To QKD Or Not To QKD: What Quantum Key Distribution Means For Business
(Forbes) Two major federal organizations are working toward developing real-world applications of quantum computing. But they’re working at opposite ends of the optical fiber, as it were, and this disconnect could reverberate down the line for how quickly and effectively businesses can take advantage of quantum speed and security.
John Prisco asks: Why is this critical? Because as the size and scale of data grow (think big data, growing exponentially every day), governments and companies need computers that can work with the scope of the data to create actionable analytics.
But with great processing power comes the need for a major upgrade in security. When using traditional computer security techniques based on mathematical algorithms, you’re waging a battle against time. A hacker can hold on to encrypted data and, given enough time, they can crack the encryption.
Two Opposing Quantum Viewpoints?
The National Science Foundation, under the auspices of the Department of Energy, has gone all-in on quantum computing, combining millions in private and public monies to bring together a collaborative team of scientists and engineers. You could say they are dealing with the head of the quantum “snake,” working on applications of quantum technologies for computing, networking, security and materials development.
On the other hand, the National Institute of Standards and Technology (NIST), in coordination with the National Security Agency (NSA), is focused on anointing post-quantum cryptography (PQC) or quantum-resistant mathematical algorithm to be selected as the standard for quantum-based cryptography. This process has been playing out in public since 2017 and is not expected to conclude with a new standard until 2022 or 2023. The queasy feeling in your stomach is the realization that China will have as many as six years to break the new standard before it even sees the light of day. The question isn’t whether NIST’s standard will be violated, but when.
With their focus on math instead of physics, NIST researchers have laid out five reasons QKD is a nonstarter. Based on my 30-plus years of experience working in security technology and quantum computing, I call these the:
Five Myths Of QKD
1. QKD is only a partial solution.
2. QKD requires special, purpose-built equipment.
3. QKD increases infrastructure costs and opens the door to insider threats.
4. QKD lacks practical application.
5. QKD has an increased risk of denial of service.
No security expert would ever say to use just one system or rely on just one approach. A defense-in-depth strategy deploying more than one kind of encryption can provide the layers of protection that will prove resilient. QKD is an excellent first step toward quantum security.