QNu Labs

The Great Battle to Control Future Encryption: QNu’s Perspective

The Great Battle to Control Future Encryption: QNu’s Perspective

MARCH 04, 2024 | QNu Labs


Emergence of Quantum Cryptography :

Encryption, a crucial digital security practice, conceals information from unauthorized access by establishing entry parameters, akin to a password for data retrieval. It involves transforming data into an unreadable format using intricate algorithms, rendering it inaccessible to unauthorized entities. While authorized users can decipher the encryption, the proliferation of quantum computers poses a new threat to conventional encryption methods.

In response to the impending quantum era, two divergent strategies have emerged globally. The U.S., led by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA), leans towards Post-Quantum Cryptography (PQC). Conversely, the rest of the world, exemplified by Europe’s EuroQCI initiative, favours Quantum Key Distribution (QKD) as the linchpin for secure quantum communications. The European Quantum Communication Infrastructure(EuroQCI) initiative aims to build a secure quantum communication infrastructure that will span the whole EU, including its overseas territories.

The European Union, along with Asia-Pacific countries like South Korea, China and Japan, invests significantly in QKD infrastructure, recognizing its importance. China, a pioneer in QKD, has already implemented a 4,600km QKD network and launched many QKD satellites into space.

The U.S. stance, articulated by the NSA, emphasizes PQC over QKD due to perceived limitations. They argue that QKD is a partial solution, requiring additional measures, specialized equipment, and incurring infrastructure costs. Furthermore, validating QKD’s cryptographic security is deemed challenging.

In contrast, proponents of QKD, including Europe and Asia-Pacific regions, dispute these limitations. They argue that QKD remains viable and essential in securing communications in a quantum world. Addressing concerns raised by the NSA, they contend that QKD is more robust than PQC in guaranteeing security against future quantum computing power. Regarding specialized equipment and infrastructure costs, they argue that QKD solutions (such as Armos from QNu Labs) exist today that can seamlessly integrate into existing networks without additional expenses. They also highlight QKD’s resilience against tampering, side-channel attacks, insider threats and potential denial-of-service attacks.

An article from Forbes echoes these sentiments, emphasizing QKD’s authentication, compatibility with existing fiber infrastructure, diminishing distance limitations, and rectification of previously criticized aspects.

Encryption serves as a fundamental digital security practice, concealing information from unauthorized access by establishing stringent entry parameters. Essentially functioning as a digital password, it acts as a prerequisite for a computer to access data from the corresponding server.

To encrypt data is to transform its information into an unintelligible format, leveraging intricate algorithms to render it inaccessible. Despite an attacker potentially observing the file, the encryption algorithm ensures its uselessness. Authorized users possess the means to decipher the algorithm, allowing them to restore the information to its original format.

In the contemporary digital landscape, encryption extends its reach to various realms, including voice calls, messaging, emails, browsing, internet banking, and e-commerce. However, the emergence of quantum computers, exemplified by IBM’s 433 qubit quantum computer and plans for a 100,000 qubit version, poses new threats. As quantum computers become more accessible, securing data and communication becomes increasingly crucial for diverse organizations, spanning governments, telecommunications, healthcare, and data canters.

Examining these positions, particularly the NSA’s stance on QKD versus PQC reveals a divergence in global strategies. Europe, notably through the European Quantum Communication Infrastructure Initiative (EuroQCI) and the European Telecommunications Standards Institute (ETSI), heavily endorses QKD. This strategic initiative has already been funded to the tune of €270m this year, with a total of €2 billion set to go to related initiatives. In another example, ETSI, the European Telecommunications Standards Institute, is leading the pack in providing important standardization when it comes to QKD.

Other countries, such as South Korea, Japan, Singapore, and China, exhibit significant investments and advancements in QKD networks, solidifying their commitment to quantum cryptography. Many other countries have likewise been pouring resources into a QKD-secured future. South Korea, for example, has a 2,000 km-long QKD network and is intensifying its efforts in this areaJapan has an expanding testbed, and Singapore announced it is setting up a national QKD network. China is a world leader in QKD. Apart from the impressive QKD-related academic work, China has already established a working QKD network of around 5,000km, as well as putting a QKD satellite into space – thus positioning itself as the world leader in quantum cryptography by a wide margin.

Worryingly, many experts wonder if China already knows something about encryption, particularly PQC,  already being broken – which would explain such intense efforts to bolster their QKD-based security.

In the U.S., the NSA highlights perceived limitations of QKD in a paper on “Quantum Key Distribution (QKD) and Quantum Cryptography (QC).” However, the rest of the world sees QKD differently, viewing it as a vital tool in securing communications in a quantum environment.

While acknowledging the implementation-dependent nature of QKD adoption, disagreements arise over the technical limitations cited by the NSA. Contrary to claims, proponents argue that QKD is a comprehensive solution, offering advantages such as resistance to future quantum computing power, ease of integration into existing networks, and potential cost-effectiveness. 

Armos - Quantum Key Distribution (QKD)

The NIST and NSA position on QKD and Quantum cryptography

There are a number of government-sanctioned institutions in the U.S. that deal with questions around quantum cryptography, quantum encryption, and quantum communication in general. Foremost among them are the NSA and NIST. Both of these bodies have released positions on their view of the future of quantum security.

In a paper entitled “Quantum Key Distribution (QKD) and Quantum Cryptography (QC)” the NSA notes that it does not recommend the use of these technologies in its systems unless certain “limitations” are overcome.

It lists these perceived limitations as:

Quantum key distribution is only a partial solution:

Quantum Key Distribution (QKD) alone does not provide source authentication, requiring additional measures like asymmetric cryptography or preplaced keys. Quantum-resistant cryptography can offer similar confidentiality services with lower costs and a better-understood risk profile.

Quantum key distribution requires special-purpose equipment:

QKD relies on specialized equipment and physical layer communications, making it incompatible with software-based or network-integrated implementations. The need for dedicated fiber connections or free-space transmitters adds complexity and limits flexibility for upgrades.

Quantum key distribution increases infrastructure costs and insider threat risks:

QKD networks often require trusted relays, leading to increased infrastructure costs and heightened insider threat risks. This restricts the range of viable use cases for QKD.

Securing and validating quantum key distribution is a significant challenge:

The practical security of QKD systems depends on hardware and engineering designs rather than theoretical unconditional security from the laws of physics. Validating QKD’s cryptographic security is challenging due to the stringent error tolerance required, and vulnerabilities in specific hardware can undermine its security.

Quantum key distribution increases the risk of denial of service:

The sensitivity of QKD to eavesdroppers also exposes it to the risk of denial of service attacks. This highlights a significant vulnerability in QKD systems.

U.S. Backing Post Quantum Cryptography

Instead of QKD, it recommends “quantum-resistant or post-quantum cryptography (PQC) as a more cost-effective and easily maintained solution than quantum key distribution” until the above “limitations” are overcome.

Is PQC the way forward?

The NSA writes, regarding post-quantum cryptography, or “quantum-resistant algorithms” as they put it, that these algorithms “derive their security through mathematical complexity” and “provide the means for assuring the confidentiality, integrity, and authentication of a transmission—even against a potential future quantum computer.”

QNu Labs and many other OEMs across the world, who have built QKD systems spending a lot of effort and money do not agree with the NSA’s viewpoint. They believe that QKD offers a specific value in terms of unhackable security to the encryption keys which is not possible through any other means. These OEMs have been improving systems over the years and with initial deployments underway, they are getting feedback from the real-world deployments to learn and improve the QKD systems to build viable QKD networks.

McKinsey notes that “PQC solutions are still nascent and because it is impossible to test them against quantum computers that do not yet exist, they haven’t been conclusively proven to protect quantum—or even conventional—threats.” Given that the foundation of PQC algorithms is based on computational complexity, it is theoretically insecure compared to QKD.

What’s more, as has been extensively reported, one of the NIST’s PQC finalists has already had its algorithm cracked and several serious vulnerabilities have been found and reported.   This certainly does not instil confidence in the approach as it indicates that the PQC algorithms will continue to evolve and be replaced by the new algorithms. 

Our take on QKD and Quantum Communications

While QNu Labs tend to agree with the NSA’s opinion that successful QKD adoption is highly implementation-dependent, we and many other OEMs disagree with some of the claimed technical limitations of QKD.

As the QNu Labs’ Armos solution shows – together with the path adopted by Europe, Asia, and Australia – QKD is a viable and essential tool in securing communications in a quantum world. 

Specifically, in response to the NSA points, we believe:

  1. “Quantum key distribution is only a partial solution”: PQC cannot guarantee that it will remain safe against future quantum computing power. QKD on the other hand can make this claim. And even more so, QKD and PQC can absolutely coexist. Indeed it is the plan by the EU and others to adopt PQC on top of their QKD networks as a second line of defence.
  2. “Quantum key distribution requires special purpose equipment”: specialized equipment is required in communication environments all the time. Solutions such as QNu Labs’ Armos can be placed into racks as standard 2U communication equipment, and can be set up as easily as setting up a switch. What’s more, specialized equipment significantly reduces the scope for attack and manipulation: anyone, anywhere in the world can attempt to break an algorithm with increasing computing power and generative AI tools to help the attacker. Whereas only those with physical access to QKD equipment and special knowledge can even consider interfering with QKD’s secure communication.
  3. “Quantum key distribution increases infrastructure costs and insider threat risks”: as with any new technology, the costs related to QKD equipment are coming down dramatically. Many solutions, such as those from QNu Labs simply plug into existing networks, with no additional infrastructure costs required. PQC also has indirect infrastructure costs. The highly compute-intensive algorithms PQC relies on require additional compute and memory resources from existing equipment if they are to work without increasing the latency and throughput of the underlying data pipes. Thus it is unclear if the total cost of ownership (TCO) of PQC is actually higher or lower than QKD. This requires additional research. The insider threat can be mitigated both by special solutions integrated into the QKD systems, as is the case with QNu Labs’ systems; and also through smart multiple path key routing on the network. Of course, PQC solutions are just as susceptible to the insider threat, and perhaps even more so.
  4. “Securing and validating quantum key distribution is a significant challenge”: as with any new industry, processes to secure and validate QKD systems will increasingly be available to vendors and users as the industry grows. QNu Labs’ for example, has been working with some of the most demanding government security organizations to test and validate its offerings.
  5. “Quantum key distribution increases the risk of denial of service”: Sophisticated QKD systems, such as QNu Labs’ Armos, can run in parallel to the existing network and are in many ways impervious to DoS attacks. What’s more, as QKD generates many more keys than consumed by routers today, router manufacturers can implement fallback options, such as keeping a QKD-generated key buffer to verify that communication continues uninterrupted even if the QKD line breaks. Finally, QKD works out-of-band, further refuting this point.

A recent Forbes article concurs with many of these points, adding the following instructive elements:

  • QKD systems authenticate at both ends of the exchange, seamlessly securing communication
  • Current in-ground fiber infrastructure is enough to support QKD
  • Distance limitations between endpoints are quickly being minimized
  • Many of the criticisms of QKD from NIST and the NSA are regarding issues that have subsequently been corrected
  • Regarding eavesdropping and potential denial of service attacks, keys can be redirected “so quickly and randomly that the user will see no performance impact, and the interloper will be shut out”

The bottom line is that as the rest of the world has decided, quantum cryptography in the form of QKD is an essential part of quantum encryption, and will play a central role in securing quantum communications going forward.


After carefully examining the current implementations and emerging protocols and QKD systems, the global consensus concludes QKD as an integral component of quantum encryption and is here to stay.  Acknowledging the strengths and weaknesses of both QKD and PQC, the prevailing approach involves overlaying PQC on top of QKD for a comprehensive and effective secure quantum communications solution and several hybrid solutions have emerged and are being deployed across industries.

QKD keys will be extended to longer distances by using PQC to extend the QKD keys to the cloud. 

QNu Labs has announced its enterprise platform ‘QShield’ which offers solutions leveraging both quantum and post-quantum cryptography technologies. QNu Labs also believes that while the PQC layer using NIST-specified algorithms will be widely adopted for interoperability, countries will also build and use proprietary cryptography layers to strengthen the overall security of the stack.