor Scalability
Currently, PQC algorithms cannot scale endlessly while also maintaining their hardness (resistance to attack). Lattice-based cryptography – an important candidate for PQC – can scale well, but it may only achieve average hardness at large scales. This might change as researchers make advancements in PQC algorithms.
The Use Cases of PQC
Compared to QKD, PQC is a more general-purpose solution that can be used to secure cryptographic keys and generate digital signatures for user authentication.
Because of the software-only simplicity of its implementation, PQC might also be the right choice in situations where costs must be kept low. PQC is also useful when asymmetric encryption needs to be delivered to a wide range of devices across a large range of network technologies, including wireless.
What are TrUE Technologies?
TrUE refers to the three prerequisites for end-to-end quantum security – Trust (asymmetric encryption), Uncertainty (symmetric encryption), and Entropy (strong random numbers). Quantropi is the only quantum-secure technology company offering this full suite of quantum encryption and quantum entropy services – all available through its QiSpace™ SaaS platform.
MASQ™ is the Trust offering in Quantropi’s line of cryptographic solutions. It provides quantum-secure asymmetric encryption and is Quantropi’s chief PQC offering. MASQ™ aims to deliver the security benefits of NIST PQC candidates at a lower performance cost.
The two primary functions of MASQ™ are as follows:
- Key exchange – MASQ™ can enable two parties to securely share their symmetric encryption keys
- Digital signature – Using the sender’s private key, MASQ™ can generate a digital signature to allow you to validate the sender’s identity
Currently under development, MASQ™ will offer not only Quantropi’s efficient PQC algorithm but also NIST-approved PQC algorithms.
QEEP™ is the Uncertainty offering in Quantropi’s line of cryptographic solutions. It’s primarily aimed at data encryption at rest and in transit.
QEEP™ implements quantum-secure symmetric encryption functionality and is primarily intended for deployment in resource-constrained edge devices, like IoT devices. QEEP™ also has low latency, which makes it optimal for applications like high-bandwidth communications or connected vehicles.
SEQUR™ is the Entropy offering in Quantropi’s line of cryptographic solutions. It provides functionality for quantum key generation and distribution.
SEQUR™ QEaaS relies on Quantum Permutation Pad technology to enable quantum-secure distribution of FIPS-certified QRNG over any network infrastructure. SEQUR™ SynQK implements digital quantum key distribution (Digital QKD), an analog of QKD that works over any IP network, including wireless. To provide localized secure key generation, SEQUR™ NGen, is a pseudo-QRNG solution that generates random numbers with extremely long periodicity that passes all NIST, ENT and Dieharder tests for strong randomness.
The Benefits of TrUE
TrUE Delivers Quantum-Secure Protection with High Performance
TrUE provides quantum-secure data protection with little or no performance impact on existing IT systems.
Quantropi’s PQC offering – MASQ™ – has a very similar performance profile compared with classical cryptographic algorithms. One of the reasons for the relative efficiency of Quantropi’s novel PQC offering is its small key sizes and elegant algorithm execution. For example, in situations where you need to generate and authenticate a large number of digital signatures (e.g. in blockchains), MASQ™ will perform on par with (or even better than) legacy cryptographic approaches.
QEEP™ symmetric encryption offers the same level of protection as the AES-256-CBC algorithm. At the same time, Quantropi’s tests have shown that QEEP™ is up to 18 times faster than AES-256-CBC across several hardware platforms and operating systems.
Power savings are significant as well, with QEEP™ consuming up to about 90% less power than AES and up to about 40% less power than AES-NI.
TrUE Deploys Effortlessly at Enterprise Scale
There’s no need for you to make significant changes to your IT infrastructure to start using TrUE technologies and QiSpace™. QiSpace™ integrates rapidly into existing enterprise environments via Quantropi’s downloadable SDK and standard programming APIs.
Thanks to its software-based delivery model, TrUE technologies can help you avoid investing tens and tens of thousands of dollars in new hardware infrastructure. TrUE technologies work on any network endpoint, and they’re also easily scalable and can grow with your business.
TrUE Is a Complete Data and Communication Protection Solution
TrUE technologies make up a complete quantum-secure solution that can protect your organization across its entire IT infrastructure. Not only do TrUE technologies deliver the functionalities of both PQC and QKD, but they also allow you to protect data at rest and in transit. You can use QiSpace™ across entire corporate networks to secure data on any endpoint, like a cloud server, desktop, mobile phone, or IoT device.
At a more specific level, you can use TrUE to:
- Secure enterprise messaging and file sharing
- Protect remote endpoints via quantum VPN
- Protect corporate data at rest and in transit
- Secure Public Cloud and SaaS Platforms
- Securely share cryptographic keys