A nuanced perspective on quantum communication
As quantum computing continues to develop, it introduces a threat to modern-day security standards. Quantum computing can’t break our widely used encryption methods today, but it threatens them with the possibility of decryption of saved messages in the future. We must not only protect our data from decryption today but future-proof our encryption so that it is also unbreakable tomorrow. To address this threat, institutions such as the National Physical Laboratory (NPL) have begun to address quantum technology-led security strategies, such as Quantum Key Distribution (QKD).
The looming quantum computing security threat
As quantum computers mature and become more accessible to government agencies and private organisations, the risk to encrypted data grows. Data encrypted through traditional cryptographic methods can be stored indefinitely and decrypted at a future time – referred to as ‘harvest now – decrypt later’ attacks. Malicious actors can retain personally identifiable information (PIN), intellectual property, and even confidential government data for decades, with the awareness that the information will someday become accessible. This unsettling reality underscores the pressing need for a shift in data security.
Quantum computers, with their potential capacity to perform certain complex calculations faster than classical computers, will render commonly used encryption algorithms obsolete. Shor’s algorithm, a quantum algorithm designed to efficiently factor large numbers, poses a significant risk to widely adopted cryptographic systems today through the aforementioned ‘harvest now – decrypt later’ attacks.
One path to future-proof cryptography would be migration to post-quantum cryptography (PQC) standards as shepherded by the US National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity (ENISA). These PQC standards are a set of encryption algorithms designed to withstand decryption attempts from quantum computers. However, this security cannot be guaranteed, and a more robust approach could be a hybrid one combining PQC and QKD.
Therefore, we may find that quantum technology ultimately solves the same challenges it creates. Specially designed classical algorithms, as well as quantum computing-led alternative cryptographic solutions or solutions such as QKD may help to safeguard sensitive information against these developing quantum threats.
A new quantum communication system emerges – understanding quantum key distribution
Quantum Key Distribution (QKD) is an emerging quantum technology leveraging the principles of quantum mechanics to secure communication channels. Unlike traditional cryptographic methods—which rely on the complexity of mathematical algorithms – QKD provides a means for creating a shared, secret, cryptographic key that is based on quantum mechanics. It is akin to two diplomats using secure, technology-enhanced briefcases to exchange sensitive codes, where any unauthorised attempt to access the documents inside the briefcases instantly shreds the documents.
The sender and receiver establish a shared secret key by exchanging and measuring single or entangled photons. If an eavesdropper attempts to read and copy these photons, they will not be able to avoid introducing errors in the copied photons. This allows the detection of any attempt at eavesdropping. Significant hurdles remain for widespread implementation of QKD, but there have been tremendous advances, and more are expected in the coming years.
The promise and hurdles of QKD
The security of QKD rests on the principles of quantum mechanics and is also immune to the ‘harvest-and-decrypt’ attack, since the QKD keys must be hacked at the time that they are created.
Quantum states are delicate and susceptible to environmental noise – or nudges that change them – which can make the practical deployment of QKD challenging. There is a distance limit for deploying QKD using optical fibre, although these limits are now in the hundreds of kilometres. Recently, researchers at the University of York (part of the EPSRC quantum communications hub) demonstrated that quantum communication is possible between the United Kingdom and Ireland, using a 224-kilometre-long fibre link. An emerging variant of QKD uses an orbiting satellite to create a QKD link between two ground stations on earth, establishing QKD over intercontinental distances. As QKD links are developed, we also begin to build the framework of a truly quantum network; a network that can facilitate solutions such as, but not limited to, QKD.
An important challenge is demonstrating the security of a QKD link. Although the security of a QKD system is provably based on physical laws, if the hardware implementation deviates from the assumptions of the security proof it may no longer be secure. Therefore, work is being undertaken to develop standard tests for evaluating QKD hardware. Another significant barrier is simply a lack of awareness and of realistic expectations for all quantum technologies, including QKD and quantum networks.
NPL quantum communications expertise: using quantum to ensure safe information sharing
Collaboration is vital in the successful development of quantum technology-led security strategies. One instance is NPL’s contribution to the Quantum Communications Hub documents that highlighted, with comments and examples, particular aspects of NCSC’s principles-based approach to assurance that should be considered, or expanded upon, for quantum security products.
NPL can also independently evaluate and validate specific quantum hardware parameters such as the quantum properties of the transmitted states and receivers of QKD systems. For example, in January 2024, NPL performed an independent assessment of various critical parameters of Toshiba’s QKD technology. These measured quantities are integral to the product’s security and its wide-scale deployment.
Embracing quantum communications
While QKD may still be in its early phase—and rife with technical intricacies and puzzling challenges—the need for post-quantum cryptographic security is an accelerating one. Living in a post-quantum world puts significant upward pressure on the study and implementation of new quantum-safe security standards. It is speculative whether quantum computing will lead to a breakdown of our modern security standards, but agreement exists that organisations need to prepare for its eventuality. Thus, the only question remaining is whether it will be in the next few years or the next decade.
NPL provides specialised expertise and partnership in quantum technologies and quantum communications, supporting exploration in both QKD and the quantum networks which will bring widespread use of this technology as well as more advanced networked quantum applications.
Contact NPL to learn more about quantum communications – whether curious about QKD, quantum networks, their testing and validation, or the broad and expanding world of quantum technology.