What applications of quantum computing are there in communications security?
In previous articles, we have discussed both the fundamentals of quantum computing and its impact on cybersecurity, addressing current challenges and solutions. However, the implications of this technology extend beyond cybersecurity, affecting other sectors as well, such as communications. As quantum technology advances, the field of communications security has become a critical area of interest due to the new capabilities and vulnerabilities it introduces.
1. Post-quantum cryptography
One of the most relevant topics in the field of communications security is post-quantum cryptography, which is being developed to protect traditional communication systems against attacks by quantum computers. While current encryption systems, such as RSA y ECC, are secure against classical computers, quantum computers, using algorithms such as Shor, can crack these systems in reasonable time. In fact, the U.S. National Security Agency (NSA) and NIST (National Institute of Standards and Technology) are already working on post-quantum cryptographic standards.
The challenge is to design algorithms that not only resist quantum attacks, but are also efficient and secure on classical devices. Some of the most promising approaches in post-quantum cryptography include systems based on mathematical problems such as lattice-based cryptography, multivariate polynomials, and hash-based cryptography. These approaches are being intensively studied for adoption in secure communications networks and messaging systems.
- Lattice-Based Cryptography:
Lattice-based cryptography is based on the difficulty of solving mathematical problems related to geometric structures called lattices. In particular, these problems, such as the “nearest decoding” or the “short lattice” problem, are considered difficult even for quantum computers. Cryptographic schemes that rely on lattices include Learning With Errors (LWE) and Ring-LWE, which are fundamental for designing algorithms resistant to quantum attacks. This technique also has applications in homomorphic encryption, allowing the processing of encrypted data without the need for decryption.
Advantages: Lattices provide a solid mathematical foundation that offers security even against quantum computers.
Example: The Kyber algorithm, a candidate in the NIST competition for post-quantum cryptography, is based on lattices.
References: NIST Post-Quantum Cryptography Standardization - Multivariate Polynomial Cryptography:
This technique uses the difficulty of solving systems of multivariate equations over finite bodies. In simple terms, it is based on the complexity of finding solutions for systems of equations with multiple variables, a problem considered intractable for both classical and quantum computers. This approach has been used primarily to create digital signatures secure against quantum attacks.
Advantages: Multivariate systems can generate extremely efficient and lightweight digital signature schemes, making them ideal for resource-constrained devices.
Challenges: Although highly efficient, some variants of this cryptography have been vulnerable to cryptanalytic attacks.
Examples: The Rainbow algorithm is a multivariate polynomial-based scheme being considered by NIST for post-quantum cryptography.
References: Post-Quantum Multivariate Cryptography Overview - Hash-Based Cryptography:
Hash-based cryptography leverages cryptographic hash functions as building blocks. The security of these schemes is directly derived from the security of the underlying hash functions, which are resistant to both quantum and classical attacks. One of the best known examples is the Merkle digital signature scheme, also known as Merkle tree, which generates digital signatures based on hashes efficiently.
Advantages: Hash schemes are relatively simple and well studied. Their resistance to quantum attacks is quite strong, although they do not offer a complete solution to all cryptographic problems.
Applications: Generally, these schemes are used to create digital signatures (e.g. SPHINCS+), as they are quite efficient and do not require as much computational power as other forms of post-quantum cryptography.
References: Merkle Trees and Hash-Based Signatures
These three areas are fundamental pillars in post-quantum cryptography and are being actively investigated as possible solutions for when quantum computers become powerful enough to break current systems.
2. Quantum Key Distribution (QKD)
Another emerging and revolutionary application of quantum computing in communications is quantum key distribution (QKD). Unlike classical cryptographic systems, QKD uses the quantum properties of particles (such as photons) to ensure that any attempt to intercept the key is immediately detectable. The Protocol BB84, developed by Bennett and Brassard in 1984, is one of the earliest and best known examples of QKD .
The use of QKD in communications security offers unprecedented levels of protection, allowing the transmission of confidential information in an almost inviolable manner. Companies such as ID Quantique and research projects such as the China Quantum Science Satellite are implementing QKD in quantum communication networks, ushering in a new era in security.
3. Secure quantum networks
Beyond cryptography and key distribution, another significant advance is the creation of secure quantum networks. These networks, based on the principles of quantum teleportation and quantum entanglement, will allow information to be transmitted over long distances instantaneously and without risk of interception or alteration, representing a robust solution to eavesdropping.
Quantum infrastructures are currently being developed in countries such as China and the United States, with experimental tests that have succeeded in transmitting information via quantum satellites and quantum fiber optic links.
4. Protection against quantum attacks
Finally, one of the most important challenges for secure communications in the quantum era is to protect classical networks from quantum attacks. As discussed in the previous article on cybersecurity, the intersection between quantum computing and communications security could have significant consequences if effective countermeasures are not developed. Quantum computers, through algorithms such as Shor, can facilitate attacks by factoring RSA keys or decrypting AES-based systems.
A recent example of these threats is the breakthrough reported by Chinese scientists, who used quantum computers to compromise military-grade encryption, such as RSA and AES, demonstrating that these systems may be vulnerable to quantum attacks in the near future. This event reinforces the urgency of a transition to post-quantum cryptography algorithms (Tom’s Hardware, 2024).
5. QKD limitations and caveats
5.1. Limitations
First of all, high cost hardware requirements. Quantum networks require very specialized equipment, as single-photon sources and detectors, special shielded cables… which cost is high and the maintenance sophisticated. Therefore, that equipment is not suited to be deployed in offices or homes, even worse in mobile devices. That limitation arises the second limitation, long distances and end-to-end security. In the best case, a signal transmitted through a quantum channel can travel around 100km before it is degraded. To travel further, there are some solutions already proposed. First, “teleport” information, based on the entanglement principle . Although this is a promising solution, there a no effective results yet. Second, use satellite-based QKD. Although there already some satellites of this kind, the key transmission rely heavily on the weather, climate and other conditions out of human control. That leads us to the third option, using repeaters to extend the signal. That would solve the distance problem but would add a new one: end-to-end cryptography is unfeasible since each pair of neighbouring peers compute a different key each time they communicate. So after all, QKD requires classical cryptography, since peers must be authenticated before transmitting. There a couple of methods to achieve it, using keys for symmetric message authentication, or using post-quantum (quantum-resistant) cryptography. Nevertheless, no pure quantum-based peer authentication mechanism have been proposed, so classical cryptography is not going to disappear after all.
5.2. Unmature matter
Due to its limitations and the lack of standards QKD is still considered unmature. As we said before, the hardware required is very expensive. Moreover, even if the cost is affordable, more resources will be required to ensure the safety and security of those systems. These networks must be tested and evaluated as any other “classical” network. For example, the availability of quantum networks is low, since (not allowed) read attempts, interferences (intended or accidental), or any other tamper attempt result in a denial-of-service (DoS), since the is no correction fault mechanism yet.
Furthermore, there are no standards for QKD protocols or security proofs. Designing and implementing secure algorithms is a relly hard task that requires the participation of the entire community so that no vulnerability is missed. The discussion is open, but still no agreement on the standard. Without it, is much harder to define a common set of test and security proofs for each algorithm. Despite having different implementations, there should be a common baseline for testing and security audits, to ensure that systems are not only functional, but secure, for example against side-channel attacks, which Dr. Markku-Juhani O. Saarinen tested (power analysis, electromagnetic emission analysis, timing analysis) on two post-quantum cryptography algorithms: Kiber and Dilithium. Some efforts have been done to provide guidance about this topic, like the guides published by BSI.
In summary, applications of quantum computing in communications security offer both opportunities and challenges. Technologies such as post-quantum cryptography and quantum key distribution are advancing rapidly and could revolutionize the way we protect our communications in a future dominated by quantum computing. However, preparation for this change is essential; it must begin now to ensure that our infrastructures can withstand the technological advances of the coming decades.
