Quantum technology provides valuable and highly effective tools in a variety of areas, including security. Recently, I discussed quantum-safe communications with Jörg-Peter Elbers, ADVA’s SVP of advanced technology. Here’s an edited transcript of the first part of our conversation.
Carl Weinschenk: What is quantum safe communications?
Jörg-Peter Elbers: What this means is very simple: I want to make sure that I can establish a secure communication channel. Even if somebody has a quantum computer, he cannot break the security of the channel.
CW: If it's a quantum computer versus quantum security, why does the latter win?
JPE: There are approaches which are secure from an information theory point of view. They cannot be broken even with infinite computing power. One of the approaches is when you rely on the laws of quantum physics to exchange a piece of information.
If you use quantums to exchange keys between two parties, there's no way from a theoretical point of view that an eavesdropper can get access to a quantum without the legitimate parties noticing it. You cannot observe a quantum without altering its state. Take the simple case of transmitting a single quantum. If an attacker intercepts it, the quantum is gone, as you cannot split a quantum.
CW: Once a hacker or anyone receives the quantum, it's just not there any longer for the legitimate recipient, right?
JPE: You cannot take this quantum into account for your communication, because it's just gone. This gives you, from a physical standpoint, a kind of unbreakable security. And that gives you the possibility of actually detecting that somebody is tapping the line, which is a nice benefit.
CW: What is post-quantum cryptography?
JPE: Post quantum cryptography uses particular algorithms where a quantum computer doesn't really give you any benefit over a conventional computer in breaking their security. There's a lot of activity going on in NIST for instance on this.
The idea is that rather than using an algorithm which is impossible to break by conventional computers – but which doesn't really impose a challenge for a quantum computer once it's available – you use an algorithm that nobody has found any possible way to break with a quantum computer in any reasonable time.
CW: Why is it important to look into post-quantum algorithms today?
JPE: Some algorithms which are part of crypto-systems today, and especially the key exchange protocols such as Diffie-Hellman, are known to be hard to crack by classical computers. But when a large-scale quantum computer is available they could break the system immediately. So the security of the system will be compromised at that point. If all the data is collected and stored until a quantum computer is available, you can decrypt all the information that was recorded. This may be a problem for some people and not for others. If you are a government agency or president of a country you may not want your information released even after a prolonged period of time.
CW: You said earlier that quantum key distribution works because if somebody tries any funny business, the whole thing collapses. If that's the case, why do you need PQC if quantum security is so air tight?
JPE: There are two things which you need to consider. One is you might not be able to say that nobody has made a mistake in the QKD implementation, because you normally only know afterwards. There is no such thing as 100% security.
The other thing is that quantum key distribution relies on physical principles. You can only implement it if you have access to the physical layer of your network. You need to have an optical connection, and you need to put in specific infrastructure in order to be able to get your quantum key distribution up and running.
CW: If nobody’s found a way to mess with PQC, why not just go with it?
JPE: I think the argument from people on the quantum key distribution side will be that just because nobody has found that loophole doesn't mean that the loophole doesn't exist. There isn't any mathematical evidence that it cannot be cracked by a quantum computer while the QKD folks can argue that we can, from physical principles, prove that in theory nobody can break our stuff.
I hope I haven't lost you in this overall discussion. It's a little complicated, right?
CW: I'm like Schrödinger's Cat. I'm in superposition. I understand it and I don't understand it. When they open the box, they'll see if I got it or not.
JPE: Well, I think this is actually easier than Schrödinger's Cat.