By John Prisco
Recently I had the pleasure of speaking at the ISS Post Quantum Crypto Conference and sharing the reality of Quantum Key Distribution (QKD) with the conference attendees.
During the conference, Dr. Dustin Moody from NIST gave an update on the Post Quantum Crypto “competition” currently running through NIST that consists of 64 current contenders and a projected date of 2022-2023 for NIST to have chosen a few of these crypto algorithms and issue their post crypto recommendations.
This competition relates directly to the current kind of crypto used widely today—math-based algorithms being used primarily for Public Key Encryption (PKE). In a few years’ time, when quantum computers are a reality, this kind of encryption, which is used worldwide, will be rendered useless as it will be breakable by quantum computer technology. While the initiatives being undertaken by NIST to find new stronger algorithms to withstand the strength of quantum computers are commendable, the reality is that we don’t really know how effective they will be, and the new algorithms are likely not going to be available, let alone deployed, before quantum computers arrive.
And that’s where QKD comes in—as a provably secure, viable alternative that is available now to secure vital communications end-to-end.
QKD doesn’t address all of the threats posed by quantum computers to the many encryption algorithms in existence. However, the imminent quantum threat is to PKE, which impacts protocols such as TLS and SSH. Quantum computers will just melt the PKE used by those protocols. Anything sent—including data, and the symmetric encryption (think AES) keys that are used to protect that data—will be instantly available to the attacker. And that PKE-encrypted network traffic is being harvested and stored by threat actors right now, so it can be replayed and decrypted later.
Strategic consulting firms and analyst research groups are telling organizations that if they want to protect their current network traffic from being decrypted for more than three to five years, they should be looking at addressing this threat. QKD not only directly addresses the future threat of quantum computers, but also helps boost existing encryption tools and investments by offering organizations the most hardened and unbreakable means of securing the communications channel of your most critical data without having to rip or replace anything.
Symmetric key encryption is also impacted by quantum computing but is not at risk of being broken any time soon. By simply doubling the symmetric key length, the quantum threat is mitigated. But all encryption – including any quantum-safe encryption that NIST will ultimately approve – is useless if you cannot securely transmit the encryption keys.
So, far from being merely a band-aid, QKD becomes the underpinning for all future cryptographic key exchange precisely because it is immune to all increases in computing power. To that end, we are pleased to be part of the NIST Cryptographic Module Validation Program for our QKD solution.