By: Jim Ricotta

Experts estimate that quantum technology capable of breaking current encryption algorithms and intercepting communications will be possible no later than 2030. The day the first quantum computer (or a network of quantum computers) is able to decrypt security schemes currently in-use is widely referred to as Q-Day, and due to the complexity of upgrading these systems, network operators and other organizations need to be taking steps now to prepare for this looming threat to existing networks and communications encryption.

Why Worry About Q-Day Now?

If Q-day might not happen until the end of the decade, many organizations may believe that they have years before they need to worry about quantum attacks. To understand why this isn’t true, let’s take a look at how we currently protect information.

Asymmetric encryption like RSA, ECC, Diffie-Helman, and public key security are standards that most organizations rely on today to keep data safe. They are used for authentication and key distribution, and are absolutely vital to cybersecurity. Shor’s algorithm has been around for 30 years and has been proven to efficiently crack these security schemes. It’s just a matter of time before quantum computing technology is advanced enough to run Shor's algorithm on large inputs.

What does this mean in real terms for those organizations—the governments, network operators, other businesses, and individuals using these standards today? Essentially, all information that is sent across the Internet will be rendered unsecure by future quantum computers. Defensive military, intellectual property, financial, medical, and even infrastructural information are all at risk.

It's easy to imagine just how disastrous it could be if this information falls into the wrong hands, but just as easy to push this into some “future” bucket. Unfortunately, the information we are sending today is also a risk due to “Harvest Now, Decrypt Later” attacks—in which an adversary steals encrypted data that they can't currently decrypt. The adversary holds onto this encrypted data until they're able to decrypt the data, when they have access to a quantum computer capable of running Shor's algorithm.

Think about the kinds of information that needs to remain secure for long periods of time: military and defense, intellectual property, and financial and medical information, among others.

Because of the looming threat of Q-day, and the immediate threat of “Harvest Now, Decrypt Later” attacks, organizations need to come up with a countermeasure to this quantum threat as soon as possible.

Three Solutions to Address the Looming Threat

At this point in time, there are three main solutions proposed to address the challenge of preparing for Q-day: post-quantum cryptography (PQC), quantum key distribution (QKD), and quantum secure communication (QSC). With PQC, the idea is to replace the end-use classical security algorithms that are going to be broken by quantum computers with classical security algorithms designed to be quantum safe. These new security algorithms are based on math problems that are believed to be difficult for quantum computers to solve. This is a purely classical solution, and it can be deployed over the classical internet. PQC is thought of as a good short-term solution because it's relatively quick and easy to implement. PQC algorithms have been heavily scrutinized for years, and they're believed to be secure. Unfortunately, they are not mathematically proven to be secure and could be broken in the future by quantum or even classical computers. Two of the most promising PQC algorithms, RAINBOW and SIKE, were already broken by standard classical computers.

QKD is a physics-based solution, relying on the properties of superposition and measurement, and uses quantum properties to always be able detect the presence of an eavesdropper. In theory, at the protocol level, this works great. The implementation vulnerabilities though—like the requirement for trusted relay nodes if you want to distribute a key between nodes that are far apart—makes QKD much less secure in practice. The "trusted" part of this term is misleading. Trusted relay nodes are not nodes you can trust, but nodes that you need to trust, and if they become compromised, your key will become compromised as well. QKD networks may also require the deployment of additional resources, such as QKD devices and additional optical fiber. They also only support the single purpose of key distribution.

QSC refers to the entanglement-based quantum security protocols that run over and are enabled by entanglement-based quantum networks. This is a physics-based solution, relying on the property of entanglement and measurement. Similar to QKD protocols, quantum properties can always detect the presence of an eavesdropper when communicating a quantum message. Organizations can create an encryption key that no unwanted party can access. The implementation of QSC is also secure