QNu Labs

Categories
Blog

QNu Labs’ Hybrid Approach: Blending Quantum and Post-Quantum Cryptography for Future-Proof Security

QNu Labs' Hybrid Approach: Blending Quantum and Post-Quantum Cryptography for Future-Proof Security

QNu Labs' Hybrid Approach: Blending Quantum and Post-Quantum Cryptography for Future-Proof Security

AUGUST 19, 2024 | QNu Labs

SHARE

As the digital landscape evolves, the threat of quantum computing to conventional encryption methods becomes increasingly real. Quantum computers, with their ability to solve complex problems exponentially faster than classical computers, pose a significant risk to the encryption algorithms that currently safeguard our data. Recognizing this, QNu Labs, a pioneer in quantum-safe security solutions, has adopted a hybrid approach that integrates both quantum and post-quantum cryptography.

The Quantum Threat

Current cryptographic methods, such as RSA and ECC, rely on the difficulty of solving specific mathematical problems, like factoring large numbers or computing discrete logarithms. Quantum computers, once fully realized, could break these encryptions in a fraction of the time it would take classical computers, rendering them obsolete.

The Hybrid Solution

QNu Labs addresses this looming threat by adopting a hybrid approach that combines the best of both quantum cryptography and post-quantum cryptography. This approach provides a dual layer of security, ensuring that data remains secure even as quantum computing progresses.

Quantum Cryptography:

At the core of QNu Labs’ strategy is Quantum Key Distribution (QKD), a method that leverages the principles of quantum mechanics to generate and distribute encryption keys in an inherently secure manner. Any attempt to eavesdrop on these keys would disturb the quantum states, alerting the communicators to the presence of an intruder. This makes QKD an ideal solution for securing data against quantum attacks.

QNu Labs offers several flavours of QKD products for different requirements which include 150km point-to-point QKD called Armos, Trusted relay nodes to extend QKD to longer distances and Hub & spoke QKD to build secure metro area networks. QNu also offers a sub-quantum network solution called ‘ChaQra’ with core features such as

  1. Crypto agility (integration in the already deployed telecommunication fibres)
  2. Software-defined networking (SDN paradigm for routing different nodes)
  3. Reliability (addressing denial-of-service with hybrid quantum-safe cryptography)
  4. Upgradability (modules upgradation based on scientific and technological advancements)
  5. Beyond QKD (using QKD network for distributed computing, multi-party computation etc). 

While QNu Labs has eliminated almost every stated limitation of quantum cryptography technology in its design and implementation of Armos, QKD still has challenges in implementation over public networks.

Post-Quantum Cryptography

Post-quantum cryptographic algorithms are designed to be resistant to quantum attacks but can still be implemented on classical computers. These algorithms are based on hard mathematical problems that, as of current understanding, cannot be easily solved by quantum computers.

PQC’s suitability for enterprises lies in its ease of deployment, scalability, cost-effectiveness, and compatibility with existing systems. It provides a practical solution for enhancing security against future quantum threats without requiring significant infrastructure changes. PQC algorithms are designed to run on classical computers and networks, making them easily deployable with existing infrastructure. Enterprises can integrate PQC into their current systems without requiring new hardware.

Moreover, the development of PQC is being driven by global standards bodies like NIST, which yesterday released its Federal Information Process Standards for post-quantum cryptography for widespread adoption. This standardization process facilitates interoperability and broad adoption across industries.

QNu Labs offers several solutions that are based on PQC algorithms and every solution uses the “Root of Trust” provided by its Indigenous Quantum random number generator (QRNG) called ‘Tropos’ instead of vulnerable PRNGs. Tropos offers a throughput of 100mps of true random numbers without any entropy extension mechanisms.

QKD offers information-theoretic security but limited authentication scalability, PQC facilitates scalable authentication in high-density networks but is not information-theoretic secure. Therefore, QNu decided that an ideal quantum-safe framework should efficiently leverage the complementarity of both techniques and that’s what its latest enterprise security platform QShield achieves.

QShield from QNu Labs, aggregates NIST-compliant PQC algorithms, patented QRNG technology, robust QKD technology, and versatile APIs on one platform. This allows customers the flexibility to choose the areas of intervention required in their crypto-agility journey as well as the implementation methodology best suited for their organizations to achieve data protection in the post Quantum Era.

The Future of Data Security

By combining best-in-class quantum and post-quantum cryptography solutions, QNu Labs is not just preparing for the quantum future but is also addressing the immediate need for secure communication. This hybrid approach allows organizations to transition smoothly to quantum-safe security, ensuring that their data remains protected both now and in the future. Today, QNu Labs have its hybrid solutions implemented in several industry verticals which can be scaled from a few users and locations to hundred thousand users and multiple locations. 

In a world where the rise of quantum computing is inevitable, QNu Labs’ innovative hybrid approach offers a robust solution that bridges the gap between today’s encryption needs and tomorrow’s quantum threats.

Categories
news

QNu Labs Armos Quantum Key Distribution (QKD) Solution is now Powered by AWS

Quantum Secure Data Communication Solution, Powered by QKD

The Quantum-Resistant Data Communication Solution provides a secure service by integrating Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC) to ensure both the confidentiality and integrity of data transmission. This solution is designed to protect against potential quantum computer threats, offering a secure communication channel suitable for various data services.

The solution provides Quantum-resistant secure data communication channel, with capability of hosting variety of services hosted at AWS. The current solution is showcased with secure video conferencing using video server hosted at the AWS cloud. This one of the various services which can be secured and made resistant to quantum computers hacking. The data services will be like data storage solutions, messaging services, video conferencing and others, hosted at the AWS.

The POC of this solution focuses on providing video conferencing service to the different clients located at the enterprise data center with the video server hosted at AWS, such that the video call is end-to-end quantum secure. ​

QKD-Solution-AWS

Solution:

The solution utilizes Quantum Key Distribution (QKD) technology to generate and distribute secure keys between two locations. Two ARMOS QKD devices, hosted at the QNU labs office premises, form a pair to distribute quantum keys (Kq) over a 50 KM (extendable to 150 KM) optical fiber link. This setup simulates two geographically separated locations: Bangalore (QKD Rx, also known as Bob) and Mysuru (QKD Tx, also known as Alice). The Bangalore location serves as the central hub and connects to a second Alice, a Digital Alice, located at the AWS Endpoint. The QKD systems generate quantum keys based on the principles of physics, transmitting single photons in quantum states encoded with information bits using the Differential Phase Shift and Decoy (DPS + Decoy) protocol. Additionally, the hub generates Post-Quantum Cryptography (PQC)keys (Kpqc) when switching to Digital QKD (located at AWS). The Key Relay mechanism uses One Time Pad (OTP) to relay the quantum keys to the AWS EC2 instance in Mumbai. The OTP operation involves an XOR of the Kq and Kpqc keys at Bob, which is then relayed to Digital Alice. Finally, Digital Alice XORs the received keys with Kpqc to retrieve the original Kq keys.

Key Generation and Relay at QKD

Now the QKD systems, between Bangalore and Mysuru, generate the Quantum keys based on the laws of physics, with transmission of Single Photons in quantum states, carrying information bits encoded using Differential Phase Shift and Decoy (DPS + Decoy) protocol. Also the Hub when switching with Digital QKD (located at AWS), generates PQC keys Kpqc. Subsequently using Key relay mechanism, through the One Time Pad (OTP), the Quantum keys are relayed to the AWS EC2 located at Mumbai. OTP operation involves XOR of the Kq and the Kpqc keys at the Bob. This XOR keys is then relayed to the Digital Alice , which are then XORed back again using Kpqc to retrieve the Kq keys.

QKD-Solution-AWS-1

Thus at the end of this key relay/migration process symmetric Quantum keys are available at both Mysuru and AWS location.

Q-Shield secure channel creation

These keys, once available at both the locations, are made available to the router and used by Q-Shield client/server to create TLS based encrypted (AES-256 GCM) channel for secure data transmission. This channel is end-to-end quantum resistant and will be used to secure various data services, in this case the Video conferencing. To establish the video conferencing, the video server is located at the AWS endpoint behind the Q-Shield server to which the PQC enabled Q-Shield clients connect to establish secure channel. The encryption is based on the AES-256 GCM encryption. These Q-Shield clients now join the video conferencing using the web-based video call for end-to-end quantum resistant seamless video call.

Getting started with QNu Labs QKD solution on AWS is easy. Visit our QKD listing on the AWS Marketplace and follow the simple steps to integrate quantum-grade security into your AWS environment. With our solution, you can rest assured that your data is protected by the most advanced cryptographic technology available.

Categories
Blog

Harvest Now Decrypt Later | QNu Labs

Harvest+Now+Decrypt+Later

Harvest Now Decrypt Later

JUNE 06, 2024 | QNu Labs

SHARE

In the ever-evolving realm of cybersecurity, a significant and emerging threat looms on the horizon, known as "Harvest Now, Decrypt Later" (HNDL). This threat is particularly concerning as quantum computing advances, promising to outstrip the capabilities of traditional cryptographic methods. With quantum computers on the brink of breaking current encryption, the data we consider secure today could be easily decrypted in the future. This article delves into the intricacies of HNDL, its potential impact on various industries, and the country’s most likely to be affected.

What is "Harvest Now, Decrypt Later (HNDL)"?

The "Harvest Now, Decrypt Later" strategy involves cyber adversaries collecting and storing encrypted data today with the intention of decrypting it once quantum computers become sufficiently advanced. Current encryption methods, such as RSA and ECC, are based on mathematical problems that are nearly impossible for classical computers to solve within a reasonable timeframe. However, quantum computers, with their immense processing power, could solve these problems, rendering today's encryption obsolete. Today, a huge amount of stolen information is lying in foreign databases. They are ready to be exposed in the next few years with the imminent arrival of quantum computers. It’s time for governments and enterprises to step up. They need to be quantum-ready and develop a crypto-agility strategy.

Industries Most Impacted by Harvest Now, Decrypt Later (HNDL)

Banking and Financial Services (BFSI)

Why it’s impacted: The BFSI sector is a prime target for cyberattacks due to the sensitive nature of financial data, including transactions, personal information, and proprietary algorithms.

Impact: A successful HNDL attack could expose years of financial transactions, compromising the integrity of financial systems and eroding customer trust.

Countries most affected: The United States, United Kingdom, China, Singapore, and India, given their highly developed financial markets and extensive use of digital banking.

Healthcare

Why it’s impacted: Healthcare organizations store vast amounts of personal health information (PHI), which is valuable for identity theft and fraud.

Impact: Breaches could lead to the exposure of confidential patient records, impacting patient privacy and trust, and potentially causing life-threatening situations if medical records are tampered with.

Countries most affected: The United States, Canada, European Union nations, and India, where electronic health records (EHR) systems are widely adopted.

Telecommunications

Why it’s impacted: Telecom networks handle massive amounts of data, including personal communications and corporate information.

Impact: Decryption of intercepted communications could lead to industrial espionage, loss of competitive advantage, and privacy breaches.

Countries most affected: South Korea, Japan, China, the United States, and India, given their advanced telecom infrastructure and high volume of data transmission.

Energy

Why it’s impacted: The energy sector, including power grids and oil and gas infrastructure, relies on secure communication for operational safety and efficiency.

Impact: Breaches could disrupt services, leading to potential blackouts, operational hazards, and economic loss.

Countries most affected: Russia, the United States, Saudi Arabia, Canada, and India, due to their extensive and strategically important energy infrastructure.

Manufacturing

Why it’s impacted: Manufacturing industries often hold proprietary designs, production methods, and strategic business data.

Impact: Industrial espionage could lead to the loss of intellectual property, competitive advantage, and significant financial losses.

Countries most affected: Germany, Japan, China, the United States, and India, where manufacturing plays a critical role in the economy.

Harvest Now, Decrypt Later (HNDL) Country-Specific Impacts

United States

Impact: As a global leader in technology, finance, healthcare, and energy, the U.S. faces significant risks from HNDL. The potential decryption of vast amounts of stored data could have far-reaching implications for national security, economic stability, and individual privacy.

China

Impact: With its rapid advancements in technology and telecommunications, China is both a potential victim and an actor in the quantum race. The vast amounts of data generated and stored within the country make it a prime target for HNDL threats.

European Union

Impact: The EU, with its stringent data protection regulations and extensive digital infrastructure, must prepare for the potential decryption of sensitive data. Industries like banking, healthcare, and manufacturing are particularly vulnerable.

Japan

Impact: Japan’s advanced technology sector and reliance on telecommunications make it susceptible to HNDL threats. The potential decryption of industrial secrets could severely impact its competitive edge.

Russia

Impact: Russia’s critical energy sector, along with its strategic geopolitical interests, faces significant risks from HNDL. The potential disruption of energy supplies and loss of sensitive data could have national and international consequences.

India

Impact: As an emerging technological powerhouse with rapidly growing digital infrastructure, India is highly vulnerable to HNDL threats. The banking, healthcare, telecommunications, energy, and manufacturing sectors are particularly at risk. India’s significant investments in digital transformation and smart city initiatives could be undermined by future decryption threats, affecting national security and economic progress.

How QNu Labs Helps Address the Harvest Now, Decrypt Later (HNDL) Threat

With the acceleration in digital transformation, there is an increase in the likelihood of data breaches. Today, nations are developing smart cities, autonomous cars, and other edge devices where vulnerabilities can open up at many points. We live in a world where codes run power plants, industries, and more. But this kind of digital transition demands upgradation of data security too.

Data is a critical part of digitization; nation-state hackers pose a threat to even the best cybersecurity systems since they can steal vital information, including drug blueprints, government confidential information, banks’ sensitive data, enterprise R&D information, and nuclear blueprints. Cybercriminals are continuously finding ways to incorporate sensitive information into their networks across the globe. Hackers working for China, Iran, Russia, North Korea, and other nations are spying and stealing data and harvesting it for the future.

Some past attacks involving highly sensitive data include the USA escalating online attacks on Russia’s power grid and the Stuxnet worm on Iranian nuclear facilities. In the battles of cybersecurity and cybercriminals, the game changer is coming in the form of quantum computers, which can break conventional cryptography in no time. Any encryption built on mathematical complexities (which include RSA, DSA, ECDH, and other variants of ciphers) is highly vulnerable to quantum attacks. Encryption protects everything from sensitive information to the operation of power plants, dams, stock markets, defence secrets, and government sensitive data.

Data tapping is not new. Hackers are motivated to tap encrypted data and collect substantial amounts of it while waiting for quantum computers to crack the keys. If hackers can crack the encrypted keys, it will be the next “data pandemic”.

Quantum Race of Super Powers

China and US are in the race to develop a quantum computer, which can democratize many industries, particularly in the fields of medicine, AI and scientific modelling. Chinese satellites are using quantum cryptography to secure video conferences between continents. Swiss government is also using quantum key distribution (QKD) to protect its national elections and many such applications.

As tons of data is already sitting on cloud, databases can be exposed any time in the near future using a quantum computer. The estimated time is 2-3 years. Are you ready for the next data pandemic?

What organisations can do to be Quantum Ready

  • Conduct post-quantum risk assessment
  • Diagnose infrastructure of your organization
  • Have Crypto Agility to counter quantum attacks
  • Ensure your PKI can be migrated to quantum cryptography in no time
  • Take a hybrid approach using quantum and classic crypto solutions
  • Design quantum-safe infrastructure

Why is quantum cryptography unbreakable?

Quantum Key Distribution (QKD) uses photons to send encrypted keys. Hence, theoretically, they are absolutely unbreakable. Any attempt to eavesdrop will be detected easily and instantly, thereby triggering preventive steps. In today's time, PKI attacks are virtually undetectable. Hence, by using QKD, attempts of eavesdropping and man-in-the-middle attacks can be detected.

As today’s PKIs are based on mathematical computations, the keys can be easily broken using Shor’s or Grover’s algorithms on quantum computers. Theoretically, by using QKD, the keys can be made 100% hack-proof and 100% random as well. Today, protecting data in transit is crucial while PKI lacks in detecting eavesdropping. By using QKD, businesses can detect incidents of eavesdropping and secure data in transit.

How QNu Labs Helps with Harvest Now, Decrypt Later (HNDL)

QNu Labs is at the forefront of combating the “Harvest Now, Decrypt Later” threat with its cutting-edge quantum cryptography solutions. Here’s how QNu Labs is making a difference:

Quantum Key Distribution

What it does: QKD provides a method to distribute encryption keys securely using the principles of quantum mechanics, making it virtually impossible for adversaries to intercept and decrypt the keys without being detected.

Benefit: This ensures that even if data is harvested today, it cannot be decrypted in the future without the correct quantum keys, which are immune to the computational power of quantum computers.

Quantum Random Number Generator

What it does: QRNG generates truly random numbers using quantum processes, which are critical for creating secure cryptographic keys.

Benefit: The randomness provided by QRNG enhances the security of encryption keys, making them impervious to predictive attacks that could be facilitated by quantum computing.

QShield Platform as a Service (PaaS) and Software as a Service (SaaS)

What it does: QShield offers robust quantum-safe encryption solutions through its platform and software services, enabling businesses to protect their data with the highest level of security.

Benefit: By integrating QShield, organizations can ensure their data remains secure against current and future threats, including those posed by quantum computing.

QConnect (Quantum Secure VPN)

What it does: QConnect leverages quantum cryptography to secure VPN connections, providing an unprecedented level of security for data in transit.

Benefit: This ensures that sensitive data transmitted over networks remains confidential and tamper-proof, safeguarding against potential HNDL attacks.

QOSMOS (Entropy as a Service)

What it does: QOSMOS delivers high-quality entropy for cryptographic applications, ensuring the robustness of encryption processes.

Benefit: Enhanced entropy strengthens cryptographic systems, making them more resilient to future quantum decryption attempts.

QCollaboration (Quantum Messaging Service)

What it does: QCollaboration provides secure communication channels using quantum encryption, ensuring the confidentiality and integrity of messages.

Benefit: This service protects sensitive communications from being intercepted and decrypted in the future, maintaining privacy and security.

Preparing for a Quantum Future

To mitigate the risks posed by HNDL, industries and nations must take proactive steps towards quantum readiness. This includes:

Adopting Quantum-Resistant Algorithms: Transitioning to cryptographic methods that are resistant to quantum attacks, such as lattice-based cryptography.

Implementing Crypto-Agility: Developing systems that can quickly adapt to new cryptographic standards as they evolve.

Increasing Collaboration: Governments, industry leaders, and cybersecurity experts must collaborate to share knowledge and develop robust defence mechanisms against quantum threats.

Investing in Quantum Research: Supporting research and development in quantum computing and cryptography to stay ahead of potential adversaries.

The “Harvest Now, Decrypt Later” threat underscores the urgency for industries and nations to prepare for the advent of quantum computing. By understanding the potential impacts and taking proactive measures, we can safeguard our data and infrastructure against future decryption threats. The race towards quantum security is not just about staying ahead; it’s about ensuring the privacy and security of our digital future.

By focusing on these strategies and leveraging solutions from leaders like QNu Labs, we can better protect sensitive data and maintain trust in our digital systems as we transition into the quantum era. Embracing quantum-resistant technologies and fostering international cooperation will be crucial in this ongoing battle to secure our information against the unprecedented capabilities of quantum computers.

Categories
Blog

Why Quantum Cryptography Requires Policy Mandates from the Authorities | QNu Labs

Harvest+Now+Decrypt+Later

Why Quantum Cryptography Requires Policy Mandates from the Authorities

JUNE 06, 2024 | QNu Labs

SHARE

Quantum cryptography offers a significant leap in security for critical industries that rely on creating, processing, and storing digital data that are of national importance. 

Industries such as banking, healthcare, power grids, and telecom (critical digital infrastructure) are at risk as quantum computers become more powerful, and the potential for systems compromise in these industries continues to grow with every passing day. 

Here are some important use cases for these industries that warrant immediate attention and action by the various regulatory bodies governing them:

  • Securing sensitive communication: Traditional encryption methods used today are vulnerable to hacks by future quantum computers. Quantum Key Distribution (QKD) uses the principles of quantum mechanics to create unbreakable keys for secure communication of sensitive data like financial transactions, account details, healthcare records, last-mile connectivity in telecom networks, and grid control information systems.
  • Protecting against “harvest now, decrypt later” attacks: Hackers can steal encrypted data today and wait for quantum computers to evolve. Once powerful quantum computers are available, they could decrypt the earlier stolen data, giving them access to past transactions in banking and compromising financial security. Similar risks exist in healthcare (a recent example is AIMS attack), and telecom and power grid infra that could result in countrywide chaos. Quantum cryptography, especially QKD eliminates these risks by making the cryptographic key uncrackable.
  • Securing online digital economy: banking and inter-bank payment systems: Quantum cryptography can safeguard online banking sessions and digital payment transaction systems, e-health record storage and exchange, and data of electrical and telecom grid networks, by providing a secure mechanism to generate robust quantum keys and a secured channel for exchanging encryption keys. It ensures that only authorized parties can access and modify digital data.
  • Generating random numbers for cryptography: Quantum Random Number Generators (QRNGs) exploit quantum phenomena to create truly random numbers, a crucial element in strong encryption. Critical industries of national importance can leverage QRNGs to generate unpredictable keys and strengthen their overall cryptographic defenses. They fortress tokenization systems, PII data safeguarding, data vaults, API salts, one-time passwords (OTPs), and other business-critical applications. By implementing quantum cryptography, these industries can ensure the confidentiality and integrity of financial data in the quantum computing era. 

Implementing the quantum technologies mentioned above requires policy changes. The crucial government departments should take action to prioritise security in every organisation.

For instance, RBI must introduce the adoption of quantum cryptography into the Indian Banking Cybersecurity Framework, DoT should mandate using quantum cryptography for telecom networks, the Ministry of Power must release guidance mandating power entities to migrate to quantum cryptography and the Regulation for Digital Healthcare should embrace quantum cryptography at its core.

Without adequate government support and stringent policy guidelines, quantum cryptography might not realise its true potential in India’s cybersecurity ecosystem. 

Categories
Guides

Guide: QOSMOS – Entropy as a Service

Guide: QOSMOS - Entropy as a Service and How it Works

The guide details the concept of EaaS, its methodology, and industry applications.

blog-boat-breach

The Context

Every device, especially in the hyper-connected world of today, ought to communicate securely on the internet to minimise data exposure risks. Cryptography plays a critical role in ensuring the data remains secure when idle or in transit.However, cryptography fails when devices work with weak random numbers generated from low-entropy sources and use predictable keys.

The best source of true randomness is from unpredictable physical phenomena of quantum effects. Leveraging it in individual devices is impractical because of their various limitations - form factor, hardware age, power consumption, and interface availability. To enable organisations to overcome these hurdles, QNu Labs created “QOSMOS”, a quantum-secure EaaS (Entropy as a Service), that helps organisations, developers, and security teams to get access to quantum-sourced random numbers for use with any application for cryptographic key generation.

What is Entropy as a Service?

In computing, entropy is the randomness collected by a system used in any application that requires random data. It forms the basis of cryptography in cybersecurity.

The security of a system depends on the secrecy of the keys, which should be impossible to crack. This is why randomness is important. The randomness comes from either pre-existing hardware resources or specially provided randomness generators. Entropy is a constant stream of very high-quality random numbers, which can be fused with the entropy already collected by your computer.

EaaS is a security service architecture that provides secure time and quantum entropy sources for multiple devices including IoT.

The standard deterministic computers cannot deliver appropriate randomness, especially for devices with little opportunity to build entropy locally. The best sources of true randomness are based on unpredictable physical phenomena, such as quantum effects.

QOSMOS (Entropy as a Service) solves the entropy starvation problem of systems, whether in a cloud, embedded systems, or at the edge.

The Architecture of QOSMOS

entropy-as-a-service

The architecture comprises three main sections:

Characteristics of QOSMOS

  • Lack of pattern: QOSMOS provides truly random numbers with a steady supply of information that cannot be predicted or exploited by hackers.
  • Proactive quantum entropy: Quantum sources power the entropy generated by QOSMOS. Clients can rest be assured that the system cannot be attacked to degrade the entropy.
  • Ease of Integration: API runtime provides a seamless integration i.e., a new module or feature of an application or hardware can be added or integrated without resulting in any errors or complications.
  • Multiple deployments: The solution can be hosted in the client data centre or the cloud. By hosting QOSMOS in their data centre, clients can benefit from extra security.
  • High Scalability:QOSMOS is designed from the ground up to be highly scalable. It is powered by multiple quantum sources to ensure redundancy. Even if one of the quantum sources fails, clients are still assured of high quantum entropy from other connected devices.
  • Minimum Latency: Dynamic load balancer ensures that the least occupied device will cater to requests. This ensures the system will not suffer latencies when receiving random numbers from QOSMOS.
  • Proof of Randomness: The random data is subjected to a battery of tests specified by standards like NIST/ENT and only after successful verification, the buffers are served. The client also has the option to download the reports offline and verify.

Applications of QOSMOS

The use cases for QOSMOS are wide and diverse. Some of the immediate applications are:

QOSMOS (EaaS) provides the highest quality randomness and a secure method of providing the seeds for entropy-starved systems or applications.

Categories
Blog

boAt Data Breach | QNu Labs

blog-boat-breach

boAt’s Data Breach is a Wakeup Call for the Industry

APRIL 22, 2024 | QNu Labs

SHARE

boAt, an Indian electronics company, reportedly faced a major breach that affected more than 7 million of its customers. Media reports pointed out that personal details like names, email addresses, phone numbers, and even their residential addresses were exposed.

The data breach happened on April 5, 2024, by a hacker named ‘ShopifyGUY’ who claimed to have dumped more than 2GB of boAt customer data on the dark web.

The worrying aspect of the data breach was that the hacker was ready to sell it for as low as EUR 2 (Rs 180 approx) which made the data easily accessible to any bad actor. It might be possible to see the database available for free on other dark web and social media forums in the following days.

boAt is one of the top-selling brands in the affordable wearables segment, which catapulted the brand to the top of the global charts in the last few years. Such incidents get people worried, so it was imperative that boAt looked into the matter, came out with its findings, and shared them publicly.

boAt confirmed it was looking into the matter and had launched its investigation. However, it did not confirm if the breach occurred due to an internal issue, or through a misconfigured third-party database.

What do we learn from the breach?

No company, big or small, is spared from the inevitable–rush to dig into the data goldmine. India is one of the top countries affected by cybersecurity threats and data hacks. Larger corporations deal with several vendors, suppliers, and manufacturers. The valuable customer data might float around these third parties without adequate checks and balances in place. 

In a disorganised data management system, the chances of security loopholes are high. Hackers are well-versed in identifying and attacking such security lapses. Unfortunately, boAt became a victim of such a lapse.

How does India’s Digital Personal Data Protection Bill protect its citizens?

The bill is drafted on seven key principles. Two of these principles are relevant to boAt’s case:

  • Accountability: Breaches and violations should lead to penalties and accountability.
  • Security Safeguards: Adequate security measures must be in place to protect data.

The penalties as per the bill are severe. Failure to implement security measures involves a penalty of Rs. 250 crores and breach of personal data involves a penalty of Rs. 200 crores.

If the result of boAt’s investigation confirms data compromise, the company might have to face the brunt of the authorities.

We need to watch how the story unfolds.

How can such mishaps be avoided?

The answer is simple: Quantum Cryptography.

Quantum cryptography is the most robust encryption technology available today. It shields data from quantum attacks–the most powerful method of data hacks in today’s times. 

We don’t know how the attack was made in the case of boAt, but we are certain quantum cryptography could have averted the situation.

QNu Labs is a pioneer in quantum cryptography. QNu’s range of quantum-based products covers security from end-to-end across the entire data-based paraphernalia. From quantum-based encryptions to entropy enhancement services, QNu covers all security bases.

The immediate solution that can be implemented by enterprises like boAt is the QShield Platform. QShield is the world’s first unique quantum security platform that ensures seamless forward secrecy and crypto agility.

Quantum cryptography is the way forward for the changing landscape of encryption.

To know more, reach us for a demo

 

Sources:

News18

LiveMint

The Government of India Penalises Data Breach

Categories
Blog

Beyond QKD Nodes | QNu Labs

blog-quantum-nodes

Beyond QKD Nodes

APRIL 14, 2024 | Rajesh Kumar Krishnan & Sidhartha Pant

SHARE

Quantum Key Distribution (QKD) is a ground-breaking method of secure communication that harnesses the principles of quantum mechanics. It enables two parties to generate a shared random secret key, known only to them, which can be used to encrypt and decrypt messages. The primary goal of a quantum key distribution network is to provide secret keys to any users or applications that require a high level of security.

Broadening the Horizons of Point-to-Point Quantum Key Distribution Systems

Traditionally, QKD has been implemented between two nodes, often referred to as Alice and Bob. However, the evolution of quantum networks has seen the expansion of QKD beyond these two nodes. This expansion is facilitated by the integration of quantum repeaters and trusted nodes, which act as intermediaries between current QKD systems that only have trusted nodes and the future Quantum network will be built on configurable and routable QKD nodes. In this scenario, QKD can be deployed efficiently and practically, while also offering valuable insights for the future true Quantum Network.

The QKD networks also promise to offer better cost-effectiveness compared to the current point-to-point systems.

The transition from a fixed two-node QKD system to a self-evolving QKD network will be realized through the use of a software-defined network managed by centralized Network managers. These Software Defined Networks (SDN) consist of QKD nodes, which are interconnected through either direct optical links or virtual links (via multiple hops), forming a network that provides secure key distribution service across geographical boundaries, surpassing the fixed distance offered by direct fibre.

To enhance the key generation efficiency in such networks, dynamic routing strategies have been developed, which are based on the current state of the network. The routing functions use advanced path-finding algorithms which adapt to changes in the network status of the nodes and links.

The Significance of Quantum Networks

The QKD networks will offer a higher level of services through key management system (KMS) links enabling seamless distribution of secure keys across the vast network.

The Benefits of Quantum Software-Defined Networking (SDN)

SDN is an innovative approach to networking that uses software controllers to manage network traffic. By leveraging software, SDN can create and operate a series of virtual overlay networks that work in conjunction with a physical underlay network. SDN offers several advantages over traditional networking architectures, including:

  • Centralized Network Control: SDN centralizes the control of the network in a single controller, simplifying the management and configuration of the network.
  • Operational Efficiency: SDN provides seamless network control, operational efficiency, and accelerated business results.
  • Flexibility and Scalability: SDN offers greater flexibility and scalability in the network, as the data plane can be reprogrammed in real time to adapt to changing network conditions.

The QKD SDN is standardized by ETSI which has a series of standards defined such as ETSI GS QKD 015 and ETSI GS QKD 018 and more under the standardization process. This topic is important from a compliance perspective as it involves the interoperability of networks and the ecosystem of network vendors, which requires standardization.

The QKD SDN network will run parallel to the optical SDN, which will switch the light paths to achieve the optical fibre network required for the key quantum links. Such SDNs of QKD and the OTN (optical Networks) will be orchestrated by the centralized Network Manager (SDN Orchestrator). Thus, the network manager will be the centralized orchestrator of the whole network of networks, providing the operational control, performance monitoring, configuration, and charging policy management functions for the complete QKDN.

These QKD networks will be self-organizing in way of handling the discovery of new QKD nodes to the network linking them to the other nodes and continuously evolving the mesh of path for the connectivity. The path functions are intelligent to find the best path for connecting the nodes for secret key delivery considering the QOS specified by the application. The centralized QKDN Controller controls the QKD network continuously to handle all the faults, changes in QOS needs and selection of best paths for uninterrupted secret key delivery.

The following figure illustrates the overall network of QKDN (QKD Networks), centrally managed (orchestrated) by an NM.

quantum-nodes

Future Prospects of Quantum Networking

The prospects of quantum networking are vast and thrilling. As quantum networks continue to evolve and advance, they have the potential to revolutionize various fields, including:

  • Quantum Computing: Quantum networks are a crucial component of quantum computing systems, enabling distributed quantum computing and the sharing of computational resources.
  • Quantum Communication: Quantum networks facilitate secure communication through QKD and quantum teleportation, ensuring the confidentiality and integrity of transmitted information.
  • Quantum Sensing: Quantum networks can be used for high-precision sensing applications, such as detecting gravitational waves and analysing complex physical systems.
  • Quantum Cryptography: Quantum networks provide a foundation for developing advanced cryptographic systems, offering unparalleled security in the digital world.
  • Quantum Internet: A world of secure connected world of nodes across the globe enabling end-to-end security.

Conclusion

The integration of QKD, quantum networks, and SDN represents a significant advancement in the field of secure communications. As we move beyond two-node QKD, we open up new possibilities for secure, efficient, and scalable networks.

These networks which can be centrally controlled, scaling, fault-tolerant, self-evolving and providing uninterrupted quality of service to the various applications are set to be state of the art for the next quantum communication era. Currently, some of the leaders in the QKD domain have started deployment of the ETSI-compliant QKD networks.  QNu Labs, which is among the leading companies globally in the QKD domain is deploying QKD networks. 

The future of secure communications lies in the successful integration of these technologies, paving the way for a new era of quantum networks.

Categories
Blog

What it Takes to Build the Best Quantum Networks | QNu Labs

What it Takes to Build the Best Quantum Networks

What it Takes to Build the Best Quantum Networks

MARCH 14, 2024 | QNu Labs

SHARE

Quantum technology has been the most revolutionary phenomenon of the 21st century. Quantum computing hogs the limelight for its immense processing power and the ability to transform many areas of our technological life. It also has the potential to tackle some of our most pressing global issues, from climate change to food security.

Another important quantum technology in the offing is quantum communications. It connects systems and transmits data securely among them using principles of quantum mechanics. Quantum communications security will replace the current classical counterparts although the classical networking components will remain the foundation of this technology. Quantum security will extend the existing networks to enable the secured exchange of data/information between today’s classical endpoints and applications to the workloads in the cloud, and data centres enabling various stakeholders to connect to resources from wherever they are. The beauty of this technology is that it is future-safe – meaning even the best of the quantum computers will not be able to compromise the data security of current communications networks.

How Quantum Networks Work?

At the heart of quantum networks lies quantum communication technology that involves sending and receiving quantum mechanics-induced information to secure data. The process of securing network information is dependent on the medium of use – for example on terrestrial fibre networks quantum superposition is leveraged while on ethernet or wireless communications security quantum-resistant cryptography is leveraged. This renders utmost confidentiality and privacy of communications between the sender and the receiver without having to worry about the presence of any eavesdropper on the communications path.

Quantum Networking could be implemented in three stages.

  • Point-to-Point The initial stage of quantum network development will be defined by establishing secured communications between two separate locations.
  • Many-to-One: As there are limitations to scaling point-to-point connections both from a cost and technology perspective, the next stage of quantum networking will be defined by technology that enables multi-point network connectivity.
  • Quantum Internet: The final stage would be characterised by technology that enables a “network layer” for reliable any-distance, any-network type quantum communications through a complex web of nodes across the network, which relies on resilient quantum hardware or software at each location.

Once a quantum transmission link is established, the communications channel is intrinsically secure. It can’t be intercepted or copied without corrupting the data. Quantum networking is, therefore, attractive in any use case requiring completely secure networking, within a data centre, across a campus, on a metro area network, or a WAN.

QKD in Quantum Networks

A huge amount of investment and research has gone into the problem of how to create quantum-safe networks. Quantum Key Distribution (QKD) has proven to be an exciting field in this space.

QKD technology takes advantage of the laws of quantum physics to ensure that bad actors cannot decrypt data in transit even with the use of powerful new quantum computers, while still maintaining security against other high-performance computers.

For telecom providers, QKD technology offers a way to protect customers from current and future cyber security threats. However, integrating QKD into existing networks has traditionally presented complications, including the need to introduce dedicated dark fibre cables alongside the original infrastructure to carry the quantum signal.

But, there’s a solution.

Multiplexing: An opportunity 

Wavelength division multiplexing (WDM) is a common technique used in fibre optic networks that involves placing many different optical data wavelength channels on the same fibre, greatly increasing the fibre’s data-carrying capacity.

WDM, or simply ‘multiplexing’, is the simplest solution to integrating QKD onto telecom providers’ existing fibre, with the secret encryption keys transmitted on the fibres that are already carrying conventional telecoms data services.

An alternative approach is the use of post-quantum cryptography in conjunction with QKD. While QKD over dedicated fibres has been available for some time, this hybrid innovation makes the creation of quantum networks economically viable for the first time. Using this approach, it’s possible to easily implement quantum security on an existing network infrastructure, without the need to introduce significant additional costs —radically reducing the TCO of making a current infrastructure quantum-safe.

The Path Forward

True quantum networks are being embraced by data-sensitive organisations like defence networks, government networks, critical infrastructure, and the like today but the day is not far when enterprises will embrace them directly or through their telecom service providers, cloud providers, etc.  The holy grail is considered to be the quantum internet where technology becomes pervasive everywhere on devices, networks, and applications.

If your organisation is thinking about forward security and confidentiality of data for the long haul, do reach out to us for a free consultation – our experts will work with you to define ‘how’ and ‘where’ to start implementing quantum security that has the highest benefit and impact for your organisation.

Categories
Guides

Guide: Post-Quantum Cryptography (PQC) and How it Works

Guide: Post-Quantum Cryptography (PQC) and How it Works

The guide details the concept of PQC, its methodology, and industry applications.

guide-pqc

The Context

Technology based on quantum computers has the potential to revolutionise a wide range of fields of IT and industry—in the positive and negative sense. A significant increase in computing power delivers more capacity for analysing and processing large data quantities, opening up new findings, application areas, and business models.

Introducing Post-Quantum Cryptography (PQC)

Data sent over public communication channels are secured using cryptography. It protects all kinds of electronic communications as well as passwords, digital signatures, and health records.

As the foundation of identification, authentication, confidentiality, digital signatures, and verification, cryptography is a critical enabler of enterprise security.

guide-to-pqc-img

There are two main types of encryption. Symmetric encryption requires a sender and a receiver to have identical digital keys to encrypt and decrypt data; asymmetric, or public-key, encryption uses a publicly available key to let people encrypt messages for a recipient who is the sole holder of the private key needed to unscramble them. Sometimes these two approaches are used together. For instance, web browsers use public-key cryptography to check websites’ validity and then establish a symmetric key to encrypt communications.

Quantum computers use the principles of quantum physics, such as superposition, to compute data much faster than conventional computers. Without ‘quantum-safe’ cryptography defences in place, applications ranging from autonomous vehicles to military hardware, online financial transactions, and communications could be targeted by hackers with access to quantum computers.

Any business or government planning to store data for decades needs to evaluate the risks of this technology because the encryption could be compromised later. Robust defences on historical data take many years, so it would be better to apply these now. A big push to develop post-quantum cryptography is warranted.

PQC methods are encryption systems (cryptosystems) that can be used on conventional computers, such as PCs and mobile devices, and can withstand attacks by quantum computers.

Even though quantum systems are not expected to be available to everyone for ten to 15 years, IT managers and managing directors have to put the issue of “post-quantum cryptography” on their agenda now. One reason is that it takes time to put existing encryption methods on a new foundation.

quote-ceo-of-utimaco

A further point is that data encrypted with older methods is prone to quantum attacks. As a result, attackers can gain access to such data. Therefore, companies and public institutions must ensure that all confidential data at risk is protected against such attacks by PQC methods. That involves a lot of time and effort—from capturing and categorising such information resources to encrypting it again using PQC solutions. A cryptography solution has to be adaptive to new requirements, such as post-quantum encryption solutions. That’s only possible at acceptable cost and effort if a cryptography environment is agile, i.e., it supports crypto agility.

quote-ceo-of-utimaco-2

Crypto agility Explained

Crypto agility means that applications, end-user devices, and Hardware Security Modules in the field of encryption should use flexible, “agile” protocols and update methods that enable a switchover to post-quantum cryptographic primitives, for example. That has to be quick and easy to reduce the attack surface and limit the time and effort involved for users.

Crypto agility offers another advantage: It bridges the gap between encryption techniques that are not yet “quantum-safe” and those that already meet the new requirements. That goes for chips, secrets, and software code. Initial hybrid approaches that use PQC and common cryptography methods to date are being developed. Google has chosen this approach for its PQC algorithm New Hope.

product-life-cycles-vary-industry

Expectations from PQC

The new cryptography method has to integrate with existing protocols. A new cryptosystem must weigh:

The proposed cryptosystems also require careful cryptanalysis to determine the weaknesses that an adversary could exploit.

The National Institute of Standards and Technology (NIST), an American agency, prepared a cybersecurity framework laying out the ground rules for PQC.

The algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.

For general encryption, used to access secure websites, NIST selected the CRYSTALS-Kyber algorithm. The advantages are comparatively small encryption keys that two parties can exchange easily, as well as the speed of operation.

For digital signatures, often used to verify identities during a digital transaction or to sign a document remotely, NIST selected three algorithms.

Three of the selected algorithms are based on a family of maths problems called structured lattices, and one uses a hash function.

HODOS-PQC

QNu’s HODOS-PQC is a quantum-resilient public key cryptography-based software that is a hard problem for large-scale quantum computers to solve.

HODOS is developed with NIST PQC studies as a reference. It is the next generation of protocols that will help replace today’s RSA-based systems with an improved quantum-resistant transport layer.

It is based on NIST-selected mathematical functions, which are far harder to backtrack as compared to the prime factorization and elliptic curve functions on which the current PKI is based.

Upon measurement, it collapses to one of these states, which is intrinsically random and there is no way to predict which state the photon will collapse to. This gives the inherent randomness from the photons, which any external parameters cannot influence.

Why HODOS (PQC)?

Tropos (QRNG) addresses this issue without changing how tokens are currently used.

The Time is Now

Data is the most valuable asset for any organisation. Sensitive data has a shelf life exceeding 10 years, while critical data can be stored for over 25 years.

This shows that today’s encryption still poses a risk in the coming years. Moving to HODOS-PQC will help secure your data and reduce the risk of data theft for today and tomorrow.

Categories
Blog

The Great Battle to Control Future Encryption: QNu’s Perspective

The Great Battle to Control Future Encryption: QNu’s Perspective

The Great Battle to Control Future Encryption: QNu’s Perspective

MARCH 04, 2024 | QNu Labs

SHARE

Emergence of Quantum Cryptography :

Encryption, a crucial digital security practice, conceals information from unauthorized access by establishing entry parameters, akin to a password for data retrieval. It involves transforming data into an unreadable format using intricate algorithms, rendering it inaccessible to unauthorized entities. While authorized users can decipher the encryption, the proliferation of quantum computers poses a new threat to conventional encryption methods.

In response to the impending quantum era, two divergent strategies have emerged globally. The U.S., led by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), leans towards Post-Quantum Cryptography (PQC). Conversely, the rest of the world, exemplified by Europe’s EuroQCI initiative, favours Quantum Key Distribution (QKD) as the linchpin for secure quantum communications. The European Quantum Communication Infrastructure(EuroQCI) initiative aims to build a secure quantum communication infrastructure that will span the whole EU, including its overseas territories.

The European Union, along with Asia-Pacific countries like South Korea, China and Japan, invests significantly in QKD infrastructure, recognizing its importance. China, a pioneer in QKD, has already implemented a 4,600km QKD network and launched many QKD satellites into space.

The U.S. stance, articulated by the NSA, emphasizes PQC over QKD due to perceived limitations. They argue that QKD is a partial solution, requiring additional measures, specialized equipment, and incurring infrastructure costs. Furthermore, validating QKD’s cryptographic security is deemed challenging.

In contrast, proponents of QKD, including Europe and Asia-Pacific regions, dispute these limitations. They argue that QKD remains viable and essential in securing communications in a quantum world. Addressing concerns raised by the NSA, they contend that QKD is more robust than PQC in guaranteeing security against future quantum computing power. Regarding specialized equipment and infrastructure costs, they argue that QKD solutions (such as Armos from QNu Labs) exist today that can seamlessly integrate into existing networks without additional expenses. They also highlight QKD’s resilience against tampering, side-channel attacks, insider threats and potential denial-of-service attacks.

An article from Forbes echoes these sentiments, emphasizing QKD’s authentication, compatibility with existing fiber infrastructure, diminishing distance limitations, and rectification of previously criticized aspects.

Encryption serves as a fundamental digital security practice, concealing information from unauthorized access by establishing stringent entry parameters. Essentially functioning as a digital password, it acts as a prerequisite for a computer to access data from the corresponding server.

To encrypt data is to transform its information into an unintelligible format, leveraging intricate algorithms to render it inaccessible. Despite an attacker potentially observing the file, the encryption algorithm ensures its uselessness. Authorized users possess the means to decipher the algorithm, allowing them to restore the information to its original format.

In the contemporary digital landscape, encryption extends its reach to various realms, including voice calls, messaging, emails, browsing, internet banking, and e-commerce. However, the emergence of quantum computers, exemplified by IBM’s 433 qubit quantum computer and plans for a 100,000 qubit version, poses new threats. As quantum computers become more accessible, securing data and communication becomes increasingly crucial for diverse organizations, spanning governments, telecommunications, healthcare, and data canters.

Examining these positions, particularly the NSA’s stance on QKD versus PQC reveals a divergence in global strategies. Europe, notably through the European Quantum Communication Infrastructure Initiative (EuroQCI) and the European Telecommunications Standards Institute (ETSI), heavily endorses QKD. This strategic initiative has already been funded to the tune of €270m this year, with a total of €2 billion set to go to related initiatives. In another example, ETSI, the European Telecommunications Standards Institute, is leading the pack in providing important standardization when it comes to QKD.

Other countries, such as South Korea, Japan, Singapore, and China, exhibit significant investments and advancements in QKD networks, solidifying their commitment to quantum cryptography. Many other countries have likewise been pouring resources into a QKD-secured future. South Korea, for example, has a 2,000 km-long QKD network and is intensifying its efforts in this areaJapan has an expanding testbed, and Singapore announced it is setting up a national QKD network. China is a world leader in QKD. Apart from the impressive QKD-related academic work, China has already established a working QKD network of around 5,000km, as well as putting a QKD satellite into space – thus positioning itself as the world leader in quantum cryptography by a wide margin.

Worryingly, many experts wonder if China already knows something about encryption, particularly PQC,  already being broken – which would explain such intense efforts to bolster their QKD-based security.

In the U.S., the NSA highlights perceived limitations of QKD in a paper on “Quantum Key Distribution (QKD) and Quantum Cryptography (QC).” However, the rest of the world sees QKD differently, viewing it as a vital tool in securing communications in a quantum environment.

While acknowledging the implementation-dependent nature of QKD adoption, disagreements arise over the technical limitations cited by the NSA. Contrary to claims, proponents argue that QKD is a comprehensive solution, offering advantages such as resistance to future quantum computing power, ease of integration into existing networks, and potential cost-effectiveness. 

armos-qkd
Armos - Quantum Key Distribution (QKD)

The NIST and NSA position on QKD and Quantum cryptography

There are a number of government-sanctioned institutions in the U.S. that deal with questions around quantum cryptography, quantum encryption, and quantum communication in general. Foremost among them are the NSA and NIST. Both of these bodies have released positions on their view of the future of quantum security.

In a paper entitled “Quantum Key Distribution (QKD) and Quantum Cryptography (QC)” the NSA notes that it does not recommend the use of these technologies in its systems unless certain “limitations” are overcome.

It lists these perceived limitations as:

Quantum key distribution is only a partial solution:

Quantum Key Distribution (QKD) alone does not provide source authentication, requiring additional measures like asymmetric cryptography or preplaced keys. Quantum-resistant cryptography can offer similar confidentiality services with lower costs and a better-understood risk profile.

Quantum key distribution requires special-purpose equipment:

QKD relies on specialized equipment and physical layer communications, making it incompatible with software-based or network-integrated implementations. The need for dedicated fiber connections or free-space transmitters adds complexity and limits flexibility for upgrades.

Quantum key distribution increases infrastructure costs and insider threat risks:

QKD networks often require trusted relays, leading to increased infrastructure costs and heightened insider threat risks. This restricts the range of viable use cases for QKD.

Securing and validating quantum key distribution is a significant challenge:

The practical security of QKD systems depends on hardware and engineering designs rather than theoretical unconditional security from the laws of physics. Validating QKD’s cryptographic security is challenging due to the stringent error tolerance required, and vulnerabilities in specific hardware can undermine its security.

Quantum key distribution increases the risk of denial of service:

The sensitivity of QKD to eavesdroppers also exposes it to the risk of denial of service attacks. This highlights a significant vulnerability in QKD systems.

U.S. Backing Post Quantum Cryptography

Instead of QKD, it recommends “quantum-resistant or post-quantum cryptography (PQC) as a more cost-effective and easily maintained solution than quantum key distribution” until the above “limitations” are overcome.

Is PQC the way forward?

The NSA writes, regarding post-quantum cryptography, or “quantum-resistant algorithms” as they put it, that these algorithms “derive their security through mathematical complexity” and “provide the means for assuring the confidentiality, integrity, and authentication of a transmission—even against a potential future quantum computer.”

QNu Labs and many other OEMs across the world, who have built QKD systems spending a lot of effort and money do not agree with the NSA’s viewpoint. They believe that QKD offers a specific value in terms of unhackable security to the encryption keys which is not possible through any other means. These OEMs have been improving systems over the years and with initial deployments underway, they are getting feedback from the real-world deployments to learn and improve the QKD systems to build viable QKD networks.

McKinsey notes that “PQC solutions are still nascent and because it is impossible to test them against quantum computers that do not yet exist, they haven’t been conclusively proven to protect quantum—or even conventional—threats.” Given that the foundation of PQC algorithms is based on computational complexity, it is theoretically insecure compared to QKD.

What’s more, as has been extensively reported, one of the NIST’s PQC finalists has already had its algorithm cracked and several serious vulnerabilities have been found and reported.   This certainly does not instil confidence in the approach as it indicates that the PQC algorithms will continue to evolve and be replaced by the new algorithms. 

Our take on QKD and Quantum Communications

While QNu Labs tend to agree with the NSA’s opinion that successful QKD adoption is highly implementation-dependent, we and many other OEMs disagree with some of the claimed technical limitations of QKD.

As the QNu Labs’ Armos solution shows – together with the path adopted by Europe, Asia, and Australia – QKD is a viable and essential tool in securing communications in a quantum world. 

Specifically, in response to the NSA points, we believe:

  1. “Quantum key distribution is only a partial solution”: PQC cannot guarantee that it will remain safe against future quantum computing power. QKD on the other hand can make this claim. And even more so, QKD and PQC can absolutely coexist. Indeed it is the plan by the EU and others to adopt PQC on top of their QKD networks as a second line of defence.
  2. “Quantum key distribution requires special purpose equipment”: specialized equipment is required in communication environments all the time. Solutions such as QNu Labs’ Armos can be placed into racks as standard 2U communication equipment, and can be set up as easily as setting up a switch. What’s more, specialized equipment significantly reduces the scope for attack and manipulation: anyone, anywhere in the world can attempt to break an algorithm with increasing computing power and generative AI tools to help the attacker. Whereas only those with physical access to QKD equipment and special knowledge can even consider interfering with QKD’s secure communication.
  3. “Quantum key distribution increases infrastructure costs and insider threat risks”: as with any new technology, the costs related to QKD equipment are coming down dramatically. Many solutions, such as those from QNu Labs simply plug into existing networks, with no additional infrastructure costs required. PQC also has indirect infrastructure costs. The highly compute-intensive algorithms PQC relies on require additional compute and memory resources from existing equipment if they are to work without increasing the latency and throughput of the underlying data pipes. Thus it is unclear if the total cost of ownership (TCO) of PQC is actually higher or lower than QKD. This requires additional research. The insider threat can be mitigated both by special solutions integrated into the QKD systems, as is the case with QNu Labs’ systems; and also through smart multiple path key routing on the network. Of course, PQC solutions are just as susceptible to the insider threat, and perhaps even more so.
  4. “Securing and validating quantum key distribution is a significant challenge”: as with any new industry, processes to secure and validate QKD systems will increasingly be available to vendors and users as the industry grows. QNu Labs’ for example, has been working with some of the most demanding government security organizations to test and validate its offerings.
  5. “Quantum key distribution increases the risk of denial of service”: Sophisticated QKD systems, such as QNu Labs’ Armos, can run in parallel to the existing network and are in many ways impervious to DoS attacks. What’s more, as QKD generates many more keys than consumed by routers today, router manufacturers can implement fallback options, such as keeping a QKD-generated key buffer to verify that communication continues uninterrupted even if the QKD line breaks. Finally, QKD works out-of-band, further refuting this point.

A recent Forbes article concurs with many of these points, adding the following instructive elements:

  • QKD systems authenticate at both ends of the exchange, seamlessly securing communication
  • Current in-ground fiber infrastructure is enough to support QKD
  • Distance limitations between endpoints are quickly being minimized
  • Many of the criticisms of QKD from NIST and the NSA are regarding issues that have subsequently been corrected
  • Regarding eavesdropping and potential denial of service attacks, keys can be redirected “so quickly and randomly that the user will see no performance impact, and the interloper will be shut out”

The bottom line is that as the rest of the world has decided, quantum cryptography in the form of QKD is an essential part of quantum encryption, and will play a central role in securing quantum communications going forward.

Conclusion

After carefully examining the current implementations and emerging protocols and QKD systems, the global consensus concludes QKD as an integral component of quantum encryption and is here to stay.  Acknowledging the strengths and weaknesses of both QKD and PQC, the prevailing approach involves overlaying PQC on top of QKD for a comprehensive and effective secure quantum communications solution and several hybrid solutions have emerged and are being deployed across industries.

QKD keys will be extended to longer distances by using PQC to extend the QKD keys to the cloud. 

QNu Labs has announced its enterprise platform ‘QShield’ which offers solutions leveraging both quantum and post-quantum cryptography technologies. QNu Labs also believes that while the PQC layer using NIST-specified algorithms will be widely adopted for interoperability, countries will also build and use proprietary cryptography layers to strengthen the overall security of the stack.