Security

Quantum Key Distribution: A Viable Solution for Businesses?

QKD is a powerful encryption mechanism. But it’s not rightsized for all businesses and comes with some risks.

Andrew Jenkins has worked as an information analyst for an intelligence agency in Washington, D.C., for over 14 years. He is the author of the 2022 book, The Devil Made Crypto. Follow him on LinkedIn.

Powerful quantum computers can break today’s encryption methods, jeopardizing the security of our private communications. But with quantum key distribution, an encryption mechanism that uses properties of quantum mechanics to establish secure communication between multiple parties, even the most complex encryption keys cannot be hacked.

Imagine a bad actor using a quantum computer to effortlessly infiltrate your most secure network to steal your business plans, employee data, client data, financial statements, intellectual property and other sensitive company data. Such breaches could cause major operational, financial, or reputational damage to the business. QKD was designed to prevent that.

Businesses large and small can benefit from QKD, particularly those in high-security industries such as government, the military and financial services. There are three major factors that characterize QKD, according to the Cambridge Journal of Science and Policy’s article on “Quantum Key Distribution: Advantages, Challenges and Policy”:

Unconditional security, which protects networks from bad actors with unlimited computational power (also referred to as “computationally unbounded attackers”)
Proficient detection, which detects eavesdropping and on-path attacks
Retrospective decryption protection, which prevents the copying and storing of encrypted messages in the present, decrypting them in the future when a more capable quantum computer becomes available

How Does QKD Work?

Unlike modern encryption protocols, which use logical and mathematical computation, QKD utilizes a quantum property called photons, or particles of light.

How does the process work? One party generates a series of randomly polarized photons and transmits them through an optical quantum channel. The second party randomly measures the photons and uses a photon detector to capture the correct photon basis. The results are then compared over a public channel, and if they match, a secret key is generated. At no point can an eavesdropper intercept, capture or accurately guess the secret key.

What makes QKD so highly sought after is its “no-cloning theorem,” according to the journal Light: Science and Applications, meaning that at no point can anyone measure, create or copy a single photon without modifying or destroying the original. This means that if an eavesdropper attempts to intercept a secret key in transit, the quantum state will change or self-destruct, notes the Journal of Physics. This ensures that the secret key is “unconditionally secure” against eavesdropping, per the journal EPJ Quantum Technology.

What Are Some QKD Challenges in Business?

Here are four of the most pressing challenges businesses might encounter with QKD that IT leaders need to know:

QKD is expensive. Hardware cost is one of the largest hurdles businesses faces when implementing QKD. For example, a fiber-optic network system, which acts as a quantum channel to transmit photons from sender to receiver, is expensive. Unless a business already owns a network system that connects it with its customers, it will have to either install one — which could cost between $5,000 and $60,000 per mile — or lease “dark fiber” from a supplier and pay a substantial upfront cost with recurring maintenance fees.

There are also costs for other hardware components, such as photon detectors, lasers, semiconductor chips, specialized cooling equipment and more. However, the more commercially available QKD hardware becomes, the less it will cost.

QKD photons can only travel so far. One of QKD’s most troubling limitations is that photons struggle to travel long distances. As they weaken, transmission often fails. This limitation makes it harder for businesses with customers across multiple states or countries to use QKD.

To solve this, businesses would need to contract with trusted third-party relay stations. A relay station is an intermediary node that can send photons over longer distances. Though doable, this too can be costly. Soon, however, IT leaders may be able to use quantum repeaters, which act as an intermediary between the sender and receiver, copying optical signals from the sender and retransmitting them to the receiver over a longer distance. Placing quantum repeaters between nodes would allow photons to be carried farther. But right now, quantum repeaters are still in the developmental stage.

Click the banner below to read the 2024 CDW Cybersecurity Research Report.

QKD lacks an authentication mechanism. Although QKD provides unconditional security, it doesn’t allow the sender or receiver to confirm that they are who they say they are before sending a message. Without authentication, there’s no way to detect tampering by an eavesdropper. Though QKD can disseminate quantum secret keys between participants, it cannot confirm who the keys are sent to. This presents a profound security risk, as it makes the presence of eavesdroppers virtually undetectable.

Researchers are working on ways to apply an authentication mechanism inside QKD. One experiment suggests encoding authentication information into a single photon (called an “authentication qubit”) and sharing it with participants. Researchers writing in the journal EPJ Quantum Technology also recommend enlisting a third-party arbiter to confirm the identities of participants using entangled quantum states.

QKD has physical system vulnerabilities. Too often, there are risks in the QKD hardware itself, according to the journal Scientific Reports. For example, because one cannot guarantee the security of every relay station in a quantum channel, businesses are more exposed to supply chain cyberattacks.

Is QKD a Good Choice for Businesses?

Given these challenges, is QKD a good choice for business cybersecurity? The answer is, maybe.

Ultimately, QKD is a viable solution for businesses that can afford it. For example, JPMorgan Chase has designed a quantum-secure network that incorporates QKD to protect their high-speed VPNs. Cisco, British Telecom, SoftBank and HSBC have also experimented with QKD in their business operations.

However, most small and medium-sized businesses may not be able to handle QKD’s high price tag. Rather than try to justify the costs of the labor-intensive implementation, teams should wait until QKD becomes more widely available.

WATCH: Check out the incredible power of quantum computing on business.

What Are Some Alternatives to QKD?

Businesses without abundant resources would fare better using alternatives such as Post-Quantum Cryptography. These quantum-resistant algorithms protect computer systems from quantum-enabled cyberattacks. Unlike QKD, PQC does not require expensive quantum-based hardware to function. You’ll only need to replace the system’s current encryption algorithms with the new PQC encryption algorithms. And although transitioning to PQC isn’t cheap, it’s substantially cheaper than QKD.

However, it’s worth noting that with quantum computers still early in their nascent stage, most PQC claims are theoretical. Therefore, quantum-resistant algorithms — such as module-lattice-based key-encapsulation mechanisms and stateless hash-based digital signature algorithms, which are now considered to be resistant to post-quantum attacks — may weaken over time.

In the future, QKD could be a self-reinventing security solution, but more training and testing is necessary to reduce some of its financial and security liabilities.

UP NEXT: What are the security implications of quantum computing?

bestdesigns/Getty Images