FEATURE: E&T Mag – The race for quantum-resistant cryptography

That large-scale universal quantum computers could break widely used encryption methods is well known, but what was once seen as a distant, even theoretical, problem is now driving the latest technology race.

There isn’t yet a universal quantum computer big enough to break the widely used public key encryption systems, such as RSA, that secure everyday online information exchanges. Nor does anyone know when there will be. But with many predicting a significant breakthrough this decade, companies and governments are racing to launch cryptographic solutions so they can claim a stake in what is expected to be a billion-dollar market.

Public key encryption is based on the assumption that factoring integers – whole numbers – with several hundred or more digits is practically impossible. An algorithm known as Shors showed that a quantum computer could meet the challenge, however, allowing bad actors to decrypt information and spy on communications without detection. And they wouldn’t even need a phishing email to do it. What’s more, governments are increasingly concerned about the risk of ‘harvest and decrypt later attacks’, whereby an adversary steals sensitive information to decode when they have the quantum capability.

Yet developing cryptographic defences for a threat that has not yet materialised and uses information belonging to a notoriously mind-blowing realm of physics is no mean feat. Most advanced quantum cryptography efforts, such as random number generation (RNG) and quantum key distribution (QKD), still have technological limitations. But there’s no doubt the field is experiencing its most exciting decade yet, with commercial quantum cryptography solutions now emerging.

UK-based Arqit is an interesting example. The firm, started by David Williams, a former investment banker and founder of telecom satellite company Avanti, has garnered much debate within quantum crypto circles for its somewhat opaque solution that uses neither QKD nor RNG.

The firm says it has invented a new, patented quantum protocol called Arc19 powered by satellites, which are set to launch in 2023. Its technology is a downloadable-to-any-device platform-as-a-service called ‘QuantumCloud’ that will initially be used for quantum-resistant communication between defence aircraft and drones and control centres, as well as blockchain, but could also work for Internet of Things (IoT) and smart city applications. Arqit has already signed a flurry of deals with major firms such as Babcock, BT, Verizon, and Northrop Grumman, as well as “large government customers globally”, which it says it can’t talk about.

According to its founder, the satellites send information encoded into the quantum properties of photons, which the laws of physics determine can never be stolen, to data centres on Earth.  

When one device wants to create a key with another, they both use their architect software to talk to different data centres to access an identical set of random numbers. Using these, they can create a brand new shared random number and ephemeral key to communicate securely. Keys can be created infinitely and work inside a pre-existing algorithm called AES256 (The Advanced Encryption Standard), which the US National Security Agency already recommends as ‘safe’ against attacks by a large quantum computer because it uses a sufficiently large key.

The simplicity of the technology can “seamlessly make the world secure”, according to Williams. “Although our tech stack contains transformational deep technological innovation, and our software protocol endpoints are completely new, we’re injecting keys into an algorithm that you already have installed on all of your devices – no revolution required,” he adds.

Arqit describe the system as “trustless” because the keys are never created by a third party; not even the satellites know what they are. This solves a fundamental problem with QKD satellite protocols: that data can be sent either globally or trustlessly, but not both, says Williams.

“Anyone who is trying to build a system that does QKD by satellite is wasting their time; it doesn’t work. If you can’t send keys globally, you’re of no interest to the internet. If you can’t send keys trustlessly, you’re not secure,” explains Williams. “No one has ever devised a cryptographic system which can make endless computationally secure, trustless and ephemeral keys. That is a world first.”

Rhys Lewis, head of the Quantum Metrology Institute at the National Physical Laboratory, doesn’t agree with the first point, however: “QKD over satellite removes the need for trusted nodes as the signal can be picked up from one point and transmitted directly to the receiving station. Only the satellite must be trusted,” he explains.

QKD by satellite is a key area of research and development, as it’s thought it can help overcome some of the range problems experienced by QKD via optical fibre. The UK and Singapore have a £10m initiative to co-develop QKD Qubesat, a satellite based on the CubeSat standard that will use a pioneering QKD technology to test the secure distribution of cryptographic keys over globe-spanning distances.

QKD protocols provide a mechanism for two remote parties to agree a shared secret key, where the key cannot be observed or tampered with by an adversary without alerting the original parties.

Last year, industry leader Toshiba launched the fruits of 20 years of research into development of QKD over optical fibre.  Its commercial hardware and management software combines RNG and PQC (Post-Quantum Cryptography) technologies for an all-in-one package that Toshiba will use to build the world’s first commercially available quantum-secured metro network with BT. The network will connect the London financial and creative industries with data centres to the west of the city. It’s expected to be operational in early 2022. Previously the two companies connected two industrial facilities in Bristol using 6km of fibre-optic cable that shared encryption keys using a stream of single photons.

Rather than only point-to-point, the new project will operate as a mesh, connecting various nodes to create end-to-end secure communications, according to Toshiba. But it faces several restrictions. Quantum cryptography protects the transport of the keys between the nodes; however, the nodes need to be placed in secure locations, which is usually the central office of the telecom operator.

“No cryptographic technology is trustless – you can’t make cryptography technology without trusting someone,” says Andrew Shields, head of the quantum technology division at Toshiba Europe. However, he adds, using multiple paths for keys in the network can protect against attack on any single node.