Quantum technologies present us with great possibilities in terms of processing power, but also raise very significant concerns around security. Quantum is both an enormous opportunity and a huge threat.
Arne Matthyssen, Chief Technology and Innovation Officer, outlines the current state of play, and explores whether we should be focussing on quantum key distribution or post-quantum encryption, or both, to secure future quantum communications infrastructure.
In the realm of cutting-edge technology, quantum computing has emerged as both a marvel and a concern. The appeal of ‘quantum leaps’ in processing power has been quickly overshadowed by the realization that such ability could potentially undermine our digital security.
The vulnerability of conventional encryption to quantum computers’ unprecedented capabilities prompted a response rooted in the very principles of quantum physics, initiating a global interest in quantum technology, encompassing quantum communications infrastructure (QCI), quantum key distribution (QKD), and more.
Leading the charge are nations like Singapore, The Netherlands, Canada, Belgium (led by the Belgian Science Policy Office) and Luxembourg. The latter has been instrumental in the European QCI (EuroQCI) endeavour and has taken great strides with its Luxembourg QCI (LuxQCI) programme. Projects like the Eagle-1 satellite and End-to-End International Use Cases for Operational QKD Applications and Services (INT-UQKD), facilitated by the Luxembourg Space Agency, underscore the country’s commitment to innovation, and the European Space Agency (ESA).
However, it is now time to extend the innovation beyond scientific breakthroughs; we need to translate intricate technologies into sustainable business models and tangible benefits for end-users.
How will technical advances turn into practical services?
While significant achievements have taken place in subsystem-level developments and refinement over the last years, we must now confront the intricate task of weaving these elements into coherent quantum ecosystems, infrastructures, services and businesses. This challenge involves seamlessly integrating modern quantum infrastructure with conventional systems without compromising the essence of, for example, QKD’s security capacity.
Industry front-runners are currently doing their best to orchestrate and integrate innovation, interconnecting dark fibre, terrestrial and space-based trusted nodes, and sophisticated key management frameworks. Nevertheless, complexities remain – from the scalability of key generation and cross-network operability to encrypted data storage, last-mile connectivity, cross-border connectivity and holistic end-to-end security.
For a truly sustainable commercial service, national borders and interaction between networks built on different technology stacks and suppliers cannot be a hurdle. It is therefore no surprise that standardization requests are emerging more frequently – fortunately, standards bodies are picking up on such needs.
QKD or post-quantum encryption? Or both?
Quantum encryption introduces a paradox because it provides an impenetrable shield of randomness and security but demands a significantly high investment in infrastructure. This includes dealing with distances and disturbances to the optical channel, such as clouds and rain that may affect satellite links within the QCI infrastructure.
Some fundamental questions therefore remain. Is QKD’s value proposition compelling enough to outweigh its intricacies and costs? Or should we, in tandem, explore the potential of post-quantum encryption (PQC), bearing in mind the synergies of a hybrid approach?
The answers to these questions are, in my humble opinion, the following:
- The risk – financially and societally – of failed security will determine whether the investment is worth it or not. This will differ from application to application, from organization to organization and from nation to nation.
- Even though I like the quantum physics behind QKD solutions, I know that PQC can provide the required security, fulfilling the needs defined in many domain/service/business/nation-specific threat risk assessments. And yes, for sure, the hybrid approach is the way I would go. The future will bring many new insights and technologies, and I see significant added value in solving the last mile where new high tech meets old/conventional communications technology.
What do we do now?
It is clear that we now have to move from theory to practice, and go and test the thing! We need, through practical real-life applications and infrastructure setups, to understand what we do not currently understand, and get to know what we do not yet know. A key approach to doing so is to create minimum viable products/infrastructures/services (MVP) with real end-users, preferably commercial or (inter)governmental.
Each such MVP chips away at the surface of quantum complexity, uncovering insights that could shape the future landscape. We will inevitably encounter technology integration requirements, potential certification requisites and compliance benchmarks, aligning with industry standards and regulatory directives.
MVPs and targeted trials are our compass, directing us towards quantum solutions that are both economically viable and will positively transform society. In a digital age that thrives on seamless secure communication, quantum technology and post-quantum cryptography are not merely technical marvels, but have the potential to be a cornerstone in securing our digital civilization.