Last week’s post-quantum cryptography (PQC) standards announcement by the US Department of Commerce’s National Institute of Standards and Technology (NIST) has shone a much needed spotlight on next-generation network security requirements, but while the NIST approach is one that has already attracted significant support from the likes of BT, IBM and Nokia, alternative approaches are also well advanced.
The application of NIST’s three PQC standards will enable any organisation to repel attacks made by quantum computers against digital security defences: They are designed to run on standard IT systems but are claimed to be of such immense complexity as to be practically unbreakable, even by a future quantum computer – see NIST issues first three quantum-secure encryption standards.
However, there is more than one way to skin a Schrödinger's cat, and the development of other quantum-secure cryptographic algorithms and systems continues apace, particularly in the field of quantum key distribution (QKD).
QKD is a secure communication methodology of producing and exchanging encryption keys that are known only to two shared parties: It is based on a fundamental property of quantum physics whereby entangled qubits – a qubit, or quantum bit, is the basic unit of quantum information – store information with such a guaranteed level of security that any attempt by a third party to breach it is instantly detected. It is an immutable fact that any interference affecting a quantum system results in instantaneous, irreparable anomalies that de-cohere the quantum state and thus a communication is immediately aborted. Furthermore, it is impossible to copy or clone an unknown quantum state.