Quantum computing holds many promises like faster drug discovery, improved battery chemistries and better traffic planning, to name a few. But the world of quantum is not just about opportunity. In what might be its most discussed consequence, it will make one of the most common encryption methods obsolete. As a result, the technology has forced companies worldwide to implement a step change in cryptography practices – and telcos are already on the task.
The RSA – or Rivest-Shamir-Adleman – algorithm is widely used to encrypt information sent over the Internet. To put it simply, it relies on mathematical functions involving prime numbers which are easy to do in one direction and very difficult in the other. RSA can in theory be broken by a conventional computer, but this has not been a big concern historically because of how long it would take (think billions of years). One day, however, quantum computers will be able to break RSA with frightening speed.
Thankfully, that future is probably still quite distant. Today's quantum computers still cannot outperform conventional ones, and a lot of work is still needed to change that. What's more, BT's senior manager of optical networks and quantum research, Andrew Lord, pointed out during an interview with Light Reading that code cracking is not among the easiest tasks for quantum computing.
"It turns out that the code-cracking quantum computer is a much harder thing to build than a computer that's useful," he said, adding that "if you take a standard RSA code, it's 2,040 bits, so you need at least that [and] probably a lot more." Other quantum computer uses, like finding new medicines or optimizing chemistry might, conversely, need only hundreds of qubits.
According to Lord, the "full blown final quantum computer that has absolutely everything is probably still a long way off, but we don't have to wait quite as long to get to the good bits."
In 2019, researchers estimated it would take another 25 years before quantum computers would be able to break RSA. That means a lot of the information commonly shared and encrypted, like credit card details, will be obsolete by the time this becomes an issue. At the same time, a lot of sensitive personal or business information might still be very relevant.
What's more, while malicious actors may not be able to decrypt information anytime soon, they can still collect encrypted data long before they can crack the code in what is sometimes called harvest now, decrypt later (HNDL) attacks.
Although the danger is not exactly immediate, Lord thinks it is important to act now because it will take years to update the telecom security system. And while the National Institute of Science and Technology (NIST) in the US is already designing post-quantum algorithms, Lord argues that getting them ready will be a years-long process because of testing and other steps required.
QKD to the rescue?
Another solution may exist in the form of quantum key distribution (QKD), in which many telcos are already involved. It is a way of generating and distributing cryptographic keys based on quantum mechanics with specifically designed technology. One of its features is that it is said to make any intrusion by a third party visible.
Yet there has been some disagreement about whether QKD will be part of the solution. Most notably, NIST has in the past highlighted an issue with key authentication.
Asked if QKD is the solution to quantum computer decryption, Lord said: "I would like to think there was an increased body of opinion that it's part of the solution." But he admits there are still some hot debates inside the industry. And he does not expect it to be the only or entire solution – at the very least, not for some time – given the cost and complexity QKD entails.
Hardware, Lord says, is the main problem. He points to single photon detectors (SPDs) as the most challenging and expensive bit of hardware, and that's just the beginning.
"The system has modulators that will be controlled. It has probably a quantum random number generator at the heart of it generating random numbers. That itself has to be assured and provisioned and it has to operate randomly and it has to continue to do that and has to be tested," Lord said, concluding that "as soon as you get involved building hardware, then it's more of a challenge than just writing an algorithm."
This explains why Lord views QKD as only one part of the solution, with post-quantum cryptography also playing a role. This is less complex to use, relying only on algorithms. And Lord says many companies are planning to implement those alongside QKD. Given its cost and complexity, QKD may not appear everywhere to start with, but will likely be one of the components used, said Lord.
Indeed, BT and other telcos have been heavily involved in QKD. The British incumbent has been trialing the technology together with Toshiba and AWS here in the UK for EY and HSBC. Lord says the HSBC trial in particular has given the project a "new lease of life" because it focuses on actual financial use cases, such as those involving financial transactions.
At the same time, the trials have unveiled a challenge with scaling the technology. "Let's say you have 20 customers, each wanting a 10 gigabit link – that's 200 gigabits. If I give them all a wavelength, then that's a lot of wavelengths. That's not really a very practical way of building a network," he said.
Aggregation and testing
What's missing, he adds, is an aggregation function pulling together multiple customer data inputs, putting them into the same pipe and then protecting the pipe separately. He says BT would be interested in looking into this as a potential larger project. Last year, the company conducted a feasibility study for a national-scale QKD project and the lessons it learned would be useful if the government were to back such a project, Lord insists.
BT is, of course, not the only telco involved in quantum cryptography. Deutsche Telekom has been tapped by the EU to lead project Petrus, which is tasked with creating quantum-secured communications infrastructure EuroQCI for the block using QKD. The project also includes Airbus, the Austrian Institute of Technology (AIT) and Thales. The EU is aiming to create an encrypted satellite network, IRIS2, which will rely on this infrastructure.
Deutsche Telekom has also been tapped to lead a second EU project, Nostradamus, focused on developing quantum communications testing infrastructure together with AIT and Thales.
Yet another European telco involved in QKD is Orange. Last year, in partnership with broadband vendor Adtran, the operator demoed a 400G transition of QKD-secured data by combining QKD with classical cryptography. It has also worked with Toshiba to demonstrate the viability of deploying QKD with existing networks and services.
In what is already looking like a crowded field, Telefónica has also dabbled in quantum cryptography – in fact, it is involved in the same EuroQCI project as Deutsche Telekom. It is also participating in project Quarter, which seeks to increase the maturity of the technology.
Also exploring quantum cryptography is Vodafone, which is working on several initiatives to keep communications secure in the face of potential future quantum computing-equipped hackers. One of those is its partnership with Sandbox AQ, which seeks to establish a quantum-safe virtual private network (VPN) relying on post-quantum cryptography algorithms created by NIST.
With so many European heavyweights involved, quantum cryptography will likely be a topic to watch in the coming years.