The Quantum crypto revolution

Commercially available encryption systems are already with us and their potential is huge, although the technology still has many issues that must be overcome.

Quantum computing technology will "force a change to the landscape of cryptography," according to Imran Shaheem, cyber security consultant at Cyberis. It has come a long way since scientific and mathematical interest erupted in the 90s. "Quantum computers have serious consequences for classical cryptography and the future standards for secure communication," he states.

Successful trials of quantum cryptography to secure communication through quantum physics have been undertaken already and progress in quantum technologies has been swift over the last decade, he points out. "Quantum Key Distribution (QKD) systems have been tested by banks and governments, while similar systems were deployed as far back as the 2010 FIFA World Cup in South Africa. In 2017, researchers held a QKD-protected video conference between China and Austria, using the quantum satellite Micius."

Admittedly, while quantum computers won't be able to change everything, they provide benefits in cryptographically significant ways. One of these is factoring large numbers. "This is a technique central to the security of several algorithms, such as RSA, in which prime factors of large numbers underpin the encryption. As a consequence, RSA's security and other algorithms employing similar techniques, will be compromised by introducing disruptive quantum computers. This leaves a space within classical cryptography that its quantum counterpart attempts to solve," adds Shaheem.

The benefits are numerous. "Information cannot be unknowingly intercepted, due to quantum principles, including the 'no cloning' theorem and quantum superposition, which provides natural resistance to eavesdropping. The security provided stems from underlying physical properties. It's baked into the universe and therefore isn't something that can be cracked through quantum computing power. As security is on the physical layer, quantum cryptography can secure the end-to-end connection, without needing an SSL or VPN," he points out.

However, there are some issues, the cyber security consultant concedes. "It's expensive, because this is at cryptography's cutting edge. R&D costs are high, as are the fabrication costs of specialist components. There is also a costly requirement for an independent infrastructure capable of supporting quantum cryptography. Many of these issues will be overcome in time as the technology matures."

It's easy to think that quantum technology and its effect on current infrastructure is distant. However, there are already commercially available encryption systems, including ID Quantique's Cerberus3 system for key distribution. Many of these systems are based on the popular protocol, BB84. "Whilst there is still life in classical methods, the focus is shifting to next-generation technologies addressing solutions to tomorrow's problems. These don't always come with a quantum flavour, but post-quantum cryptography is seen as the answer to quantum computers' potential for massive changes and the associated cryptographic problems.

"With the solutions we have now, quantum or classical, the biggest hurdle is their deployment," says Shaheem. "Poorly thought-through implementations leave these systems vulnerable, as seen through the light injection attack, for example, which can defeat certain applications of BB84. Like modern-day systems, testing surrounding configuration will be crucial against inherent and implementation flaws."

Companies should think seriously about how the transitionary process to quantum-secure systems will affect their business, he advises. "The time is now to look to the future and ensure tomorrow's world doesn't break today's encryption and expose sensitive data."