While President Biden was visiting Europe, he should have stopped to take a close look at what the European Union and Europeans countries and labs are doing to protect against future quantum computer attack—a threat this column has highlighted over the past two years.
While the U.S. is betting all its quantum security chips on post-quantum cryptography, i.e. mathematically-based algorithms scientists and cryptographers hope will resist a future quantum computer assault—scientists, companies, and officials in Europe are investing in a technology that uses quantum science itself to secure data and networks, now and for decades into the future.
In October 2018, the European Commission launched the first phase of the Quantum Technologies Flagship, 1 billion EURO, ten-year initiative, that pools resources for advancing quantum technology on a broad front. That includes building a future communication network based on Quantum Key Distribution (QKD), a technology that uses the principles of quantum mechanics for cryptography.
These are the first steps toward what will become Europe’s “Quantum Internet”, connecting quantum computers, simulators, and sensors to distribute information and quantum resources securely, thanks to QKD.
This March representatives of seven EU countries (Belgium, Germany, Italy, Luxembourg, Malta, the Netherlands, and Spain) signed an agreement to develop and deploy a hack-proof quantum-based communication infrastructure (QCI) across the EU within the next ten years. Croatia, Cyprus, Greece, France, Lithuania, Slovakia, Slovenia, Sweden and Finland also agreed to cooperate in building QCI.
Meanwhile, our own National Security Agency issued a document last year all but dismissing QKD out of hand, while the National Institute of Standards and Technology’s solution to future quantum computer attack is entirely focused on post-quantum cryptography—even though those algorithms have yet to be tested against a large-scale quantum computer (since none exists today).
It’s not clear why American officials remain so allergic to quantum-based methods for securing data and networks, even though QKD’s proven path to quantum security rests on the nature of physics itself. Unlike classical physics, quantum physics is fundamentally random. Quantum Random Number Generators, which are the basis of QKD solutions, integrate the randomness of quantum physics to generate truly random numbers for encrypting messages and data in ways that are truly hack-proof. We can think of them as the equivalent of a spymaster’s one-time pad that no codebreaker can crack.
By integrating QRNG’s into a random-generated encryption key for users, Quantum Key Distribution (QKD) offers even more long-term security. Communication between users relies on the distribution of a unique secret key used to encrypt a message, that is completely random, and which is used only once. QKD is able to establish such a key remotely between two distinct parties, that will be permanently hack-proof both by conventional hackers and by quantum computers. Indeed, once someone tries to break the connection through classical or quantum hacking, users immediately detect the intrusion and the connection is severed.
Sounds fanciful? In fact, QKD companies are already deploying this technology in ways that are provable secure.
The list includes the Swiss company IDQuantique, which is an industry leader in manufacturing quantum-generated random communication products. Many IDQuantique products are used by the Korea’s SK Telecom for the subscriber authentication center of its 5G network. SKT is also applying QKD technology to the Seoul-Daejeon section of its LTE and 5G networks to prevent hacking and eavesdropping.
It’s not just European and Korean companies who are pursuing this route. The Australian company QLabs has a QRNG-based qStream product suite that’s being being used to secure billions of highly sensitive legal documents in the cloud. An American company, Quantum Xchange, has used QKD to provide point-to-multi-point transmissions for financial markets on Wall Street with back office operations in New Jersey, while the Department of Energy labs are experimenting in the same space as are the Japanese.
Right now, practical QKD systems are currently limited to distances of about 100 kilometers. But a scalable architecture that includes a Trusted Node to bridge the gap between successive QKD systems, makes large-scale implementation possible and practical. So will integrating QKD systems into fiber-optic cables for quantum signals. In July 2018 Alberto Boaron of the University of Geneva and his colleagues reported distributing secret keys using QKD over a record distance of more than 400 kilometers of optical fiber, at 6.5 kilobits per second.
This exchange of unclonable encryption keys via QKD, is bound to become the cornerstone of network security for all high value data, including in space where there quantum signals can travel much more freely. Chinese scientists proved this when they launched the quantum satellite Micius back in 2016, which can communicate to points on the ground using QKD.
The bottom line is, QKD offers a hardware-based solution for quantum computer attack in the future, while QRNG provides a provable and guaranteed confidential link that’s available now.
The Chinese understand this; they are forging ahead with QKD technology to harden their networks against our future quantum computers. Which raises the question: what do the Chinese, as well as the Europeans, understand about the future trajectory of quantum cryptography that we are missing?
Make no mistake: PQC is, and remains, a vital first line of defense. But it’s time the U.S. government takes a hard look at the quantum cryptography option, and not let China, or our European allies, build the security architecture for the quantum age which we chose to ignore.