29 Oct 2021

Cutting through the hype – Post-Quantum Cryptography vs Quantum Key Distribution

In this article, Chris Erven, KETS Security cuts through the hype and helps define quantum-safe technologies that industries and enterprises can use to make key decisions. Part of techUK's Quantum Campaign Week

There is a lot of hype around quantum computing and quantum technologies, and I can only imagine the difficulties facing a CISO or CTO trying to cut through this. To help with this, I’ve had in my minds’ eye an apples-to-apples table comparing key quantum-safe information security technologies for a while.

Now I’m from a quantum security technologies company – so you might argue I’m biased, but I also used to be an academic – so I have a very hard time not being precise in what I say and write. Moreover, if you disagree with anything in this article – get in touch!

My goal is to establish clear information about quantum-safe technologies that industries and enterprises can use to make key decisions because it’s not just about looking ahead to what’s next but also what’s after that and then what’s after that. In addition, I also want you as individuals to have clear information about secure technologies for a post-quantum world to enable you to make informed decisions about the companies you use to store and transmit your personal data.

To start with, let’s establish definitions of a few key terms that can get butchered in the marketing:

  • quantum-safe means cryptographic primitives and protocols that cannot efficiently be broken using either a conventional or a quantum computer;
  • a post-quantum world means a world in which quantum computers exist;
  • post-quantum cryptography (PQC) algorithms mean (in terms of the NIST competition) quantum resistant public-key cryptographic primitives of digital signatures and key encapsulation mechanisms
  • quantum key distribution (QKD) means a secure symmetric key distribution protocol which uses quantum systems (qubits) to distribute the key;

There has been a heated debate raging for years in academics of who “solves” cryptography, it has been a complete waste of time. The answer is clearly both. They are both key tools (along with many others) in our crypto toolbox to build next generation quantum-safe applications. Each has different trade-offs, and we’ll deploy the best ones for the job because there really is a lot of nuance that is use-case and application specific.

 

Feature

PQC

QKD

Summary

Security

Conjectured security

Proven theoretical security

Future proof

QKD is the only cryptographic primitive that has been proven secure in theory assuming nothing more than the laws of quantum mechanics are correct.

Distance

Unlimited distance

Currently requires Trusted Nodes for unlimited distance

PQC algorithms have an unlimited distance because they operate at the software layer. A single QKD link is currently limited to a few 100 km’s with a sweet spot in the 20 - 50 km range. Work on quantum repeaters and satellite-QKD is on-going to extend the range.

Cost

$$

(full lifecycle costs not yet known)

$$$

(full lifecycle costs not yet known)

Currently, PQC algorithms do have the advantage of cost, but with a chip-based approach to quantum security technologies their costs are rapidly coming down.

Authentication

Authentication methods included in PQC

Initial shared secret or use of PQC authentication methods

Secure key growth forever after

Use an initial shared secret for QKD if you want to 100% verify you’re talking to who you think you are. Otherwise, use PQC for a first connection.

QKD efficiently generates key such that after the first session you can always save a small amount of key to authenticate the next session.

Certification

Draft standards - NIST PQC Competition

Draft standards - ETSI, ITU-T, ISO, ...

Neither PQC algorithms nor QKD have established standards – both are currently in draft form.

Integration

Software

(increased memory and/or time requirements and cost)

Hardware

(increased hardware integration costs)

New PQC algorithms generally have increased time or memory requirements and costs, while QKD systems require integration at the hardware level and an optical channel to distribute keys.

Implementation Security

Requires a security-by-design approach

Requires a security-by-design approach

Both PQC algorithms and QKD require a security-by-design approach and fail-safe mechanisms to ensure a secure implementation.

Security Assurance

Requires real-world vulnerability and security assessment

Requires real-world vulnerability and security assessment

Both require real-world vulnerability and security assessment. A key on-going need is the development of robust methods for these.

 

The arrival of quantum computing has raised the awareness of how costly it is to upgrade our cryptosystems and how prohibitively costly it is to retrofit them. Cryptographic agility is a must in the future. Hopefully the above has been helpful to dispel some of the hype around quantum security technologies so that you can start to make key decisions about your own quantum-safe roadmap.

But remember it’s not just your next immediate step you should consider, soon securing our classical data in quantum-safe ways will be a given and you’ll need to start thinking about when you’ll be sending encrypted quantum information (qubits) into the cloud or when you’ll be playing with early incarnations of the quantum internet. If you want to not only make your company quantum-safe in a post-quantum world, but also want to set your company up to capitalise on the coming quantum revolution, now is the time to get involved testing all of the new quantum-safe tools.

The timing is perfect with a number of quantum-safe testbeds that seek to include all of these new quantum-safe tools in the toolbox including our Canada-UK Quantum Technologies project building quantum-safe testbeds in the UK and Canada, our ViSatQT and AQRNG projects focused on satellite-QKD and the assurance of quantum random number generators, the ParisQCI project where we are a key quantum security technology partner helping to build a quantum-safe core backbone network in Paris, or the wider EuroQCI project building a secure quantum communication network across the EU. Get in touch if you want to find out the latest about these and other projects and how our technology can help future-proof your cybersecurity.

And like I said from the outset, we’re interested to hear your thoughts, if you want to challenge any of the claims in the table, please get in touch. We will continue to update the table on KETS’ website so that you always have a comprehensive source of clear information to come back to about quantum-safe technologies.

This table can also be viewed on the KETS website here: https://kets-quantum.com/2021/10/29/cutting-through-the-hype-post-quantum-cryptography-vs-quantum-key-distribution/

Quantum Commercialisation Week

Click here to read more insights published during techUK's Quantum Commercialisation Week

Click Here

 

Laura Foster

Laura Foster

Programme Manager, Technology and Innovation, techUK

Laura is techUK’s Programme Manager for Technology and Innovation.

She supports the application and expansion of emerging technologies across business, including Geospatial Data, Quantum Computing, AR/VR/XR and Edge technologies.

Before joining techUK, Laura worked internationally in London, Singapore and across the United States as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.

Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.

Email:
[email protected]
LinkedIn:
www.linkedin.com/in/lauraalicefoster

Read lessmore

Zoe Brockbank

Programme Coordinator, Policy, Tech and Innovation, techUK

Zoe is a Programme Assistant, supporting techUK's work across Policy, Technology and Innovation.

The team makes the tech case to government and policymakers in Westminster, Whitehall, Brussels and across the UK on the most pressing issues affecting this sector and supports the Technology and Innovation team in the application and expansion of emerging technologies across business, including Geospatial Data, Quantum Computing, AR/VR/XR and Edge technologies.

Before joining techUK, Zoe worked as a Business Development and Membership Coordinator at London First and prior to that Zoe worked in Partnerships at a number of Forex and CFD brokerage firms including Think Markets, ETX Capital and Central Markets.

Zoe has a degree (BA Hons) from the University of Westminster and in her spare time, Zoe enjoys travelling, painting, keeping fit and socialising with friends.

Email:
[email protected]k.org
Phone:
020 7331 2174
Website:
www.techuk.org

Read lessmore

 

Related topics