Experts disagree on timing, but carriers and customers should expect quantum technology capable of breaking today’s encryption to emerge in the 2030s
“Q-day,” the day when quantum computers will be able to defeat the Internet’s current security mechanisms, is fast approaching. While experts do not agree on when exactly this will occur, carriers, network operators, cloud providers, and their end customers can assume that quantum technology capable of breaking today’s public-key encryption algorithms will be available in the 2030s. So why pay attention to this now, when there are so many other evolving threats to tackle today? Two strong reasons. 1. Technology infrastructure updates are complex and require a lot of time. And 2. Attackers are already using surveillance techniques that will make it impossible to catch up after Q-Day.
The real issue with Q-day
Networked systems and the applications they enable rely on math-based public key cryptography or public key infrastructure. Asymmetric encryption protocols, such as RSA and Elliptic Curve Cryptography (ECC), which are the most popular and integrated into networked systems today, will be fully broken by the advent of a cryptographically-relevant quantum computer. (CRQC).
A Global System for Mobile Communications Association (GSMA) white paper on quantum’s impact on the telecommunications industry outlines the problem clearly, stating, “Prior to the availability of a CRQC, motivated bad actors may harvest data and store it, with the goal of decrypting it once quantum computing capabilities become available. This attack undermines the security of data with long-lived confidentiality needs, such as corporate IP, state secrets or individual bio-data. It is widely believed that some actors are already engaging in this type of attack.”
Harvest Now Decrypt Later (HNDL) infiltrations and the complexity of upgrading these types of systems underscore the need to start addressing quantum readiness now.
A physics-based alternative to vulnerable math-based encryption
As service providers face rising threats, a layered approach that includes Post-Quantum Cryptography (PQC), Quantum Key Distribution (QKD), and Quantum Secure Communications (QSC) incorporates a physics-based alternative to vulnerable math-based encryption — a virtually unhackable quantum network – for high volume ultra-sensitive data-in-transit. PQC consists of math-based algorithms that replace the legacy math-based algorithms that are used within asymmetrical and symmetrical encryption, while QKD advances security by leveraging quantum physics to establish shared keys. QSC leverages entanglement-based protocols such as E91 and BBM92 that have been studied for many decades, are well understood, and have security proofs.
However, instead of using unsecure trusted relay nodes as QKD does, QSC uses secure quantum repeaters. Once a quantum network makes use of quantum repeaters, it becomes a multi-purpose quantum network, capable of running several applications simultaneously on the same quantum network. This is a provably secure way to protect data-in-transit and communications while supporting new applications like secure interconnect for clouds and data centers, quantum position verification (QPV), networking of quantum computers, and networking of distributed quantum sensors.
Working with existing infrastructure
Quantum networks are not intended to replace classical networks, and operators can breathe a sigh of relief knowing that they won’t need a forklift upgrade of all their existing equipment. Quantum networks will augment classical networks to offload specific functions like encryption key establishment. As operators look to become quantum-ready, they should consider solutions that help them leverage their existing investments. This includes:
- Flexible software that is capable of interfacing with multiple vendors’ routers, switches, and quantum devices.
- Software Defined Network Architecture best practices that separate the data plane, control plane, and orchestration plane.
- Scalability. Quantum solutions should be ready to grow and evolve as needs change, with support for the inevitable changes the network will undergo.
Entanglement-based quantum networks can be integrated with existing network infrastructure. Keep your existing routers, firewalls, VPNs, and encryptors, change how secret keys are generated and delivered. An entanglement-based quantum network provides secret keys to the gear operators already use, and can be used to protect data now against threats we already know are coming. The same entanglement-based quantum network can also provide Quantum Position Verification (“QPV”), unspoofable location-based security that is not available on classical networks today.
