Oxford University Press's
Academic Insights for the Thinking World

Who needs quantum key distribution?

Chinese scientists have recently announced the use of a satellite to transfer quantum entangled light particles between two ground stations over 1,000 kilometres apart. This has been heralded as the dawn of a new secure internet.

Should we be impressed? Yes – scientific breakthroughs are great things.

Does this revolutionise the future of cyber security? No – sadly, almost certainly not.

At the heart of modern cyber security is cryptography, which provides a kit of mathematically-based tools for providing core security services such as confidentiality (restricting who can access data), data integrity (making sure that any unauthorised changes to data are detected), and authentication (identifying the correct source of data). We rely on cryptography every day for securing everything we do in cyberspace, such as banking, mobile phone calls, online shopping, messaging, social media, etc. Since everything is in cyberspace these days, cryptography also underpins the security of the likes of governments, power stations, homes, and cars.

Cryptography relies on secrets, known as keys, which act in a similar role to keys in the physical world. Encryption, for example, is the digital equivalent of locking information inside a box. Only those who have access to the key can open the box to retrieve the contents. Anyone else can shake the box all they like – the contents remain inaccessible without access to the key.

A challenge in cryptography is key distribution, which means getting the right cryptographic key to those (and only those) who need it. There are many different techniques for key distribution. For many of our everyday applications key distribution is effortless, since keys come preinstalled on devices that we acquire (for example, mobile SIM cards, bank cards, car key fobs, etc.) In other cases it is straightforward because devices that need to share keys are physically close to one another (for example, you read the key on the label of your Wi-Fi router and type it into devices you permit to connect).

GPG Passphrase by Linux Screenshots. CC BY 2.0 via Flickr.

Key distribution is more challenging when the communicating parties are far from one another and do not have any business relationship during which keys could have been distributed. This is typically the case when you buy something from an online store or engage in a WhatsApp message exchange. Key distribution in these situations is tricky, but very solvable, using techniques based on a special set of cryptographic tools known as public-key cryptography. Your devices use such techniques every day to distribute keys, without you even being aware it is happening.

There is yet another way of distributing keys, known as quantum key distribution. This uses a quantum channel such as line of sight or fibre-optic cable to exchange light particles, from which a cryptographic key can eventually be extracted. Distance limitations, poor data rates, and the reliance on specialist equipment have previously made quantum key distribution more of a scientific curiosity than a practical technology. What the Chinese scientists have done is blow the current distance record for quantum key distribution from around 100kms to 1000kms, through the use of a satellite. That’s impressive.

However, the Chinese scientists have not significantly improved the case for using quantum key distribution in the first place. We can happily distribute cryptographic keys today without lasers and satellites, so why would we ever need to? Just because we can?

Well, there’s a glimmer of a case. For the likes of banking and mobile phones, it seems unlikely we will ever need quantum key distribution. However, for applications which currently rely on public-key cryptography, there is a problem brewing. If anyone gets around to building a practical quantum computer (and we’re not talking tomorrow), then current public-key cryptographic techniques will become insecure. This is because a quantum computer will efficiently solve the hard mathematical problems on which today’s public-key cryptography relies. Cryptographers today are thus developing new types of public-key cryptography that will resist quantum computers. I am confident they will succeed. When they do, we will be able to continue distributing keys in similar ways to today.—in other words, without quantum key distribution.

Who needs quantum key distribution then? Frankly, it’s hard to make a case, but let’s try. One possible advantage of quantum key distribution is that it enables the use of a highly secure form of encryption known as the one-time pad. One reason almost nobody uses the one-time pad is that it’s a complete hassle to distribute its keys. Quantum key distribution would solve this. More importantly, however, nobody uses the one-time pad today because modern encryption techniques are so strong. If you don’t believe me, look how frustrated some government agencies are that we are using them. We don’t use the one-time pad because we don’t need to. The same argument applies to quantum key distribution itself.

Finally, let’s just suppose that there is an application which somehow merits the use of the one-time pad. Do the one-time pad and quantum key distribution provide the ultimate security that physicists often claim? Here’s the really bad news. We have just been discussing all the wrong things. Cyber security rarely fails due to problems with encryption algorithms or the ways that cryptographic keys are distributed. Much more common are failures in the systems and processes surrounding cryptography. These include poor implementations and misuse. For example, one-time pads and quantum key distribution don’t protect data after it is decrypted, or if a key is accidentally used twice, or if someone forgets to turn encryption on, etc. We already have good encryption and key distribution techniques. We need to get much better at building secure systems.

So, I’m very impressed that a cryptographic key can be distributed via satellite. That’s great – but I don’t think this will revolutionise cryptography. And I certainly don’t feel any more secure as a result.

Featured image credit: Virus by geralt. CC0 public domain via Pixabay.

Recent Comments

  1. Bruno Huttner

    This blog is a well-written discussion about the recent launch and first results of the Chinese Quantum Satellite, and its implication for cryptography. As an employee of ID Quantique, the only company commercialising quantum key distribution systems (outside of China of course), my view is rather different. I will express it in details in a different format, and hope to provide more than “a glimmer of a case”.

    However, as a brief comment, I believe that the blog misses a key element. The real question is not: “Who needs quantum key distribution?”, but rather: “Why does a superpower like China spends billions of dollars building a 2’000 km-long quantum key distribution backbone and launching a full-scale space program dedicated to quantum communication?” Dismissing it as a publicity stunt is easy. The argument would go this way: this Chinese investment is run by a bunch of physicists, who performed a nice physics experiment; they managed to (wrongly) convince their government that it could also be useful for secure communications; nothing we need to worry about. Unfortunately, underestimating Chinese abilities is an all-too-common trend in Europe and the USA. It has proved very damaging to our industries in the past. The truth is that China has most probably very capable cryptographers, who have been involved in this project as well. And these cryptographers have also assessed the different alternatives. If China has launched a quantum communication program on such a scale, they must have some good reasons. You do not build a 2’000 km-long backbone from scratch (they purchased the best low-loss fiber from Corning and installed it in a new network), just to do an experiment.

    We are not in a position to provide a definite answer, but here are a few possibilities. The first one is that China is aware of faster progress towards a quantum computer, for example in the USA, which will enable US agencies to break existing public-key systems in the near future. The second one is that they are aware of attacks on quantum resistant algorithms candidates. The third one is that they have already designed good attacks themselves, and therefore do not trust them. A fourth one is that they believe that public-key systems may not be safe at all. After all, we do know that some entities do not wish to use public-key crypto, even in a conventional framework. In any case, there must at least a few cryptographers today in China, who are not so confident in the “new public-key cryptography that will resist qunatum computers”.

    All of these point to the same direction. The security of existing public-key algorithms is threatened. Trusting that the development of new ones will restore the security before it is too late is a potential risk. Exploring different alternatives, such as quantum key distribution, is required. This seems to be the path our Chinese colleagues have taken. Let’s not dismiss this approach without proper consideration.

  2. Bruno Huttner

    This blog is a well-written discussion about the recent launch and first results of the Chinese Quantum Satellite, and its implication for cryptography. As an employee of ID Quantique, the only company commercialising quantum key distribution systems (outside of China of course), my view is rather different. I will express it in details in a different format, and hope to provide more than “a glimmer of a case”.

    However, as a brief comment, I believe that the blog misses a key element. The real question is not: “Who needs quantum key distribution?”, but rather: “Why does a superpower like China spends billions of dollars building a 2’000 km-long quantum key distribution backbone and launching a full-scale space program dedicated to quantum communication?” Dismissing it as a publicity stunt is easy. The argument would go this way: this Chinese investment is run by a bunch of physicists, who performed a nice physics experiment; they managed to (wrongly) convince their government that it could also be useful for secure communications; nothing we need to worry about. Unfortunately, underestimating Chinese abilities is an all-too-common trend in Europe and the USA. It has proved very damaging to our industries in the past. The truth is that China has most probably very capable cryptographers, who have been involved in this project as well. And these cryptographers have also assessed the different alternatives. If China has launched a quantum communication program on such a scale, they must have some good reasons. You do not build a 2’000 km-long backbone from scratch (they purchased the best low-loss fiber from Corning and installed it in a new network), just to do an experiment.

    We are not in a position to provide a definite answer, but here are a few possibilities. The first one is that China is aware of faster progress towards a quantum computer, for example in the USA, which will enable US agencies to break existing public-key systems in the near future. The second one is that they are aware of attacks on quantum resistant algorithms candidates. The third one is that they have already designed good attacks themselves, and therefore do not trust them. A fourth one is that they believe that public-key systems may not be safe at all. After all, we do know that some entities do not wish to use public-key crypto, even in a conventional framework. In any case, there must be at least a few cryptographers today in China, who are not so confident in the “new public-key cryptography that will resist quantum computers”.

    All of these point to the same direction. The security of existing public-key algorithms is threatened. Trusting that the development of new ones will restore the security before it is too late is a potential risk. Exploring different alternatives, such as quantum key distribution, is required. This seems to be the path our Chinese colleagues have taken. Let’s not dismiss this approach without proper consideration.

  3. Keith Martin

    Bruno, I am not entirely convinced by any of your four potential explanations for the Chinese quantum satellite project, but obviously we simply don’t know. I think it is much more likely a statement of Chinese technical prowess – more than a “publicity stunt” I would argue, but rather a geopolitical flexing of muscles.

    You are correct that it is good to have alternative technologies. I think public-key cryptography does have a long-term future, but I do also think that quantum key distribution may have niche applications, perhaps in high security environments.

    But we are both future gazing, and only the passage of time will reveal who is right . I do think that quantum key distribution is often presented through rosy-tinted glasses (as indeed are many new technologies), and has indeed in the past been deployed as a publicity stunt rather than in applications where it is really needed. I remain unconvinced by it, but would be delighted to be proved wrong, as it is very cool!

Comments are closed.