By
Dr. Sarah McCarthy
July 4, 2023
As organizations are navigating the choppy waters of adopting a quantum-secure posture before there are standards in place, it is still surprisingly commonplace to assume they must choose between an algorithm-only update with Post-Quantum Cryptography (PQC) or a new cryptographic model based on the laws of physics: Quantum Key Distribution (QKD). To dispel this misconception, we encourage those who want to build cryptographic resilience to focus on a “defence-in-depth” approach—a concept reminiscent of military strategies.
Rather than focussing all our efforts on the “front-line”- asymmetric cryptography - we can increase resilience by stacking diverse lines of protection, thereby delaying or obstructing an adversary’s access to critical data. Let’s review the distinction between the two technologies, their pros and cons, and how they complement each other to yield a multi-layered approach to quantum-secure infrastructure.
Post Quantum Cryptography (PQC) can be described as a collection of mathematical constructs built on problems that are more complex than those used in today’s public-key cryptography. As such, PQC can be run on classical computers today, like your laptop, smartphone, or smartcards, albeit with more specialized hardware for the more constrained devices. The security of PQC is based on the computational hardness of the underlying mathematical problems; that is, we are assuming the available resources of our strongest adversary and setting our parameters high enough so that said adversary could not crack the problem within an amount of time that is useful.
Quantum Key Distribution (QKD) revolves around quantum physics – we are fighting the quantum fight with quantum technology itself. With QKD, we have a much stronger security guarantee – the security of QKD established keys does not rely on unproven computational hardness assumptions. We must, of course, ensure our implementation is secure and we are satisfying the assumptions of the QKD system. An even bigger factor is that QKD requires bespoke hardware, in the form of key-generating devices and the infrastructure those keys travel on, including fibre optic cable, satellites, and other free-space platforms. It is not immediately obvious how QKD would replace existing Public Key Infrastructure (PKI). QKD-based key establishment also needs authentication, hence PQC can provide complementary functionality.
The defence-in-depth strategy attests that both PQC and QKD have their place, and both only go so far. By taking a layered approach of PQC, QKD, and even currently deployed cryptography like RSA and ECC, we can maintain that for an attacker to access the data, they must break through each layer individually. The chance of a complete break decreases with the number of layers, to the point that an attacker would be highly unlikely to do so within a non-negligible amount of time.
At a high level, we can deploy PQC on our networks “as-is”, yet add QKD as an extra layer of resilience, providing theoretical security and eavesdropping detection for assets requiring the highest level of security. We’ve seen a highly supported PQC algorithm[1] be broken in a weekend on a laptop, by a researcher who didn’t intend to break the encryption, but understand it in more depth in order to improve it. Michele Mosca, CEO of evolutionQ, globally recognized quantum cryptography expert, and decades-long advocate for quantum safety, has offered 9:1 odds that the NIST-standardized PQC key exchange algorithm will be broken within the next 10 years.
By utilising QKD to protect our most precious assets, we can rest assured that we have future-proofed our data, both in transit and in storage, from both classical and quantum attacks on PQC key exchange. Store Now, Decrypt Later (SNDL) attacks can be mitigated by encrypting today’s data with quantum-secure mechanisms. Leveraging QKD technologies today will form a barrier of protection against SNDL, that is not subject even to advancements in attacks against PQC.
As the quantum threat looms, can we really afford to not implement a defence-in-depth strategy? The stakes are much higher than with any previous migrations, like DES or Y2K. Every aspect of PKI is vulnerable, and the capabilities of quantum computers are still being understood.
As we approach the unprecedented challenge posed by the quantum revolution, organizations must embrace a multi-layered defense-in-depth strategy to safeguard valuable data and strengthen client trust. By harnessing the power of PQC and QKD, coupled with existing cryptographic solutions, future-focused teams can establish a resilient cryptographic infrastructure capable of mitigating known vulnerabilities as well as emerging threats. The time to act is now—proactively implementing a comprehensive defense-in-depth approach is essential to protect sensitive information and navigate the quantum landscape with confidence.