Feature Do the laws of physics trump mathematical complexity, or is Quantum Key Distribution (QKD) nothing more than 21st-century enterprise encryption snake oil? The number of QKD news headlines that have included unhackable, uncrackable or unbreakable could certainly lead you towards the former conclusion.
However, we at The Reg are unrelenting sceptics for our sins and take all such claims with a bulk-buy bag of Saxa. What this correspondent is not, however, is a physicist nor a mathematician, let alone a quantum cryptography expert. Thankfully, I know several people who are, so I asked them the difficult questions. Here's how those conversations went.
I can tell you what QKD isn't, and that's quantum cryptography. Instead, as the name suggests, it's just the part that deals with the exchange of encryption keys.
As defined by the creators of the first Quantum key distribution (QKD) protocol, (Bennett and Brassard, 1984) it is a method to solve the problem of the need to distribute secret keys among distant Alice and Bobs in order for cryptography to work. The way QKD solves this problem is by using quantum communication. "It relies on the fact that any attempt of an adversary to wiretap the communication would, by the laws of quantum mechanics, inevitably introduce disturbances which can be detected."
Quantum security expert, mathematician and security researcher Dr Mark Carney explains there "are a few fundamental requirements for QKD to work between Alice (A) and Bob (B), these being a quantum key exchange protocol to guarantee the key exchange has a level of security, a quantum and classical channel between A and B, and the relevant hardware and control software for A and B to enact the protocol we started with."
If you are the diagrammatical type, there's a nifty if nerdy explanatory one here.
It's kind of a given that, in and of themselves, quantum key exchange protocols are primarily very secure, as Dr Carney says most are derived from either BB84 (said QKD protocol of Bennett and Brassard, 1984) or E91 (Eckert, 1991) and sometimes a mixture of the two.
"They've had a lot of scrutiny, but they are generally considered to be solid protocols," Dr Carney says, "and when you see people claiming that 'quantum key exchange is totally secure and unhackable' there are a few things that are meant: that the key length is good (at least 256 bits), the protocol can detect someone eavesdropping on the quantum channel and the entropy of the system gives unpredictable keys, and the use of quantum states to encode these means they are tamper-evident."
So, if the protocol is accepted as secure, where do the snake oil claims enter the equation? According to Dr Carney, it's in the implementation where things start to get very sticky.
"We all know that hardware, firmware, and software have bugs even the most well researched, well assessed, widely hacked pieces of tech such as the smartphone regularly has bug updates, security fixes, and emergency patches. Bug-free code is hard, and it shouldn't be considered that the control systems for QKD are any different," Carney insists.
In other words, it's all well and good having a perfected quantum protocol, but if someone can do memory analysis on A or B's systems, then your "super secure" key can get pwned. "It's monumentally naive in my view that the companies producing QKD tech don't take this head on," Dr Carney concludes. "Hiding behind 'magic quantum woo-woo security' is only going to go so far before people start realising."
Professor Rob Young, director of the Quantum Technology Centre at Lancaster University, agrees that there is a gap between an ideal QKD implementation and a real system, as putting the theory into practice isn't easy without making compromises.
QKD connections can be blocked using a DDoS attack as simple as using a pneumatic drill in the vicinity of the cable
"When you generate the states to send from the transmitter," he explains, "errors are made, and detecting them at the receiver efficiently is challenging. Security proofs typically rely on a long list of often unmet assumptions in the real world."
Then there are the hardware limitations, with most commercially implemented QKD systems using a discrete-state protocol sending single photons down low-loss fibres. "Photons can travel a surprising distance before being absorbed, but it means that the data exchange rate falls off exponentially with distance," Young says.
"Nodes in networks need to be trusted currently, as we can't practically relay or switch quantum channels without trusting the nodes. Solutions to these problems are in development, but they could be years away from commercial implementation."
This lack of quantum repeaters is a red flag, according to Duncan Jones, head of Quantum Cybersecurity at Cambridge Quantum, who warns that "trusted repeaters" are not the same thing. "In most cases this simply means a trusted box which reads the key material from one fibre cable and re-transmits it down another. This is not a quantum-safe approach and negates the security benefits of QKD."
Then there's the motorway junction conundrum. Over to Andersen Cheng, CEO at Post-Quantum, to explain. Cheng points to problems such as QKD only telling you that a person-in-the-middle attack has happened, with photons disturbed because of the interception, but not where that attack is taking place or how many attacks are happening.
"If someone is going to put a tap along your 150km high-grade clear fibre-optic cable, how are you going to locate and weed out those taps quickly?" Cheng asks.
What if an attacker locates your cable grid and cuts a cable off? Where is the contingency for redundancy to ensure no disruption? This is where the motorway junction conundrum comes in.
"QKD is like two junctions of a motorway," Cheng explains. "You know car accidents are happening because the road surface is being attacked, but you do not know how many accidents have happened or where or who the culprit is, so you cannot go and kick the offenders out and patch up the road surface."
This all comes to the fore when Anderson insists: "QKD connections can be blocked using a DDoS attack as simple as using a pneumatic drill in the vicinity of the cable."
Sally Epstein, head of Strategic Technology at Cambridge Consultants, throws a couple of pertinent questions into the "ask any QKD vendor" ring.
Quantum-safe cryptography, coupled with verifiable quantum key generation, is an excellent approach to the same problem and works perfectly today
"1. Supply chain: There is a much greater potential for well-funded bad actors to get into the supply chain. How do they manage their supply chain security?
"2. Human fallibility: There are almost certainly exploitable weaknesses in the control software, optical sub-assemblies, electronic, firmware, etc. What penetration testing has the supplier conducted in terms of software and hardware?"
Professor Young thinks that QKD currently offers little return on investment for your average enterprise. "QKD can distribute keys with provable security metrics, but current systems are expensive, slow and difficult to implement," he says.
As has already been pointed out, security proofs are generally based on ideal cases without taking the actual physical implementation into account. This, Young says, "troubles the central premise of using QKD in the first place."
However, he doesn't think that the limitations are fundamental and sees an exciting future for the technology.
Because QKD technology is still maturing, and keys can only be sent across relatively short distances using dedicated fibre-optic cables, Jones argues that "only the biggest enterprises and telcos should be spending any money on researching this technology today."
Not least, he says, because the problems QKD solves are equally well addressed through different means. "Quantum-safe cryptography, coupled with verifiable quantum key generation, is an excellent approach to the same problem and works perfectly today," Jones concludes.
Professor Andrew Lord, head of Optical Network Research at BT, has a less pessimistic outlook.
"Our trial with NCC in Bristol illustrates a client with a need to transmit data which should remain secure for many years into the future," Lord told The Reg. "QKD is attractive here because it provides security against the 'tap now, decrypt later' risk, where data could be stored and decrypted when a quantum computer becomes available."
The UK's National Cyber Security Centre (NCSC) has gone on the record to state it does not endorse the use of QKD for any government or military application, and the National Security Agency (NSA) in the US has reached the same conclusion.
Jones of Cambridge Quantum says he completely agrees with the NCSC/NSA perspectives because the "first generation of quantum security technologies has failed to deliver tangible benefits for commercial or government applications."
Young goes further: "Both NCSC and NSA echo the views of all serious cryptographers with regards to QKD, and I am in complete agreement with them."
So what needs to change to make QKD solutions relevant to enterprises in the real world? Lord admits that the specialised hardware requirements of QKD does mean it won't be the best solution for all use cases, but foresees "photonic-chip based QKD ultimately bringing the price down to a point where it can be integrated into standard optical transmission equipment."
Dr Carney adds: "In closing, all this leaves us with the biggest misunderstanding about QKD vs classical key exchange; in classical key exchange the mathematics that makes Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) or your favourite Post-Quantum Cryptography (PQC) key exchange secure is distinct and independent of the physical channel (the classical channel) that is being used for the protocol.
"On a QKD system, the mathematics is in some way intrinsically, and necessarily, linked to the actual physicality of the system. This situation is unavoidable, and we would do well to design for and around it."
More:
- The neutrino's quantum fuzziness is beginning to come into focus - Science News Magazine - May 23rd, 2024 [May 23rd, 2024]
- Unlocking the Quantum Code: International Team Cracks a Long-Standing Physics Problem - SciTechDaily - May 23rd, 2024 [May 23rd, 2024]
- Quantum tunnel: Scientists study particles that move faster than light - Interesting Engineering - May 23rd, 2024 [May 23rd, 2024]
- Quantum to cosmos: Why scale is vital to our understanding of reality - New Scientist - May 23rd, 2024 [May 23rd, 2024]
- A new theory of quantum gravity could explain the biggest puzzle in cosmology, study suggests - Livescience.com - May 23rd, 2024 [May 23rd, 2024]
- Helping qubits stay in sync - Newswise - May 23rd, 2024 [May 23rd, 2024]
- Breaking Light Speed: The Quantum Tunneling Enigma - SciTechDaily - May 23rd, 2024 [May 23rd, 2024]
- Quantum tunnels allow particles to break the light-speed barrier - Earth.com - May 23rd, 2024 [May 23rd, 2024]
- Cloud Computing under the Cover of Quantum - Physics - May 23rd, 2024 [May 23rd, 2024]
- Coherently excited superresolution using intensity product of phase-controlled quantum erasers via polarization-basis ... - Nature.com - May 23rd, 2024 [May 23rd, 2024]
- Quantum biology: New clues on how life might make use of weird physics - New Scientist - May 23rd, 2024 [May 23rd, 2024]
- Chinas father of quantum named Royal Society fellow as US targets sector - South China Morning Post - May 23rd, 2024 [May 23rd, 2024]
- Scientists move atoms so close together it may change quantum physics forever - - Study Finds - May 23rd, 2024 [May 23rd, 2024]
- "Impossible" quantum effects seen when squishing atoms together - Earth.com - May 23rd, 2024 [May 23rd, 2024]
- Beyond Hydrogen: Discovery of Tiny New Atom Tauonium With Massive Implications - SciTechDaily - May 23rd, 2024 [May 23rd, 2024]
- Quantum Coherence: Harvard Scientists Uncover Hidden Order in Chemical Chaos - SciTechDaily - May 23rd, 2024 [May 23rd, 2024]
- Netflixs 3 Body Problem: The science explained by an astrophysicist - Vox.com - March 24th, 2024 [March 24th, 2024]
- Entanglement entropies of nuclear systems gro - EurekAlert - March 24th, 2024 [March 24th, 2024]
- The Quest for a Theory of Everything Scientists Put Einstein to the Test - SciTechDaily - March 24th, 2024 [March 24th, 2024]
- Vibrating atoms are seen 'tuning' the energy of a single electron - Earth.com - March 24th, 2024 [March 24th, 2024]
- Innovator Spotlight: Joseph Maciejko | The Quad - University of Alberta - March 24th, 2024 [March 24th, 2024]
- A Breakthrough in the Control of Quantum Phenomena at Room Temperature Has Been Achieved, Researchers Say - The Debrief - February 16th, 2024 [February 16th, 2024]
- The End of the Quantum Ice Age: Room Temperature Breakthrough - SciTechDaily - February 16th, 2024 [February 16th, 2024]
- Quantum computer outperformed by new traditional computing - Earth.com - February 16th, 2024 [February 16th, 2024]
- URI program to help STEM professionals pivot into quantum information science careers - The University of Rhode Island - February 16th, 2024 [February 16th, 2024]
- Quantum realm controlled at room temperature for the first time - Earth.com - February 16th, 2024 [February 16th, 2024]
- Quantum Breakthrough: New Method Preserves Information Against All Odds - SciTechDaily - February 16th, 2024 [February 16th, 2024]
- Quantum computers get new design that makes them more "useful" - Earth.com - February 16th, 2024 [February 16th, 2024]
- Beyond Classical Physics: Scientists Discover New State of Matter With Chiral Properties - SciTechDaily - February 16th, 2024 [February 16th, 2024]
- Quantum research sheds light on the mystery of high-temperature superconductivity - Tech Explorist - February 16th, 2024 [February 16th, 2024]
- Unlocking the Mysteries of Quantum Many-Body Systems: A Look at Quantum Simulators and Universal Scaling ... - Medriva - February 16th, 2024 [February 16th, 2024]
- Functioning quantum internet makes giant stride closer to reality - Earth.com - February 13th, 2024 [February 13th, 2024]
- Exploring New Futures in Space: A Revolutionary Integration of Neuroscience, Quantum Physics, and Space Exploration - SETI Institute - February 13th, 2024 [February 13th, 2024]
- Uncovering the Quantum Plateau: Significance and Implications | Nature Physics - Medriva - February 13th, 2024 [February 13th, 2024]
- The State of the Art in Quantum Computing - Medium - February 13th, 2024 [February 13th, 2024]
- Beyond the Visible Universe: New Research Reveals How Gravity Influences the Quantum Realm - SciTechDaily - February 13th, 2024 [February 13th, 2024]
- Leader of IBM's Quantum Safe Team to speak at URI - University of Rhode Island - September 23rd, 2023 [September 23rd, 2023]
- University Assistant Predoctoral, Physics job with UNIVERSITY OF ... - Times Higher Education - September 23rd, 2023 [September 23rd, 2023]
- Zentropy A New Theory That Could Transform Material Science - SciTechDaily - September 23rd, 2023 [September 23rd, 2023]
- Researchers Studying the Quantum Realm Observe Alice in ... - The Debrief - September 23rd, 2023 [September 23rd, 2023]
- Augusta University graduate starts business in the artificial ... - Jagwire Augusta - September 23rd, 2023 [September 23rd, 2023]
- Quantum Echoes: A Revolutionary Method to Store Information as Sound Waves - SciTechDaily - August 14th, 2023 [August 14th, 2023]
- 'Quantum superchemistry' observed for the 1st time ever - Space.com - August 14th, 2023 [August 14th, 2023]
- Quantum Avalanche A Phenomenon That May Revolutionize Microelectronics and Supercomputing - SciTechDaily - August 14th, 2023 [August 14th, 2023]
- Applications of quantum mechanics at the beach - Symmetry magazine - August 14th, 2023 [August 14th, 2023]
- Book Review: On the Origin of Time Stephen Hawking's Final Theory - Moose Jaw Today - August 14th, 2023 [August 14th, 2023]
- Harnessing Quantum Technologies: The Next Big Leap in Global ... - Fagen wasanni - August 14th, 2023 [August 14th, 2023]
- The quantum avalanche - At the Vienna University of Technology, it ... - Chemie.de - August 14th, 2023 [August 14th, 2023]
- Semiconductors: The Linchpin of AI in Quantum Computing - Fagen wasanni - August 14th, 2023 [August 14th, 2023]
- The Promising Collaboration Between AI and Quantum Computing - Fagen wasanni - August 14th, 2023 [August 14th, 2023]
- String theory physicist changed quantum field theory - USC Dornsife College of Letters, Arts and Sciences - August 14th, 2023 [August 14th, 2023]
- QUANTUM SUPERCOMPUTERS. The words Quantum and ... - Medium - August 14th, 2023 [August 14th, 2023]
- Fourteen MIT School of Science professors receive tenure for 2022 ... - MIT News - August 14th, 2023 [August 14th, 2023]
- The Fascinating World of Quantum Integrated Circuits: The Next Big ... - Fagen wasanni - August 14th, 2023 [August 14th, 2023]
- Conclusive Evidence for Modified Gravity: Collapse of Newton's and ... - SciTechDaily - August 14th, 2023 [August 14th, 2023]
- Physicists Open New Path to an Exotic Form of Superconductivity - SciTechDaily - August 14th, 2023 [August 14th, 2023]
- The Principle of Least Action Now Exists in the Quantum Realm - Popular Mechanics - June 10th, 2023 [June 10th, 2023]
- Quantum materials: Electron spin measured for the first time - EurekAlert - June 10th, 2023 [June 10th, 2023]
- Life in a hologram | MIT News | Massachusetts Institute of Technology - MIT News - June 10th, 2023 [June 10th, 2023]
- If Black Holes Evaporate, Everything Evaporates - Universe Today - June 10th, 2023 [June 10th, 2023]
- Clever Ant-Man Easter Egg Links The Movie to the Real World's ... - Startefacts - June 10th, 2023 [June 10th, 2023]
- Quantum Cryptography: The Cutting Edge of Secure Communication - CityLife - June 10th, 2023 [June 10th, 2023]
- This 17-year-old works to make quantum mainstream - Indiatimes.com - June 10th, 2023 [June 10th, 2023]
- The multiverse is doomed and even Spider-Man and The Flash can't save it - Yahoo Entertainment - June 10th, 2023 [June 10th, 2023]
- Physics of Time Travel: A Scientific Perspective - Mirage News - June 10th, 2023 [June 10th, 2023]
- Quantum Spin Liquids: The Future of Superconductors - EnergyPortal.eu - June 10th, 2023 [June 10th, 2023]
- Interview: Three Books That Make Tess Gunty Angry - The New York Times - June 10th, 2023 [June 10th, 2023]
- Events Calendar School of Mathematics and Statistics Colloquium ... - Carleton University - June 10th, 2023 [June 10th, 2023]
- Graphene and Quantum Computing: A Match Made in Heaven - CityLife - June 10th, 2023 [June 10th, 2023]
- A Quantum Computer Simulation Has Reversed Time And Physics May Never Be The Same - Twisted Sifter - June 2nd, 2023 [June 2nd, 2023]
- Realizing the Einstein-Podolsky-Rosen Paradox for Atomic Clouds - Physics - June 2nd, 2023 [June 2nd, 2023]
- The US and UK team up to advance quantum information science - Fermi National Accelerator Laboratory - June 2nd, 2023 [June 2nd, 2023]
- How plants can perform feats of quantum mechanics - Big Think - June 2nd, 2023 [June 2nd, 2023]
- Physicists Make Matter out of Light to Find Quantum Singularities - Scientific American - June 2nd, 2023 [June 2nd, 2023]
- Eventually everything will evaporate, not only black holes - Science Daily - June 2nd, 2023 [June 2nd, 2023]
- Julius-Maximillians-Universitt Wrzburg Researchers Use ... - HPCwire - June 2nd, 2023 [June 2nd, 2023]
- TNTs The Lazarus Project Uses Suspense Trapping to Ask Smart ... - Roger Ebert - June 2nd, 2023 [June 2nd, 2023]
- Quantum Exponential: building a cutting edge quantum technology ... - The Armchair Trader - June 2nd, 2023 [June 2nd, 2023]
- IMDEA Software and IMDEA Networks work to deploy in the ... - EurekAlert - June 2nd, 2023 [June 2nd, 2023]
- Ian Hacking, Eminent Philosopher of Science and Much Else, Dies ... - The New York Times - June 2nd, 2023 [June 2nd, 2023]