It’s Not Too Early to Start Thinking About Post-Quantum Security

In networking and communication, information security is absolutely necessary when transmitting over any untrusted medium, especially the Internet. Interestingly, people have been trying to securely encrypt information for 1000s of years, mostly using intuitive methods of encrypting, which is a good reason why we need cryptography. Cryptography protects data from being stolen or altered and is also used for individual authentication.

Physics proposed a solution known as quantum key distribution (QKD) which uses the quantum property of the particle to create and transmit a secure key. This is an interesting solution because a quantum particle state cannot be copied, so it is inherently possible to validate that a transmitted key is secure.

Actual quantum computers are still in early development but the threat to communication security has triggered investigations into alternative methods to distribute encryption keys. As mentioned before one of the methods proposed to address post-quantum security challenges is the Quantum Key Distribution (QKD) because of its theoretical promise to be intrinsic unbreakable and offering an easy method to detect the eavesdropper presence. Unfortunately, implementation flaws and side-channel attacks could open up a vulnerability, and while current commercial QKD systems are designed to have no exploitable implementation flaws and be resistant against known side-channel attacks, it leaves open the question about side-channel attacks which have yet to be discovered.

It is believed that quantum computing will have a huge impact on areas such as logistics, military activities, pharmaceuticals (drug design and discovery), aerospace design, nuclear fusion, financial modeling, polymer design, Artificial Intelligence (AI), cybersecurity, fault detection, Big Data, and capital goods, especially digital manufacturing. According to an analysis by Nature, private investors have funded at least 52 quantum-technology companies. The market for quantum computing is projected to reach $64.98 billion by 2030 from just $507.1 million in 2019, growing at a CAGR of 56.0% during the forecast period (2020–2030). According to a CIR estimate, revenue from quantum computing is pegged at $8 billion by 2027.

How quantum computing will scale, while quantum error correction itself is an implementation challenge, and still needs to be solved. Real quantum cryptoanalysis is most likely ~10 years away. Quantum key exchange has proven fantastic and unbreakable when implemented correctly, but it is limited by the physical infrastructure. There may be a niche application for relatively short distances, but it will not be a general solution. Cisco is tracking all of the solutions in this area and will bring to market a flexible solution that will enable our customers to use whatever PQ secure solution they feel more appropriate for them.