What is Quantum Key Distribution (QKD) | Fortinet (original) (raw)
Why is QKD the future of secure communications in the quantum age?
We’re living in a time of increasingly sophisticated and rapidly changing cyber threats. The threat level is at its highest ever – and previously reliable tools such as 128-bit encryption are increasingly at risk of failure.
Quantum computing is at the forefront: threatening existing cybersecurity measures but also providing a way to protect against new threats. At the core is quantum cryptography, and specifically quantum key distribution (QKD), which is emerging as a vital cybersecurity defense mechanism for organizations advancing toward quantum-ready security architectures.
QKD makes communications safe by leveraging the principles of quantum mechanics to secure the distribution of the encryption keys used for secure data communication. QKD is a subset of quantum computing, a type of computing that uses quantum mechanics to move away from classical computing that uses digital bits of 0s and 1s to instead use quantum bits, or qubits.
Quantum mechanics explains why quantum cryptography differs from the cryptography used today. Classical cryptography relies on mathematical complexity, but quantum cryptography uses the fundamental laws of physics to guarantee security.
QKD is just one example of quantum cryptography: the secure key that QKD establishes is immune to eavesdropping thanks to the principles of quantum mechanics.
Why QKD matters in today’s cybersecurity environment
The growing importance of QKD stems from its ability to address the looming threat of code-breaking quantum computers, which could potentially break many of the encryption methods currently used to protect our data. The risk is often associated with quantum day (Q-day), the point when quantum systems are expected to render encryption standards like RSA and ECC obsolete.
QKD is considered a robust defense against these emerging cybersecurity threats because it relies on the principles of quantum mechanics. If an eavesdropper attempts to intercept or measure the quantum signals used to generate the key, it inevitably disturbs the signal.
And here’s the magic: because an observation disturbs the signal it reliably alerts the recipients to an intruder. QKD provides a way to make communication secure using a mechanism that’s immune against even the most powerful quantum computers.
How does the quantum mechanics behind QKD work?
When an application uses QKD key generation the sender encodes a random sequence of bits into qubits, using properties like photon polarization or entanglement. These qubits, the quantum key, are then transmitted to the recipient over a quantum channel, typically a fiber optic cable.
The recipient measures the incoming qubits using randomly chosen bases. After transmission, sender and recipient compare a subset of their measurement bases over a classical channel. Any discrepancies would reveal potential eavesdropping, and the parties would know the crypto key has been exposed.
Current QKD solutions
Most QKD solutions combine key distribution appliances with link encryptors, so QKD appliances establish secret keys over optical and store these for encryptors. The encryptors then combine these keys with their own using public key cryptography to encrypt data.
QKD uses different protocols such as BB84 and E91, which are specific methods for encoding and measuring these qubits, with BB84 focusing on polarized photons and E91 on entangled pairs, each offering a distinct approach to establishing a secure key.
QKD's advantages over classical encryption
Classical encryption, like RSA or AES, relies on the computational difficulty of certain mathematical problems to encrypt data. The problem is that, as quantum computers advance, quantum computers now threaten to solve previously difficult problems with incredible efficiency, creating new quantum computing security challenges for existing encryption systems.
This means many current encryption methods will soon be vulnerable to easy decryption.
QKD, however, is rooted in the laws of quantum physics, not mathematical assumptions. Its theoretical "unbreakability" stems from its quantum properties: merely attempting to look at the transmitted data alerts the legitimate parties to an intrusion.
Key benefits of QKD
With QKD detection capability is built into the signal and, used correctly, provides a level of security that is impossible to achieve with classical encryption. The three key benefits of QKD are:
- Deployable now, offering quantum-safe security independent of an adversary's computing power
- Actively detects and mitigates eavesdropping attempts, ensuring secure communication.
- Provable and future-proof nature, remaining uncompromised by advances in math or computing.
How does QKD compare to PQC?
| Feature | Classical Encryption | Post-Quantum Cryptography (PQC) | Quantum Key Distribution (QKD) |
|---|---|---|---|
| Security Basis | Mathematical complexity | Mathematical problems believed hard for quantum computers | Laws of quantum physics |
| Resistance to Quantum Computers | Vulnerable | Designed to be resistant | Highly resistant |
| Infrastructure Requirements | Existing infrastructure | Largely compatible with existing infrastructure | Specialized hardware, potentially dedicated fiber optic lines |
| Range/Scalability | Highly scalable | Highly scalable | Limited by distance and hardware |
| Eavesdropping Detection | Difficult to detect | Difficult to detect | Theoretically detects eavesdropping |
| Use Cases | General-purpose encryption, data at rest, secure communication | General-purpose encryption, long-term security, data in transit and at rest | Secure key distribution for high-security applications, government, finance |
PQC (Post-Quantum Cryptography) is a software-based approach that aims to protect existing data transmission routes against the novel attacks of quantum computers, but it still relies on mathematical techniques. These are currently believed to be difficult for quantum computers, but future breakthroughs might change that.
QKD, in contrast, is a hardware-based approach. Its pure quantum nature means it will retain its protective mechanism regardless of future computational advancements because there’s simply no way an outside observer can observe the quantum signal without disturbing it and altering the legitimate parties.
The practical advantages of QKD for long-term data security are significant. While PQC aims to provide security based on existing encryption methods, QKD provides theoretically unbreakable protection against eavesdropping attempts.
Implementing QKD within communication infrastructure
Given its nature, QKD can be readily integrated into existing fiber optic networks, which already form the backbone of modern telecommunications. QKD systems transmit quantum signals, typically single photons, through these fibers. However:
- The distance over which QKD can function is limited by the signal loss inherent to fiber, to extend these distances, trusted nodes or quantum repeaters are necessary
- Trusted nodes involve decrypting and re-encrypting the key, while quantum repeaters aim to directly extend the quantum signal range (a technology still under development).
For long-distance communication, especially across continents, satellites can transmit quantum signals to ground stations using lasers, enabling secure key distribution over vast distances. Drawbacks include atmospheric interference, signal loss, and the need for precise satellite tracking.
It’s worth noting that QKD systems rely on specialized hardware, from the photon sources that generate single photons or entangled photon pairs, which carry the quantum information – all the way to photon detectors measuring the incoming photons and determining their quantum states.
This specialized hardware and infrastructure leads to significant costs as upgrading existing fiber optic networks or deploying satellite QKD systems requires substantial investment.
Vulnerabilities in QKD implementation
QKD is, in theory, unbreakable – but only if implemented correctly. Practical implementations sometimes introduce vulnerabilities that can be exploited, illustrating how quantum computing security risks can emerge even in next-generation systems. And this is why real-world QKD systems have at times been susceptible to attacks that circumvent the intended security.
Two examples of vulnerabilities include:
- Phase remapping: creates a backdoor for eavesdroppers by manipulating the phase of signals as they enter and exit a device. This attack specifically targets the necessary input/output processes found in many commercial QKD systems.
- Photon number-splitting: Ideally, QKD protocols rely on single-photon transmissions, but in practice, multi-photon emissions occur. An eavesdropper can intercept these extra photons without detection, compromising the key. That said, correct implementations mitigate all these risks.
Real world applications of QKD
QKD is most applicable to scenarios where vital, sensitive information is shared and where data security is paramount. Its ability to generate and disseminate unbreakable encryption keys is important in sectors like telecommunications, banking, and national defence. QKD will also play a role in data security within critical infrastructure, such as power grids and healthcare systems.
That’s why we’re steadily seeing QKD roll out in the real world – and even in consumer devices. Samsung’s Galaxy Quantum2 smartphone integrates QKD technology through a partnership with SK Telecom, marking one of the first consumer-facing applications of quantum cryptography. A few other examples include:
- Breakthrough from Verizon: In the US, Verizon achieved a milestone by successfully trialing quantum key distribution in Washington D.C., positioning itself as an early adopter of the technology among American carriers. This advancement builds upon prior QKD testing conducted by Telefónica and Huawei.
- Secure shipping: To secure its defense technology, Hyundai Heavy Industries, the world's largest shipbuilder, has implemented quantum cryptography communication. Hyundai highlighted that data encoded in a quantum state is virtually unhackable without quantum keys.
- IP security: It’s also worth mentioning that SK Telecom has deployed quantum network infrastructure to secure IP equipment, demonstrating promising enterprise-grade applications.
- QKD for firewalls: Fortinet’s FortiGate NGFW now integrates with QuintessenceLabs’ qOptica 100 QKD system to protect data in transit across wide-area networks. This hybrid approach combines quantum key distribution with traditional encryption protocols.
Fortinet also works with Quantum Xchange to enhance Fortinet's Secure SD-WAN with quantum-safe security. Quantum Xchange's Phio TX adds a secondary, quantum-protected encryption key layer to Fortinet's FortiGate NGFW.
Reshaping cybersecurity with QKD
QKD is clearly a paradigm shift in cybersecurity that moves us beyond computational complexity to the immutable laws of quantum physics. Future cryptography won't rely on algorithms that might be cracked by advancing technology – and arguably, current critical applications shouldn’t either.
Instead, it’s time to move to quantum principles that are inherently secure because it’s the only way to defend against powerful quantum computers that can break today’s cybersecurity defenses.
Fortinet will continue to support QKD technology as it matures. That includes advancements in quantum repeaters and miniaturization. QKD will become a cornerstone of cybersecurity infrastructure, ensuring a more secure digital future in the face of evolving cyber threats.
Quantum key distribution FAQs
Why is encrypted data vulnerable in transit?
Encrypted data in transit can be intercepted even if the content is scrambled (encrypted). Strong encryption makes the data unreadable without the correct key, but implementation errors and the use of flawed protocols and compromised endpoints introduce risk.
What are the security implications of quantum computing?
Quantum computing has the potential to break many of the cryptographic systems currently protecting digital communications and data worldwide. Large-scale, fault-tolerant quantum computers, using algorithms like Shor's algorithm, are predicted to soon be able to break public-key cryptography, including RSA.
Are there established international standards for QKD?
International standards or binding regulatory frameworks specifically for QKD technology are still under development, including by the European Telecommunications Standards Institute (ETSI) and the International Telecommunication Union (ITU).
How interoperable are vendor’s QKD systems?
The interoperability between QKD systems from different vendors is generally quite limited. Many existing QKD systems and network deployments utilize proprietary hardware components, control software, and communication protocols that are specific to a single manufacturer.
What skills are required to operate QKD networks?
Deploying and managing QKD networks demands foundational knowledge in quantum physics and optics and knowledge of handling the delicate optical hardware involved, as well as strong network engineering capabilities and expertise in cryptography.