Why Quantum-Resistant Encryption Needs Quantum Key Distribution for Real Security

SECURITY ANALYSIS: While the term “quantum proof” in regard to encryption has been bandied about for years, the reality is that you need more than that; you also need really secure key distribution.


The idea behind the use of quantum computers to break encryption lies in the fact that the encryption keys used by current encryption methods depend on a secret key that is used to encrypt and decrypt the information that’s being protected. Those keys are long, random—or, more likely, almost random—numbers that are shared between the parties encrypting the information and the parties decrypting it. Theoretically, you can use a variety of mathematical processes to determine the key and then use the resulting key to decrypt the information.

Until recently, the best defense for encrypted information was to make the key really long and really random. While a sufficiently powerful computer might be able to figure out the key eventually, it could require too much time to be useful. How much time? Perhaps the remaining age of the universe.

But with the advent of quantum computing, things have changed. A modern quantum computer can carry out computational operations dramatically faster, perhaps several orders of magnitude faster, than the fastest imagined binary computer. To keep information encrypted requires the use of a quantum resistant encryption method and a really long encryption key, because the longer the key, the longer it takes to crack the encryption.

New Keys for Each Event

For really secure communications, you then need to share a new key each time you want to communicate information that is supposed to be secret. The use of a new key each time is considered to be equivalent to using what cryptographers call a one-time pad. A one-time pad harkens back to the days when an actual encryption key was distributed on paper and a unique sheet of paper was used each time. Because each key is used only once, cracking such encryption is difficult.

But it’s not impossible. With really fast computers, it’s possible to figure out the key that’s being used, and then to decrypt all information that was encrypted using that key. Until recently, the risk of finding such a key was remote, but that was before commercial quantum computers such as the one IBM announced last week. Considering that national governments, such as China, are working on quantum computers even more powerful than anything available commercially, the risk is significant.

The way to get around such a risk is to use an even longer key for each encryption-decryption session, but to do that, you need a way to distribute those longer keys. This is the reason for the growing availability of quantum distribution networks, such as those now being operated by Quantum Exchange in the New York City area. The company is already in the process of expanding its quantum distribution networks outside of the New York area, and considering that the company is located in the Washington, D.C., suburbs, you can assume that such operations are also operating there.

Quantum key distribution works by sending the key, one bit at a time, using an individual quantum particle such as a photon. Because of the rules of quantum physics, it’s possible to detect whether that photon has been observed by anyone other than the sender and the recipient. This is because the actual act of observation imparts changes on the particle—usually by changing its polarization or spin—that can be detected.

Transmitting Keys Securely

If the receiving end detects enough changes, then it’s assumed that the key being transmitted has been observed, and the session is aborted and a new one, usually using a different transmission medium, is begun. By doing this, it’s possible to transmit a key securely and then to use that key to secure information that’s being transmitted.

This type of secure key distribution is currently being used between financial services companies on Wall Street and their remote data centers. Eventually, Quantum Exchange plans to provide quantum key distribution networks stretching from Washington to Boston.

As quantum computers become more widely available, quantum key distribution will become more necessary. While ordinary hackers can’t afford the technology required to crack quantum resistant encryption, national governments can, and the government that’s in the forefront of quantum computing right now is China.

Already, Chinese scientists have shown that they can break the previous distance barriers of fiber-based quantum networks by using space-based quantum distribution. Those same scientists are also developing quantum computers that are significantly more advanced than what IBM has just announced. Considering that the Chinese government is actively involved in hacking into computers in the U.S. and Europe as a way to take intellectual property as well as identity information, the risks are obvious.

IT Pros Need to Take Notice to Protect Enterprise Data

At this point, IT operations people need to begin taking extraordinary steps to protect their information. This means not only using quantum resistant encryption but also quantum key distribution, so that the encryption keys can be changed frequently enough to frustrate the efforts designed at this wholesale theft of data.

Quantum computing is only now reaching the point where it’s becoming a real risk that needs to be countered, but that in turn means that IT departments need to be thinking about quantum key distribution as a way to make sure their organization’s communications remain secure. Waiting doesn’t make sense, unless you want it to be your company that has to report the first quantum computer-powered breach.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...