Quantum cryptography experimental battle-testing: thwart the easy attacks first!
Quantum cryptography will be a key asset for securing private and sensitive communications in the near future. To be efficient, technologies like Quantum Key Distribution (QKD) have to resist external attacks.
Researchers from Télécom Paris, Institut Polytechnique de Paris, have shown in an experiment published in NatureScientific Reports that a given security vulnerability can lead to attack paths exhibiting different experimental complexity. They introduce a comprehensive methodology to rate attacks. This enables the development of countermeasures against the easiest attacks to be prioritized and improves the design of quantum cryptographic hardware, paving the way for their security certification.
QKD security makes it possible to establish keys whose security can be guaranteed in the future even against an adversary with unbounded computational power
Romain Alléaume / Associate Professor at Télécom Paris, Institut Polytechnique de Paris
Being able to send messages that can be kept secret from possible eavesdroppers has always been of utmost importance in our society. From Julius Caesar, who used a form of encryption to communicate with his army generals, to some striking applications of telecommunication networks such as telemedicine, the ability to guarantee a high-security level has always been critical. In this context, Quantum Key Distribution (QKD) is an approach whereby a secret key between distant parties can be established.
Romain Alléaume, Associate Professor at Télécom Paris, Institut Polytechnique de Paris, explains: “Whereas the cryptographic techniques used today rely on the conjectured difficulty of some mathematical problems, QKD security, on the contrary, is solely based on the laws of quantum physics. It, therefore, makes it possible to establish keys whose security can be guaranteed in the future, even against an adversary with unbounded computational power, including a quantum computer.”
Classical and quantum cryptography complementarity
Despite providing stronger security, QKD and more generally, quantum cryptography, is unlikely to replace classical cryptography, since it does not provide all the security services and is currently mostly restricted to metropolitan distances. QKD can nevertheless provide unprecedented security levels for some targeted applications when used in combination with classical cryptography. We can make a parallel between cars and networks: whereas we tend to drive ever faster, using seatbelts only (classical cryptography) may not provide enough security. In that respect, QKD plays a role analogous to the airbag: an additional security layer to protect data confidentiality in the long term. These attractive promises have encouraged recent deployments of QKD networks, notably in the UK, Japan, Korea, and on a large scale, in China.
Need for Security Certification
In 2018, Europe launched the European Quantum Flagship, a 10-year initiative aimed at developing disruptive quantum technologies in different areas of interest, one of them being quantum communications. The project CiViQ, of which Romain Alléaume is a member, has the main goal of providing and integrating QKD technology into existing current telecom infrastructures. Seeing its importance, in 2019, Europe also launched the EuroQCI initiative aimed at deploying a pan-European quantum communication infrastructure in the next 10 years, connecting strategic public sites and contributing to European digital sovereignty. Thus, among the specificities of EuroQCI, this infrastructure will combine classical and quantum cryptography and will be based on security certified QKD systems, that do not yet exist. The QKD promise of unconditional security is indeed not sufficient to guarantee high security for practical device implementations.
